This is your work, valued

Philippe Lagadec

Elite
@decalage2

awesome-security-hardening. A collection of awesome security hardening guides, tools and other resources

6.4k

oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

3.4k

ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

1.1k

olefile. olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.

268

balbuzard. Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

141

exefilter. ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats and can remove active content (scripts, macros, etc) according to a configurable policy.

73

oledump-contrib. The oledump-contrib repository contains plugins and enhancements for the oledump tool published by Didier Stevens.

58

awesome-security. A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

13

pyhtgen. pyhtgen (formerly HTML.py) provides a few classes to easily generate HTML content such as tables and lists.

12

oletools_dll. A DLL to run some oletools functions from any language

10

collisions. Hash collisions and their exploitations

9

python-crash-course. This is a Python course I have written to quickly teach Python to my colleagues and students, made of slides and samples for hands-on exercises. It takes around four to five hours to present all the slides and to run the hands-on exercises. The original course was based on my mini Python tutorial. (http://www.decalage.info/python/tutorial)

8

iodeflib. iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070).

8

officeparser. Extract embedded files and macros from office documents.

7

pywordform. pywordform is a python module to parse Microsoft Word forms in docx format, extractings all field values with their tags into a dictionary. For more information: http://www.decalage.info/python/pywordform

7

compoundfiles. A reader for OLE Compound Document Files (like OleFileIO, but better)

6

pcodedmp. A VBA p-code disassembler

5

Ciphey. Automated decryption tool

4

colorclass. Colorful worry-free console applications for Linux, Mac OS X, and Windows.

4

log4shell. Operational information regarding the vulnerability in the Log4j logging library.

3

pyxmldsig. pyxmldsig is a Python module to create and verify XML Digital Signatures (XML-DSig). This is a simple interface to the PyXMLSec library, aiming to provide a more pythonic API suitable for Python applications. See http://www.decalage.info/python/pyxmldsig

3

detect_CVE-2026-21509. YARA rule and python script to detect potential exploits for the CVE-2026-21509 vulnerability in MS Office

3

cherryproxy. CherryProxy is a simple HTTP proxy written in Python 2.x, based on the CherryPy WSGI server and httplib, extensible for content analysis and filtering.

2