# Microsoft Office

## SSView

Analyze OLE2 Structured Storage files.

**Website**: <https://www.mitec.cz/ssv.html>\
**Author**: Michal Mutl\
**License**: Free to use for private, educational and non-commercial purposes.\
**Notes**: ssview\
**State File**: [remnux.tools.ssview](https://github.com/REMnux/salt-states/blob/master/remnux/tools/ssview.sls)

## msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

**Website**: <https://github.com/nolze/msoffcrypto-tool>\
**Author**: nolze\
**License**: MIT License: <https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt>\
**State File**: [remnux.python3-packages.msoffcrypto-tool](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/msoffcrypto-tool.sls)

## pcodedmp

Disassemble VBA p-code.

**Website**: <https://github.com/bontchev/pcodedmp>\
**Author**: Vesselin Bontchev: <https://x.com/bontchev>\
**License**: GNU General Public License (GPL) v3: <https://github.com/bontchev/pcodedmp/blob/master/LICENSE>\
**State File**: [remnux.python3-packages.pcodedmp](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/pcodedmp.sls)

## pcode2code

Decompile VBA macro p-code from Microsoft Office documents.

**Website**: <https://github.com/Big5-sec/pcode2code>\
**Author**: Nicolas Zilio: <https://x.com/Big5_sec>\
**License**: GNU General Public License (GPL) v3: <https://github.com/Big5-sec/pcode2code/blob/master/LICENSE>\
**State File**: [remnux.python3-packages.pcode2code](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/pcode2code.sls)

## oletools

Microsoft Office OLE2 compound documents.

**Website**: <https://www.decalage.info/python/oletools>\
**Author**: Philippe Lagadec: <https://x.com/decalage2>\
**License**: Free, custom license: <https://github.com/decalage2/oletools/blob/master/LICENSE.md>\
**Notes**: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer\
**State File**: [remnux.python3-packages.oletools](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/oletools.sls)

## EvilClippy

Modify aspects of Microsoft Office documents.

**Website**: <https://github.com/outflanknl/EvilClippy>\
**Author**: Stan Hegt: <https://x.com/StanHacked>, with contributions from Carrie Roberts: <https://x.com/OrOneEqualsOne>\
**License**: GNU General Public License (GPL) v3.0: <https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md>\
**Notes**: To remove VBA project password protection from the file, use the `evilclippy -uu` command.\
**State File**: [remnux.packages.evilclippy](https://github.com/REMnux/salt-states/blob/master/remnux/packages/evilclippy.sls)

## XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

**Website**: <https://github.com/DissectMalware/XLMMacroDeobfuscator>\
**Author**: <https://x.com/DissectMalware>\
**License**: Apache License 2.0: <https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE>\
**Notes**: xlmdeobfuscator, runxlrd2.py\
**State File**: [remnux.python3-packages.xlmmacrodeobfuscator](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/xlmmacrodeobfuscator.sls)

## libolecf

Microsoft Office OLE2 compound documents.

**Website**: <https://github.com/libyal/libolecf>\
**Author**: Joachim Metz\
**License**: GNU Lesser General Public License (LGPL) v3+: <https://github.com/libyal/libolecf/blob/master/COPYING>\
**Notes**: olecfexport, olecfinfo, olecfmount, etc.\
**State File**: [remnux.packages.libolecf](https://github.com/REMnux/salt-states/blob/master/remnux/packages/libolecf.sls)

## msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

**Website**: <https://github.com/herumi/msoffice>\
**Author**: Cybozu Labs Inc., Mitsunari Shigeo: <https://x.com/herumi>\
**License**: Free, custom license: <https://github.com/herumi/msoffice/blob/master/COPYRIGHT>\
**State File**: [remnux.packages.msoffice-crypt](https://github.com/REMnux/salt-states/blob/master/remnux/packages/msoffice-crypt.sls)

## Hachoir

View, edit, and carve contents of various binary file types.

**Website**: <https://github.com/vstinner/hachoir>\
**Author**: <https://hachoir.readthedocs.io/en/latest/authors.html>\
**License**: GNU General Public License (GPL) v2: <https://github.com/vstinner/hachoir/blob/master/COPYING>\
**Notes**: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx\
**State File**: [remnux.python3-packages.hachoir](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/hachoir.sls)

## olefile

Python package to parse, read and write MS OLE2 files.

**Website**: <https://github.com/decalage2/olefile>\
**Author**: Philippe Lagadec\
**License**: All Rights Reserved: <https://github.com/decalage2/olefile/blob/master/LICENSE.txt>\
**State File**: [remnux.python3-packages.olefile](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/olefile.sls)

## msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

**Website**: <https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## oledump.py

Analyze OLE2 Structured Storage files.

**Website**: <https://blog.didierstevens.com/programs/oledump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## rtfdump.py

Analyze a suspicious RTF file.

**Website**: <https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## zipdump.py

Analyze zip-compressed files.

**Website**: <https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## xmldump.py

Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.

**Website**: <https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)

## onedump.py

Extract and analyze embedded files from OneNote documents.

**Website**: <https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/>\
**Author**: Didier Stevens: <https://x.com/DidierStevens>\
**License**: Public Domain\
**State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.