Microsoft Office

Analyze Documents

SSView

Analyze OLE2 Structured Storage files

Website: https://www.mitec.cz/ssv.html Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File: remnux.tools.ssview

msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

Website: https://github.com/nolze/msoffcrypto-tool Author: nolze License: MIT License: https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt State File: remnux.python3-packages.msoffcrypto-tool

pcodedmp

Disassemble VBA p-code

Website: https://github.com/bontchev/pcodedmp Author: Vesselin Bontchev: https://twitter.com/bontchev License: GNU General Public License (GPL) v3: https://github.com/bontchev/pcodedmp/blob/master/LICENSE State File: remnux.python3-packages.pcodedmp

oletools

Microsoft Office OLE2 compound documents.

Website: http://www.decalage.info/python/oletools Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/oletools/blob/master/LICENSE.md Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File: remnux.python3-packages.oletools

XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

Website: https://github.com/DissectMalware/XLMMacroDeobfuscator Author: https://twitter.com/DissectMalware License: Apache License 2.0: https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE Notes: xlmdeobfuscator State File: remnux.python3-packages.xlmmacrodeobfuscator

ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

Website: https://www.decalage.info/en/vba_emulation Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/ViperMonkey#license Notes: vmonkey State File: remnux.python-packages.vipermonkey

msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

Website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.msoffcrypto-crack

rtfdump

Analyze a suspicious RTF file.

Website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: rtfdump.py State File: remnux.scripts.rtfdump

zipdump.py

Analyze zip-compressed files.

Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump

officeparser

Parse Microsoft Office OLE2 compound documents.

Website: https://github.com/unixfreak0037/officeparser Author: John William Davison License: MIT License: https://github.com/unixfreak0037/officeparser/blob/master/LICENSE State File: remnux.scripts.officeparser

oledump

Analyze OLE2 Structured Storage files.

Website: https://blog.didierstevens.com/programs/oledump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: oledump.py State File: remnux.packages.oledump

libolecf

Microsoft Office OLE2 compound documents.

Website: https://github.com/libyal/libolecf Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: https://github.com/libyal/libolecf/blob/master/COPYING Notes: olecfexport, olecfinfo, olecfmount, etc. State File: remnux.packages.libolecf

msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

Website: https://github.com/herumi/msoffice Author: Cybozu Labs Inc., Mitsunari Shigeo: https://twitter.com/herumi License: Free, custom license: https://github.com/herumi/msoffice/blob/master/COPYRIGHT State File: remnux.packages.msoffice-crypt

Hachoir

View, edit, and carve contents of various binary file types.

Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-metadata, hachoir-metadata-gtk, hachoir-subfile, hachoir-urwid, hachoir-wx State File: remnux.packages.python-hachoir-core