Linux command
oleid 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Analyze an Office document
oleid [document.doc]
Analyze multiple files
oleid [file1.docx] [file2.xlsx]
Output results as JSON
oleid -j [document.xlsm]
Analyze a password-protected ZIP archive
oleid -z [infected] [document.zip]
说明
oleid analyzes Microsoft Office documents (OLE and OpenXML formats) to detect potential security issues. It identifies VBA macros, encrypted content, external links, embedded objects, and other indicators commonly found in malicious documents. Part of the oletools suite, oleid provides quick triage for suspicious documents. It checks for indicators such as OLE format validity, application name, encryption, VBA macros, auto-executable macros, embedded Flash objects, and ObjectPool streams.
参数
- -j, --json
- Output results in JSON format.
- -v, --verbose
- Verbose output with additional details.
- -z _PASSWORD_
- Password for opening ZIP-encrypted files.
- -l _LEVEL_
- Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL).
- -h, --help
- Display help message.
FAQ
What is the oleid command used for?
oleid analyzes Microsoft Office documents (OLE and OpenXML formats) to detect potential security issues. It identifies VBA macros, encrypted content, external links, embedded objects, and other indicators commonly found in malicious documents. Part of the oletools suite, oleid provides quick triage for suspicious documents. It checks for indicators such as OLE format validity, application name, encryption, VBA macros, auto-executable macros, embedded Flash objects, and ObjectPool streams.
How do I run a basic oleid example?
Run `oleid [document.doc]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -j, --json do in oleid?
Output results in JSON format.