Here is a collection of short articles I have written about how to do many useful things in Python.
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on my olefile parser.
If you want to test or use ExeFilter on Windows but you cannot or you do not want to install a Python interpreter, Portable ExeFilter is a simple solution. You just need to unzip it in any folder on a hard drive or a USB stick and it should run anywhere.
olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF v1 XML format (RFC 5070).
Here is the list of open-source Python projects that I am maintaining or contributing to.
This article presents several tools that can be used to extract VBA Macros source code from MS Office Documents, for malware analysis and forensics. It also provides an overview of how VBA Macros are stored.
mraptor is a simple tool designed to detect malicious VBA macros in MS Office files, based on characteristics of the VBA code. This article explains how it works, and how it can be used in practice.
olevba is a script to parse OLE and OpenXML files such as MS Office documents (e.g. Word, Excel), to detect VBA Macros, extract their source code in clear text, decode malware obfuscation (Hex/Base64/StrReverse/Dridex) and detect security-related patterns such as auto-executable macros, suspicious VBA keywords used by malware, and potential IOCs (IP addresses, URLs, executable filenames, etc). It is part of the python-oletools package.
oletimes is a script to parse OLE files such as MS Office documents (e.g. Word, Excel), to extract creation and modification times of all streams and storages in the OLE file. It is part of the python-oletools package.