Oletools Versions Save

• New tool msodde to detect and extract DDE links from MS Office files, RTF and CSV;
• Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files;
• Performance improvements in olevba and rtfobj;
• VBA form parsing in olevba;
• Office 2007+ support in oleobj.

• added the oletools cheatsheet
• improved rtfobj to handle malformed RTF files, detect vulnerability CVE-2017-0199
• olevba: improved deobfuscation and Mac files support
• mraptor: added more ActiveX macro triggers
• added DocVarDump.vba to dump document variables using Word
• olemap: can now detect and extract extra data at end of file, improved display
• oledir, olemeta, oletimes: added support for zip files and wildcards
• many bugfixes in all the tools
• improved Python 2+3 support

• all oletools now support python 2 and 3.
• olevba: several bugfixes and improvements.
• mraptor: improved detection, added mraptor_milter for Sendmail/Postfix integration.
• rtfobj: brand new RTF parser, obfuscation-aware, improved display, detect executable files in OLE Package objects.
• setup: now creates handy command-line scripts to run oletools from any directory.

• olevba: added PPT97 macros support, improved handling of malformed/incomplete documents, improved error handling and JSON output, now returns an exit code based on analysis results, new --relaxed option.
• rtfobj: improved parsing to handle obfuscated RTF documents, added -d option to set output dir.
• moved repository and documentation to GitHub.

olevba does not deobfuscate VBA expressions by default (much faster), new option --deobf to enable it. Fixed color display bug on Windows for several tools. oletools-0.46.tar.gz oletools-0.46.zip