A set of OLE parsers and tools to deal with OLE files.
- Rust 1.56+ (edition: 2021)
- OleId : A tool to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware).
- OleObj : A tool to parse OLE objects and files stored into various MS Office file formats (doc, xls, ppt, docx, xlsx, pptx, etc).
- Ole-Common : A crate that reads and parses OLE files.
This is a tool to analyze MS Office documents(eg. Word, Excel) to detect specific characteristics common in malicious files.
oleid [options] <filename>
Options
--file: The filepath to the file to process.
use oleid::oleid::OleId;
pub fn main() {
let mut oleid = OleId::new(file_path);
let indicators = oleid.check();
println!("{:#?}", indicators);
}
This is a tool to parse OLE objects and files stored into various MS Office file formats (doc, xls, ppt, docx, xlsx, pptx, etc).
oleobj [options] <filename>
Options
--file: The filepath to the file to process.
- add dependency (default feature is to use async)
[dependencies]
ole-common = { git = "https://github.com/marirs/ole-rs.git", branch = "master" }
- example code
use ole::OleFile;
fn main() {
let file = "data/oledoc1.doc_";
let res = OleFile::from_file(file).await.expect("file not found");
println!("{:#?}", &res);
println!("entries: {:#?}", res.list_streams());
}
- dependency with blocking
[dependencies]
ole-common = { git = "https://github.com/marirs/ole-rs.git", branch = "master", default-features = false, features = ["blocking"] }
- example code
use ole::OleFile;
fn main() {
let file = "data/oledoc1.doc_";
let res = OleFile::from_file_blocking(file).expect("file not found");
println!("{:#?}", &res);
println!("entries: {:#?}", res.list_streams());
}
- Running the Example Code
cargo r --example ole_cli --features="blocking" data/oledoc1.doc_
License: MIT or Apache