πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
Search…
πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
General
PDF
Microsoft Office
Email Messages
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
Microsoft Office
Analyze Documents

SSView

Analyze OLE2 Structured Storage files
Website: https://www.mitec.cz/ssv.html Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File: remnux.tools.ssview​

msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

pcodedmp

Disassemble VBA p-code
Website: https://github.com/bontchev/pcodedmp Author: Vesselin Bontchev: https://twitter.com/bontchev License: GNU General Public License (GPL) v3: https://github.com/bontchev/pcodedmp/blob/master/LICENSE State File: remnux.python3-packages.pcodedmp​

pcode2code

Decompile VBA macro p-code from Microsoft Office documents

oletools

Microsoft Office OLE2 compound documents.
Website: http://www.decalage.info/python/oletools Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/oletools/blob/master/LICENSE.md Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File: remnux.python3-packages.oletools​

EvilClippy

Modify aspects of Microsoft Office documents.
Website: https://github.com/outflanknl/EvilClippy Author: Stan Hegt: https://twitter.com/StanHacked, with contributions from Carrie Roberts: https://twitter.com/OrOneEqualsOne License: GNU General Public License (GPL) v3.0: https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md Notes: To remove VBA project password protection from the file, use the evilclippy -uu command. State File: remnux.packages.evilclippy​

XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.
Website: https://www.decalage.info/en/vba_emulation Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/ViperMonkey#license Notes: vmonkey State File: remnux.python-packages.vipermonkey​

msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

rtfdump

Analyze a suspicious RTF file.
Website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: rtfdump.py State File: remnux.scripts.rtfdump​

zipdump.py

Analyze zip-compressed files.

xmldump.py

Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.

oledump

Analyze OLE2 Structured Storage files.
Website: https://blog.didierstevens.com/programs/oledump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: oledump.py State File: remnux.packages.oledump​

libolecf

Microsoft Office OLE2 compound documents.
Website: https://github.com/libyal/libolecf Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: https://github.com/libyal/libolecf/blob/master/COPYING Notes: olecfexport, olecfinfo, olecfmount, etc. State File: remnux.packages.libolecf​

msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.
Website: https://github.com/herumi/msoffice Author: Cybozu Labs Inc., Mitsunari Shigeo: https://twitter.com/herumi License: Free, custom license: https://github.com/herumi/msoffice/blob/master/COPYRIGHT State File: remnux.packages.msoffice-crypt​

Hachoir

View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir​
Previous
PDF
Next
Email Messages
Last modified 9mo ago
Copy link
Contents
SSView
msoffcrypto-tool
pcodedmp
pcode2code
oletools
EvilClippy
XLMMacroDeobfuscator
ViperMonkey
msoffcrypto-crack.py
rtfdump
zipdump.py
xmldump.py
oledump
libolecf
msoffice-crypt
Hachoir