Olebrowse – GUI to Browse OLE Files

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.

There was several cases where attackers used Microsoft OLE (Object Linking and Embedding) as a replacement for malicious macros in MS documents. OLE allows attacker to embed various content in documents and other objects including Flash, images, or something else. This is beside that there is no way to prevent attackers from using OLE to inject malicious VBScript or JavaScript code into documents.

Olebrowse - GUI to Browse OLE Files
Olebrowse – GUI to Browse OLE Files

olebrowse requires Tkinter. On Windows and MacOSX, it should be installed with Python, and the tool should work out of the box.

However, on Linux it might be necessary to install the tkinter package for Python separately. For example, on Ubuntu this is done with the following command:

sudo apt-get install python-tk

And for Python 3:

sudo apt-get install python3-tk

If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis.

You can read more and download this tool over here: https://github.com/decalage2/oletools/wiki/olebrowse

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments