Skip to content

filescanio/msiparse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
assets
assets
 
 
gui
gui
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
build.py
build.py
 
 

Repository files navigation

📦 msiparse: The universal MSI inspector

Project Logo

CLI Build Status GUI Build Status License: MIT Rust Python

🚀 Overview

msiparse is a universal command-line interface (CLI) tool designed to parse and inspect MSI files.

Unlike any other alternatives, this tool features:

  • Cross-Platform Compatibility: Runs seamlessly on Windows, Linux, and macOS, unlike ANY other alternatives.
  • Comprehensive Extraction: Capable of Listing and extracting both installed files and embedded tables.
  • Advanced Malware Analysis: By inspecting the tables and embedded files you can potentially detect malicious CustomAction entries, uncovering even LOLBIN-based threats that might not be part of the installer itself.
  • Automation-Ready: Outputs JSON for easy integration, and communication - eliminating the need to parse complex ASCII art.

🚀 Alternatives

Several alternative tools exist, but they come with notable limitations regarding operating system compatibility or features. Most alternatives are designed specifically for Windows, which can restrict their usage across multiple platforms. Below is a list of some popular alternatives, along with their OS dependencies:

  • 7z - 🖥️ 🐧 Cross platform, file extraction works great, but no tables/metadata extraction
  • Orca - 🖥️ Windows only
  • msitools - 🐧 Primarily Linux, may be built on windows, but non-trivial to do so
  • lessmsi - 🖥️ Windows only
  • MsiQuery - 🖥️ Windows only
  • msidump - 🖥️ Windows only
  • jsMSIx - 🖥️ Windows only
  • MsiAnalyzer - ❌ Should be cross-platform - interesting, but abandoned.
  • msi-utils - ❌ Wrapper around other single-platform tools

📂 Usage & Features

Parse and inspect MSI files

Usage: msiparse [OPTIONS] <COMMAND>

Commands:
  list_metadata        List all the metadata the file has
  list_streams         List all the embedded streams, which can be extracted from the binary
  list_tables          List all the tables and its contents embedded into the msi binary
  extract_all          Extract all the embedded binaries
  extract              Extract a single embedded binary
  extract_certificate  Extract a certificate if it exists in the MSI
  help                 Print this message or the help of the given subcommand(s)

Options:
  -p, --pretty   Pretty-print JSON output
  -h, --help     Print help
  -V, --version  Print version

🛠 Build

Building is as simple as just issuing:

git clone https://github.com/filescanio/msiparse
cd msiparse
cargo build --release

📃 License

This project is licensed under the MIT License - see the LICENSE

📫 Contact

For any questions or feedback, feel free to open an issue or a PR.

🙏 Acknowledgements

This project wouldn't have been possible without the incredible work of the MSI library by Matthew D. Steele. Huge thanks for providing a solid foundation for this tool!



Made with 🐍, 🦀 and ❤️

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

Second release: GUI Latest
Apr 10, 2025
+ 1 release

Packages

 
 
 

Contributors

Languages