📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • SSView
  • msoffcrypto-tool
  • pcodedmp
  • pcode2code
  • oletools
  • EvilClippy
  • XLMMacroDeobfuscator
  • ViperMonkey
  • msoffcrypto-crack.py
  • rtfdump
  • zipdump.py
  • xmldump.py
  • oledump
  • libolecf
  • msoffice-crypt
  • Hachoir
  1. Discover the Tools
  2. Analyze Documents

Microsoft Office

Analyze Documents

PreviousPDFNextEmail Messages

Last updated 3 years ago

SSView

Analyze OLE2 Structured Storage files

Website: Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File:

msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

Website: Author: nolze License: MIT License: State File:

pcodedmp

Disassemble VBA p-code

Website: Author: Vesselin Bontchev: License: GNU General Public License (GPL) v3: State File:

pcode2code

Decompile VBA macro p-code from Microsoft Office documents

Website: Author: Nicolas Zilio: License: GNU General Public License (GPL) v3: State File:

oletools

Microsoft Office OLE2 compound documents.

EvilClippy

Modify aspects of Microsoft Office documents.

XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

rtfdump

Analyze a suspicious RTF file.

zipdump.py

Analyze zip-compressed files.

xmldump.py

Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.

oledump

Analyze OLE2 Structured Storage files.

libolecf

Microsoft Office OLE2 compound documents.

msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

Hachoir

View, edit, and carve contents of various binary file types.

Website: Author: Philippe Lagadec: License: Free, custom license: Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File:

Website: Author: Stan Hegt: , with contributions from Carrie Roberts: License: GNU General Public License (GPL) v3.0: Notes: To remove VBA project password protection from the file, use the evilclippy -uu command. State File:

Website: Author: License: Apache License 2.0: Notes: xlmdeobfuscator State File:

Website: Author: Philippe Lagadec: License: Free, custom license: Notes: vmonkey State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Didier Stevens: License: Public Domain Notes: rtfdump.py State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Didier Stevens: License: Public Domain Notes: oledump.py State File:

Website: Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: Notes: olecfexport, olecfinfo, olecfmount, etc. State File:

Website: Author: Cybozu Labs Inc., Mitsunari Shigeo: License: Free, custom license: State File:

Website: Author: License: GNU General Public License (GPL) v2: Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File:

https://www.mitec.cz/ssv.html
remnux.tools.ssview
https://github.com/nolze/msoffcrypto-tool
https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt
remnux.python3-packages.msoffcrypto-tool
https://github.com/bontchev/pcodedmp
https://twitter.com/bontchev
https://github.com/bontchev/pcodedmp/blob/master/LICENSE
remnux.python3-packages.pcodedmp
https://github.com/Big5-sec/pcode2code
https://twitter.com/Big5_sec
https://github.com/Big5-sec/pcode2code/blob/master/LICENSE
remnux.python3-packages.pcode2code
http://www.decalage.info/python/oletools
https://twitter.com/decalage2
https://github.com/decalage2/oletools/blob/master/LICENSE.md
remnux.python3-packages.oletools
https://github.com/outflanknl/EvilClippy
https://twitter.com/StanHacked
https://twitter.com/OrOneEqualsOne
https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md
remnux.packages.evilclippy
https://github.com/DissectMalware/XLMMacroDeobfuscator
https://twitter.com/DissectMalware
https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE
remnux.python3-packages.xlmmacrodeobfuscator
https://www.decalage.info/en/vba_emulation
https://twitter.com/decalage2
https://github.com/decalage2/ViperMonkey#license
remnux.python-packages.vipermonkey
https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/
https://twitter.com/DidierStevens
remnux.scripts.msoffcrypto-crack
https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/
https://twitter.com/DidierStevens
remnux.scripts.rtfdump
https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
https://twitter.com/DidierStevens
remnux.scripts.zipdump
https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/
https://twitter.com/DidierStevens
remnux.scripts.zipdump
https://blog.didierstevens.com/programs/oledump-py/
https://twitter.com/DidierStevens
remnux.packages.oledump
https://github.com/libyal/libolecf
https://github.com/libyal/libolecf/blob/master/COPYING
remnux.packages.libolecf
https://github.com/herumi/msoffice
https://twitter.com/herumi
https://github.com/herumi/msoffice/blob/master/COPYRIGHT
remnux.packages.msoffice-crypt
https://github.com/vstinner/hachoir
https://hachoir.readthedocs.io/en/latest/authors.html
https://github.com/vstinner/hachoir/blob/master/COPYING
remnux.python3-packages.hachoir