OLE
A set of OLE parsers and tools to deal with OLE files.
Requirements
- Rust 1.56+ (edition: 2021)
Tools
- OleId : A tool to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware).
- OleObj : A tool to parse OLE objects and files stored into various MS Office file formats (doc, xls, ppt, docx, xlsx, pptx, etc).
- Ole-Common : A crate that reads and parses OLE files.
1. OleId
This is a tool to analyze MS Office documents(eg. Word, Excel) to detect specific characteristics common in malicious files.
CLI Usage
oleid [options] <filename>
Options
--file: The filepath to the file to process.
Library Usage
use oleid::oleid::OleId;
pub fn main() {
let mut oleid = OleId::new(file_path);
let indicators = oleid.check();
println!("{:#?}", indicators);
}2.OleObj
This is a tool to parse OLE objects and files stored into various MS Office file formats (doc, xls, ppt, docx, xlsx, pptx, etc).
Usage
oleobj [options] <filename>
Options
--file: The filepath to the file to process.
3. Ole-Common
Example Usage
- add dependency (default feature is to use async)
[dependencies]
ole-common = { git = "https://github.com/marirs/ole-rs.git", branch = "master" }- example code
use ole::OleFile;
fn main() {
let file = "data/oledoc1.doc_";
let res = OleFile::from_file(file).await.expect("file not found");
println!("{:#?}", &res);
println!("entries: {:#?}", res.list_streams());
}- dependency with blocking
[dependencies]
ole-common = { git = "https://github.com/marirs/ole-rs.git", branch = "master", default-features = false, features = ["blocking"] }- example code
use ole::OleFile;
fn main() {
let file = "data/oledoc1.doc_";
let res = OleFile::from_file_blocking(file).expect("file not found");
println!("{:#?}", &res);
println!("entries: {:#?}", res.list_streams());
}- Running the Example Code
cargo r --example ole_cli --features="blocking" data/oledoc1.doc_License: MIT or Apache