# Microsoft Office

## SSView

Analyze OLE2 Structured Storage files.

**Website**: <https://www.mitec.cz/ssv.html>\
**Author**: Michal Mutl\
**License**: Free to use for private, educational and non-commercial purposes.\
**Notes**: ssview\
**State File**: [remnux.tools.ssview](https://github.com/REMnux/salt-states/blob/master/remnux/tools/ssview.sls)

## msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

**Website**: <https://github.com/nolze/msoffcrypto-tool>\
**Author**: nolze\
**License**: MIT License: <https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt>\
**State File**: [remnux.python3-packages.msoffcrypto-tool](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/msoffcrypto-tool.sls)

## pcodedmp

Disassemble VBA p-code.

**Website**: <https://github.com/bontchev/pcodedmp>\
**Author**: Vesselin Bontchev: <https://x.com/bontchev>\
**License**: GNU General Public License (GPL) v3: <https://github.com/bontchev/pcodedmp/blob/master/LICENSE>\
**State File**: [remnux.python3-packages.pcodedmp](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/pcodedmp.sls)

## pcode2code

Decompile VBA macro p-code from Microsoft Office documents.

**Website**: <https://github.com/Big5-sec/pcode2code>\
**Author**: Nicolas Zilio: <https://x.com/Big5_sec>\
**License**: GNU General Public License (GPL) v3: <https://github.com/Big5-sec/pcode2code/blob/master/LICENSE>\
**State File**: [remnux.python3-packages.pcode2code](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/pcode2code.sls)

## oletools

Microsoft Office OLE2 compound documents.

**Website**: <https://www.decalage.info/python/oletools>\
**Author**: Philippe Lagadec: <https://x.com/decalage2>\
**License**: Free, custom license: <https://github.com/decalage2/oletools/blob/master/LICENSE.md>\
**Notes**: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer\
**State File**: [remnux.python3-packages.oletools](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/oletools.sls)

## EvilClippy

Modify aspects of Microsoft Office documents.

**Website**: <https://github.com/outflanknl/EvilClippy>\
**Author**: Stan Hegt: <https://x.com/StanHacked>, with contributions from Carrie Roberts: <https://x.com/OrOneEqualsOne>\
**License**: GNU General Public License (GPL) v3.0: <https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md>\
**Notes**: To remove VBA project password protection from the file, use the `evilclippy -uu` command.\
**State File**: [remnux.packages.evilclippy](https://github.com/REMnux/salt-states/blob/master/remnux/packages/evilclippy.sls)

## XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

**Website**: <https://github.com/DissectMalware/XLMMacroDeobfuscator>\
**Author**: <https://x.com/DissectMalware>\
**License**: Apache License 2.0: <https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE>\
**Notes**: xlmdeobfuscator, runxlrd2.py\
**State File**: [remnux.python3-packages.xlmmacrodeobfuscator](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/xlmmacrodeobfuscator.sls)

## libolecf

Microsoft Office OLE2 compound documents.

**Website**: <https://github.com/libyal/libolecf>\
**Author**: Joachim Metz\
**License**: GNU Lesser General Public License (LGPL) v3+: <https://github.com/libyal/libolecf/blob/master/COPYING>\
**Notes**: olecfexport, olecfinfo, olecfmount, etc.\
**State File**: [remnux.packages.libolecf](https://github.com/REMnux/salt-states/blob/master/remnux/packages/libolecf.sls)

## msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

**Website**: <https://github.com/herumi/msoffice>\
**Author**: Cybozu Labs Inc., Mitsunari Shigeo: <https://x.com/herumi>\
**License**: Free, custom license: <https://github.com/herumi/msoffice/blob/master/COPYRIGHT>\
**State File**: [remnux.packages.msoffice-crypt](https://github.com/REMnux/salt-states/blob/master/remnux/packages/msoffice-crypt.sls)

## Hachoir

View, edit, and carve contents of various binary file types.

**Website**: <https://github.com/vstinner/hachoir>\
**Author**: <https://hachoir.readthedocs.io/en/latest/authors.html>\
**License**: GNU General Public License (GPL) v2: <https://github.com/vstinner/hachoir/blob/master/COPYING>\
**Notes**: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx\
**State File**: [remnux.python3-packages.hachoir](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/hachoir.sls)

## olefile

Python package to parse, read and write MS OLE2 files.

**Website**: <https://github.com/decalage2/olefile>\
**Author**: Philippe Lagadec\
**License**: All Rights Reserved: <https://github.com/decalage2/olefile/blob/master/LICENSE.txt>\
**State File**: [remnux.python3-packages.olefile](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/olefile.sls)

## msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

**Website**: <https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## oledump.py

Analyze OLE2 Structured Storage files.

**Website**: <https://blog.didierstevens.com/programs/oledump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## rtfdump.py

Analyze a suspicious RTF file.

**Website**: <https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## zipdump.py

Analyze zip-compressed files.

**Website**: <https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## xmldump.py

Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.

**Website**: <https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## onedump.py

Extract and analyze embedded files from OneNote documents.

**Website**: <https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)