From Collaborative RCE Tool Library
Data Search and Extraction Tools
| Tool name: | OfficeMalScanner |
| ||
|---|---|---|---|---|
| Author: | Frank Boldewin | |||
| Website: | http://www.reconstructer.org | |||
| Current version: | v0.51 | |||
| Last updated: | February 5, 2010 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | OfficeMalScanner v0.51 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. Found files are being extracted to disk. It supports disassembly and hexview as well as an easy brute force mode to detect encrypted files. Next to this, an office file is being scanned for VB-macro code and if found, it will be extracted for further analysis. The "inflate" feature extracts Ms Office 2007 documents into a directory and marks potentially malicious files. Also included in this package is a tool called MalHost-Setup, some kind of MS Office runtime emulation environment to debug shellcode in malicious documents in realtime. | |||
| Also listed in: | Code Ripping Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PDF Stream Dumper |
| ||
|---|---|---|---|---|
| Author: | dzzie | |||
| Website: | http://sandsprite.com/blogs/index.php?uid=7 | |||
| Current version: | 0.9.170 | |||
| Last updated: | July 21, 2010 | |||
| Direct D/L link: | http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe | |||
| License type: | unknown | |||
| Description: | Full feature list supported filters: FlateDecode, RunLengthDecode, ASCIIHEXDecode, ASCII85Decode, LZWDecode Integrated shellcode tools: sclog gui (Shellcode Analysis tool I wrote at iDefense) scTest gui libemu based Shellcode analysis tool Shellcode_2_Exe functionality Export unescaped bytes to file supports filter chaining (ie multiple filters applied to same stream) supports unescaping encoded pdf headers scriptable interface to process multiple files and generate reports view all pdf objects view deflated streams view stream details such as file offsets, header, etc save raw and deflated data search streams for strings scan for functions which contain pdf exploits (dumb scan) format javascript using js beautifier (see credits in readme) view streams as hex dumps zlib compress/decompress arbitrary files replace/update pdf streams with your own data basic javascript interface so you can run parts of embedded scripts PdfDecryptor w/source - uses iTextSharp and requires .Net Framework 2.0 Basic Javascript de-obsfuscator can hide: header only streams, duplicate streams, selected streams js ui also has access to a toolbox class to simplify fragmented strings read/write files do hexdumps do unicode safe unescapes disassembler engine replicate some common Adobe API (new) Current Automation scripts include: csv_stats.vbs - Builds csv file with results from lower status bar for all files in a directory pdfbox_extract.vbs - use pdfbox to extract all images and text from current file string_scan.vbs - scan all decompressed streams in all files in a directory for a string you enter unsupported_filters.vbs - scan a directory and build list of all pdfs which have unsupported filters filter_chains.vbs - recursivly scans parent dir for pdfs that use multiple encoding filters on a stream. obsfuscated_headers.vbs - recursivly scans parent dir for pdfs that have obsfuscated object headers pdfbox_extract_text_page_by_page.vbs - uses pdfbox to extract page data into individual files Current Plugins include: Build_DB.dll - Search and sort data inside multiple samples, move and organize files obj_browser.dll - view layout and data inside pdf in text form | |||
| Also listed in: | Malware Analysis Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PowerGREP |
| ||
|---|---|---|---|---|
| Author: | Just Great Software Co. | |||
| Website: | http://www.powergrep.com | |||
| Current version: | 3.5.2 | |||
| Last updated: | March 11, 2009 | |||
| Direct D/L link: | N/A | |||
| License type: | Shareware | |||
| Description: | PowerGREP is a very powerful Windows grep tool. Quickly search through large numbers of files on your PC or network, including text and binary files, compressed archives, MS Word documents, Excel spreadsheets and PDF files, etc. Find the information you want with powerful text patterns (regular expressions) specifying the form of what you want, instead of literal text. Search and replace with one or many regular expressions to comprehensively maintain web sites, source code, reports, etc. Extract statistics and knowledge from logs files and large data sets. | |||
| Also listed in: | Regular Expression Tools, Source Code Search Tools, String Finders | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
