Comments (23)
(@decalage2 many thanks for all your hard work with oletools by the way!)
from cape.
maybe just to prevent when something is changed in oletools internals and to not break the rest, but apart of that no
from cape.
BTW I just noticed oletools is listed in requirements.txt, so it may also be installed outside of CAPE, ending up with two versions. I guess the copy could be removed from the lib directory, as long as import statements in CAPE point to the version installed by pip.
A specific version of oletools can be fixed in requirements.txt, to avoid breaking changes.
from cape.
yes i added that as i have added vba2graph and now it accepts a file with macros so it can generate graph and it uses oletools, but yes make sense to update
from cape.
PR is done for that, if @kevoreilly is fine with that after merge there is only need to remove unused files,
- msgextract can be handled by sflock
- remove pyparsing.py
- DridexURLDecoder - is kinda for historical data only as that is useless nowdays
the vbadeobf is done already in oletools as iocs
so if we cleanup that folder we can move vba2graph to common and wipe office folder
from cape.
All sounds good to me, merged PR.
from cape.
ok fully moved everything to oletools and iocs extract in my last PR
from cape.
I'm having some issues which I think might be related...
officeresults["Metadata"] = meta.get_meta()
AttributeError: OleMetadata instance has no attribute 'get_meta'
This is on line 1108 of static.py. olefile is installed at version 0.44 (won't update).
from cape.
The get_meta() function is no longer present in olefile from 0.44, I will try and update static.py accordingly,
from cape.
ok its here, fixing it :) https://github.com/decalage2/oletools/blob/master/oletools/olemeta.py#L87
from cape.
I thought I commented with a warning about the get_meta function last night. Apparently my phone didn't send. I have that commit in my fork I will do a PR.
from cape.
the fix is
replace
officeresults["Metadata"] = meta.get_meta()
with
meta.SUMMARY_ATTRIBS
just tested in local
from cape.
I think the meta.SUMMARY_ATTRIBS is the more concise, assuming they both perform the same?
from cape.
meta.SUMMARY_ATTRIBS
is just the dict as before it was, they just removed an extra subcall
from cape.
meta.SUMMARY_ATTRIBS
['codepage', 'title', 'subject', 'author', 'keywords', 'comments', 'template', 'last_saved_by', 'revision_number', 'total_edit_time', 'last_printed', 'create_time', 'last_saved_time', 'num_pages', 'num_words', 'num_chars', 'thumbnail', 'creating_application', 'security']
```
from cape.
yes is the same, at least looks like
from cape.
Ok I merged that one. I have found a problem in quarantine.py:
import lib.cuckoo.common.office.olefile as olefile
Is import olefile enough or is import oletools.thirdparty.olefile as olefile better?
from cape.
oletools.thirdparty.olefile
from cape.
im checking this one
as the @enzok restore that structure, but maybe it just also requires a cleanup, will bring update in few mins
from cape.
I forgot at some point I added support to handle Office metadata from newer XML .doc files. The SummaryInfo doesn't match up 1 for 1 from the OLE docs. @doomedraven has the better fix.
from cape.
basically we need this
# attribute names for SummaryInformation stream properties:
# (ordered by property id, starting at 1)
SUMMARY_ATTRIBS = ['codepage', 'title', 'subject', 'author', 'keywords', 'comments',
'template', 'last_saved_by', 'revision_number', 'total_edit_time',
'last_printed', 'create_time', 'last_saved_time', 'num_pages',
'num_words', 'num_chars', 'thumbnail', 'creating_application',
'security']
# attribute names for DocumentSummaryInformation stream properties:
# (ordered by property id, starting at 1)
DOCSUM_ATTRIBS = ['codepage_doc', 'category', 'presentation_target', 'bytes', 'lines', 'paragraphs',
'slides', 'notes', 'hidden_slides', 'mm_clips',
'scale_crop', 'heading_pairs', 'titles_of_parts', 'manager',
'company', 'links_dirty', 'chars_with_spaces', 'unused', 'shared_doc',
'link_base', 'hlinks', 'hlinks_changed', 'version', 'dig_sig',
'content_type', 'content_status', 'language', 'doc_version']
im checking if something else, and we need to make sure it's forced to printable
from cape.
I am going to remove the copy of olefile from oletools.thirdparty quite soon (olefile will be a dependency of oletools, that needs to be installed on its own), so I would advise to add olefile to your requirements.txt, and to use import olefile
instead of import oletools.thirdparty.olefile as olefile
.
from cape.
ok, thanks i will fix imports and update reqs.txt
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Injection vs Extraction HOT 4
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.