π
π
π
π
REMnux Documentation
Searchβ¦
π
π
π
π
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
General
PDF
Microsoft Office
Email Messages
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By
GitBook
Microsoft Office
Analyze Documents
SSView
Analyze OLE2 Structured Storage files
Website
:
https://www.mitec.cz/ssv.html
Author
: Michal Mutl
License
: Free to use for private, educational and non-commercial purposes.
Notes
: ssview
State File
:
remnux.tools.ssview
β
msoffcrypto-tool
Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key.
Website
:
https://github.com/nolze/msoffcrypto-tool
Author
: nolze
License
: MIT License:
https://github.com/nolze/msoffcrypto-tool/blob/master/LICENSE.txt
State File
:
remnux.python3-packages.msoffcrypto-tool
β
pcodedmp
Disassemble VBA p-code
Website
:
https://github.com/bontchev/pcodedmp
Author
: Vesselin Bontchev:
https://twitter.com/bontchev
License
: GNU General Public License (GPL) v3:
https://github.com/bontchev/pcodedmp/blob/master/LICENSE
State File
:
remnux.python3-packages.pcodedmp
β
pcode2code
Decompile VBA macro p-code from Microsoft Office documents
Website
:
https://github.com/Big5-sec/pcode2code
Author
: Nicolas Zilio:
https://twitter.com/Big5_sec
License
: GNU General Public License (GPL) v3:
https://github.com/Big5-sec/pcode2code/blob/master/LICENSE
State File
:
remnux.python3-packages.pcode2code
β
oletools
Microsoft Office OLE2 compound documents.
Website
:
http://www.decalage.info/python/oletools
Author
: Philippe Lagadec:
https://twitter.com/decalage2
License
: Free, custom license:
https://github.com/decalage2/oletools/blob/master/LICENSE.md
Notes
: mraptor, msodde, olebrowse, oledir, oleid, olemap, olemeta, oleobj, oletimes, olevba, pyxswf, rtfobj, ezhexviewer
State File
:
remnux.python3-packages.oletools
β
EvilClippy
Modify aspects of Microsoft Office documents.
Website
:
https://github.com/outflanknl/EvilClippy
Author
: Stan Hegt:
https://twitter.com/StanHacked
, with contributions from Carrie Roberts:
https://twitter.com/OrOneEqualsOne
License
: GNU General Public License (GPL) v3.0:
https://github.com/outflanknl/EvilClippy/blob/master/LICENSE.md
Notes
: To remove VBA project password protection from the file, use the
evilclippy -uu
command.
State File
:
remnux.packages.evilclippy
β
XLMMacroDeobfuscator
Deobfuscate XLM macros (also known as Excel 4.0 macros) from Microsoft Office files.
Website
:
https://github.com/DissectMalware/XLMMacroDeobfuscator
Author
:
https://twitter.com/DissectMalware
License
: Apache License 2.0:
https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/master/LICENSE
Notes
: xlmdeobfuscator
State File
:
remnux.python3-packages.xlmmacrodeobfuscator
β
ViperMonkey
A VBA parser and emulation engine to analyze malicious macros.
Website
:
https://www.decalage.info/en/vba_emulation
Author
: Philippe Lagadec:
https://twitter.com/decalage2
License
: Free, custom license:
https://github.com/decalage2/ViperMonkey#license
Notes
: vmonkey
State File
:
remnux.python-packages.vipermonkey
β
msoffcrypto-crack.py
Recover the password of an encrypted Microsoft Office document.
Website
:
https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
State File
:
remnux.scripts.msoffcrypto-crack
β
rtfdump
Analyze a suspicious RTF file.
Website
:
https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
Notes
: rtfdump.py
State File
:
remnux.scripts.rtfdump
β
zipdump.py
Analyze zip-compressed files.
Website
:
https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
State File
:
remnux.scripts.zipdump
β
xmldump.py
Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents.
Website
:
https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
State File
:
remnux.scripts.zipdump
β
oledump
Analyze OLE2 Structured Storage files.
Website
:
https://blog.didierstevens.com/programs/oledump-py/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
Notes
: oledump.py
State File
:
remnux.packages.oledump
β
libolecf
Microsoft Office OLE2 compound documents.
Website
:
https://github.com/libyal/libolecf
Author
: Joachim Metz
License
: GNU Lesser General Public License (LGPL) v3+:
https://github.com/libyal/libolecf/blob/master/COPYING
Notes
: olecfexport, olecfinfo, olecfmount, etc.
State File
:
remnux.packages.libolecf
β
msoffice-crypt
Encrypt and decrypt OOXML Microsoft Office documents.
Website
:
https://github.com/herumi/msoffice
Author
: Cybozu Labs Inc., Mitsunari Shigeo:
https://twitter.com/herumi
License
: Free, custom license:
https://github.com/herumi/msoffice/blob/master/COPYRIGHT
State File
:
remnux.packages.msoffice-crypt
β
Hachoir
View, edit, and carve contents of various binary file types.
Website
:
https://github.com/vstinner/hachoir
Author
:
https://hachoir.readthedocs.io/en/latest/authors.html
License
: GNU General Public License (GPL) v2:
https://github.com/vstinner/hachoir/blob/master/COPYING
Notes
: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx
State File
:
remnux.python3-packages.hachoir
β
Previous
PDF
Next
Email Messages
Last modified
9mo ago
Copy link
Contents
SSView
msoffcrypto-tool
pcodedmp
pcode2code
oletools
EvilClippy
XLMMacroDeobfuscator
ViperMonkey
msoffcrypto-crack.py
rtfdump
zipdump.py
xmldump.py
oledump
libolecf
msoffice-crypt
Hachoir