Analyze OLE2 Structured Storage files
Website: https://www.mitec.cz/ssv.html Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File: remnux.tools.ssview​
Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.
Website: https://github.com/nolze/msoffcrypto-tool Author: nolze License: MIT License: https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt State File: remnux.python3-packages.msoffcrypto-tool​
Disassemble VBA p-code
Website: https://github.com/bontchev/pcodedmp Author: Vesselin Bontchev: https://twitter.com/bontchev License: GNU General Public License (GPL) v3: https://github.com/bontchev/pcodedmp/blob/master/LICENSE State File: remnux.python3-packages.pcodedmp​
Decompile VBA macro p-code from Microsoft Office documents
Website: https://github.com/Big5-sec/pcode2code Author: Nicolas Zilio: https://twitter.com/Big5_sec License: GNU General Public License (GPL) v3: https://github.com/Big5-sec/pcode2code/blob/master/LICENSE State File: remnux.python3-packages.pcode2code​
Microsoft Office OLE2 compound documents.
Website: http://www.decalage.info/python/oletools Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/oletools/blob/master/LICENSE.md Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File: remnux.python3-packages.oletools​
Modify aspects of Microsoft Office documents.
Website: https://github.com/outflanknl/EvilClippy
Author: Stan Hegt: https://twitter.com/StanHacked, with contributions from Carrie Roberts: https://twitter.com/OrOneEqualsOne
License: GNU General Public License (GPL) v3.0: https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md
Notes: To remove VBA project password protection from the file, use the evilclippy -uu command.
State File: remnux.packages.evilclippy​
Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.
Website: https://github.com/DissectMalware/XLMMacroDeobfuscator Author: https://twitter.com/DissectMalware License: Apache License 2.0: https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE Notes: xlmdeobfuscator State File: remnux.python3-packages.xlmmacrodeobfuscator​
A VBA parser and emulation engine to analyze malicious macros.
Website: https://www.decalage.info/en/vba_emulation Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/ViperMonkey#license Notes: vmonkey State File: remnux.python-packages.vipermonkey​
Recover the password of an encrypted Microsoft Office document.
Website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.msoffcrypto-crack​
Analyze a suspicious RTF file.
Website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: rtfdump.py State File: remnux.scripts.rtfdump​
Analyze zip-compressed files.
Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump​
Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.
Website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump​
Analyze OLE2 Structured Storage files.
Website: https://blog.didierstevens.com/programs/oledump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: oledump.py State File: remnux.packages.oledump​
Microsoft Office OLE2 compound documents.
Website: https://github.com/libyal/libolecf Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: https://github.com/libyal/libolecf/blob/master/COPYING Notes: olecfexport, olecfinfo, olecfmount, etc. State File: remnux.packages.libolecf​
Encrypt and decrypt OOXML Microsoft Office documents.
Website: https://github.com/herumi/msoffice Author: Cybozu Labs Inc., Mitsunari Shigeo: https://twitter.com/herumi License: Free, custom license: https://github.com/herumi/msoffice/blob/master/COPYRIGHT State File: remnux.packages.msoffice-crypt​
View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir​