This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords:
This new version of oledump.py brings a new plugin (plugin_metadata) and Python 3 fixes for 2 plugins (plugin_msi and plugin_ppt).
The new plugin is actually an old unpublished plugin, that I updated recently.
This plugin parses Office document metadata as defined in document [MS-OLEPS].
I started to write this in 2015 to parse the metadata of Word documents, but soon I figured out that this functionality was already present in olefile, and I introduced option -M to call this functionality.
But recently, I had to parse metadata that isn’t (yet) parsed by olefile, so I updated and released plugin_metadata.
oledump_V0_0_65.zip (http)This is a Python3 stdin fix for re-search.py, my tool to search with regular expressions.
re-search_V0_0_19.zip (http)Here is a new tool I’m releasing as beta: pngdump.py.
It’s a tool to analyze PNG files. Unlike jpegdump, you can not yet select items for further analysis.
This new version of 1768.py brings option -H to include file hashes, introduces shellcode type detection and has updated statistics.
This new version of cut-bytes.py adds access to the read data for Python expressions in prefix and suffix options.
cut-bytes_V0_0_14.zip (http)A couple of my tools can produce JSON output, using my own format (myjson).
This output can then be piped into another tool, like strings.py or file-magic.py.
I’m now releasing a tool that can be put into a command pipe to filter the JSON data: myjson-filter.py
For example, here I use myjson-filter.py to remove all items that are XML files (based on the content: starting with <?xml) before strings are extracted with strings.py:
More info in this ISC diary entry I wrote: “Method For String Extraction Filtering“.
This new version of oledump brings option -u. This option is used to look for data past the end of the streams.
oledump_V0_0_64.zip (http)I included a new Cobalt Strike 4.5 private key in this released, shared with me by a user.
Further, ZIP files with AES encryption are supported. And a few other bug fixes
1768_v0_0_12b.zip (https)
Didier Stevens 