📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
General
PDF
Microsoft Office
Email Messages
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

Microsoft Office

Analyze Documents

SSView

Analyze OLE2 Structured Storage files

Website: https://www.mitec.cz/ssv.html Author: Michal Mutl License: Free to use for private, educational and non-commercial purposes. Notes: ssview State File: remnux.tools.ssview​

msoffcrypto-tool

Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.

Website: https://github.com/nolze/msoffcrypto-tool Author: nolze License: MIT License: https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt State File: remnux.python3-packages.msoffcrypto-tool​

pcodedmp

Disassemble VBA p-code

Website: https://github.com/bontchev/pcodedmp Author: Vesselin Bontchev: https://twitter.com/bontchev License: GNU General Public License (GPL) v3: https://github.com/bontchev/pcodedmp/blob/master/LICENSE State File: remnux.python3-packages.pcodedmp​

oletools

Microsoft Office OLE2 compound documents.

Website: http://www.decalage.info/python/oletools Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/oletools/blob/master/LICENSE.md Notes: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer State File: remnux.python3-packages.oletools​

XLMMacroDeobfuscator

Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.

Website: https://github.com/DissectMalware/XLMMacroDeobfuscator Author: https://twitter.com/DissectMalware License: Apache License 2.0: https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE Notes: xlmdeobfuscator State File: remnux.python3-packages.xlmmacrodeobfuscator​

ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

Website: https://www.decalage.info/en/vba_emulation Author: Philippe Lagadec: https://twitter.com/decalage2 License: Free, custom license: https://github.com/decalage2/ViperMonkey#license Notes: vmonkey State File: remnux.python-packages.vipermonkey​

msoffcrypto-crack.py

Recover the password of an encrypted Microsoft Office document.

Website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.msoffcrypto-crack​

rtfdump

Analyze a suspicious RTF file.

Website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: rtfdump.py State File: remnux.scripts.rtfdump​

zipdump.py

Analyze zip-compressed files.

Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump​

officeparser

Parse Microsoft Office OLE2 compound documents.

Website: https://github.com/unixfreak0037/officeparser Author: John William Davison License: MIT License: https://github.com/unixfreak0037/officeparser/blob/master/LICENSE State File: remnux.scripts.officeparser​

oledump

Analyze OLE2 Structured Storage files.

Website: https://blog.didierstevens.com/programs/oledump-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: oledump.py State File: remnux.packages.oledump​

libolecf

Microsoft Office OLE2 compound documents.

Website: https://github.com/libyal/libolecf Author: Joachim Metz License: GNU Lesser General Public License (LGPL) v3+: https://github.com/libyal/libolecf/blob/master/COPYING Notes: olecfexport, olecfinfo, olecfmount, etc. State File: remnux.packages.libolecf​

msoffice-crypt

Encrypt and decrypt OOXML Microsoft Office documents.

Website: https://github.com/herumi/msoffice Author: Cybozu Labs Inc., Mitsunari Shigeo: https://twitter.com/herumi License: Free, custom license: https://github.com/herumi/msoffice/blob/master/COPYRIGHT State File: remnux.packages.msoffice-crypt​

Hachoir

View, edit, and carve contents of various binary file types.

Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-metadata, hachoir-metadata-gtk, hachoir-subfile, hachoir-urwid, hachoir-wx State File: remnux.packages.python-hachoir-core​

Previous
PDF
Next
Email Messages
Last updated 2 months ago
Contents
SSView
msoffcrypto-tool
pcodedmp
oletools
XLMMacroDeobfuscator
ViperMonkey
msoffcrypto-crack.py
rtfdump
zipdump.py
officeparser
oledump
libolecf
msoffice-crypt
Hachoir