Microsoft Office

Analyze Documents

SSView

Analyze OLE2 Structured Storage files.

Website: https://www.mitec.cz/ssv.html Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File: remnux.tools.ssview

msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

Website: https://github.com/nolze/msoffcrypto-tool Author: nolze License: MIT License: https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt State File: remnux.python3-packages.msoffcrypto-tool

pcodedmp

Disassemble VBA p-code.

Website: https://github.com/bontchev/pcodedmp Author: Vesselin Bontchev: https://twitter.com/bontchev License: GNU General Public License (GPL) v3: https://github.com/bontchev/pcodedmp/blob/master/LICENSE State File: remnux.python3-packages.pcodedmp

pcode2code

Decompile VBA macro p-code from Microsoft Office documents.

Website: https://github.com/Big5-sec/pcode2code Author: Nicolas Zilio: https://twitter.com/Big5_sec License: GNU General Public License (GPL) v3: https://github.com/Big5-sec/pcode2code/blob/master/LICENSE State File: remnux.python3-packages.pcode2code

oletools

Microsoft Office OLE2 compound documents.

Website: http://www.decalage.info/python/oletools Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/oletools/blob/master/LICENSE.md Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File: remnux.python3-packages.oletools

EvilClippy

Modify aspects of Microsoft Office documents.

Website: https://github.com/outflanknl/EvilClippy Author: Stan Hegt: https://twitter.com/StanHacked, with contributions from Carrie Roberts: https://twitter.com/OrOneEqualsOne License: GNU General Public License (GPL) v3.0: https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md Notes: To remove VBA project password protection from the file, use the evilclippy -uu command. State File: remnux.packages.evilclippy

XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

Website: https://github.com/DissectMalware/XLMMacroDeobfuscator Author: https://twitter.com/DissectMalware License: Apache License 2.0: https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE Notes: xlmdeobfuscator State File: remnux.python3-packages.xlmmacrodeobfuscator

ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

Website: https://www.decalage.info/en/vba_emulation Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/ViperMonkey#license Notes: Only available on older version of REMnux based on Ubuntu 20.04 (Focal). vmonkey State File: remnux.python3-packages.vipermonkey

msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

Website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.msoffcrypto-crack

rtfdump

Analyze a suspicious RTF file.

Website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: rtfdump.py State File: remnux.scripts.rtfdump

zipdump.py

Analyze zip-compressed files.

Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump

xmldump.py

Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.

Website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump

oledump

Analyze OLE2 Structured Storage files.

Website: https://blog.didierstevens.com/programs/oledump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: oledump.py State File: remnux.packages.oledump

libolecf

Microsoft Office OLE2 compound documents.

Website: https://github.com/libyal/libolecf Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: https://github.com/libyal/libolecf/blob/master/COPYING Notes: olecfexport, olecfinfo, olecfmount, etc. State File: remnux.packages.libolecf

msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

Website: https://github.com/herumi/msoffice Author: Cybozu Labs Inc., Mitsunari Shigeo: https://twitter.com/herumi License: Free, custom license: https://github.com/herumi/msoffice/blob/master/COPYRIGHT State File: remnux.packages.msoffice-crypt

Hachoir

View, edit, and carve contents of various binary file types.

Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir

olefile

Python package to parse, read and write MS OLE2 files.

Website: https://github.com/decalage2/olefile Author: Philippe Lagadec License: All Rights Reserved (https://github.com/decalage2/olefile/blob/master/LICENSE.txt)) State File: remnux.python3-packages.olefile

PreviousPDF NextEmail Messages

Last updated 15 days ago

hashtagSSView

hashtagmsoffcrypto-tool

hashtagpcodedmp

hashtagpcode2code

hashtagoletools

hashtagEvilClippy

hashtagXLMMacroDeobfuscator

hashtagViperMonkey

hashtagmsoffcrypto-crack.py

hashtagrtfdump

hashtagzipdump.py

hashtagxmldump.py

hashtagoledump

hashtaglibolecf

hashtagmsoffice-crypt

hashtagHachoir

hashtagolefile