rtfdump.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Examine and dump contents of RTF files
Helpful Options:
 -s         select item
 -d         perform dump
 -x         perform hex dump
 -a         perform ascii dump
 -f FILTER  filter
 -E         extract package info
 -i         print extra info for selected item
 -H         decode hexadecimal
 -c         cut data, specify start and end

oledump.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Explore Microsoft Office file contents and identify and dump streams with macros
Helpful Options:
  -d          perform raw dump
  -x          perform hex dump
  -a          perform ascii dump (default)
  -s          select stream
  -S          perform strings dump
  -v          decompress VBA
  -r          read raw file (use with options -v or -p)
  -e          extract OLE embedded file
  -p PLUGINS  plugins to load 
  -M          display meta data

Pluggins:
 plugin_http_heuristics

olevba.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Parse Microsoft Office files and extract macros
Helpful Options:
 -a        only analysis, no macro code
 -c        only macro code, no analysis
 --decode  display obfuscated strings and decode
 --reveal  replace obfuscated strings in macro code
           with decoded strings

qpdf

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Convert encrypted, password protected PDF or PDF streams to unencrypted
Helpful Options:
 --password=password   specify password
 --decrypt             remove decryption
 --is-encrypted        check if PDF is encrypted
 --requires-password   check if PDF is password protected

peepdf.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Get stats for a PDF and identify high risk keywords and dictionary entries, as well as examine structure of PDF and look at its contents
Helpful Options:
 -i  interactive console mode
 -l  loose parsing

Documented commands (type help <topic>):
========================================
bytes
changelog
create
decode
decrypt
embed
encode
encode_strings
encrypt
errors
exit
filters
hash
help
info
js_analyse
js_beautify
js_code
js_eval
js_jjdecode
js_join
js_unescape
js_vars
log
malformed_output
metadata
modify
object
offsets
open
quite
rawobject
rawstream
references
replace
reset
save
save_version
sctest
search
set
show
stream
tree
vtcheck
xor
xor_search