office-exploits
本仓库维护目前已知的 MS Office 漏洞,欢迎大家提交 pull request
漏洞列表
其他漏洞
以下漏洞还未测试
macro 工具
生成、混淆
- Shellntel/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents
- cldrn/macphish - Office for Mac Macro Payload Generator
- sevagas/macro_pack - a tool used to automatize obfuscation and generation of MS Office documents
- Mr-Un1k0d3r/MaliciousMacroGenerator - Malicious Macro Generator (支持VM检测)
- Pepitoh/VBad - VBA Obfuscation Tools combined with an MS office document generator
静态分析
- decalage2/oletools - python tools to analyze MS OLE2 files
- egaus/MaliciousMacroBot - malicious office documents triage tool
模拟器、动态分析
- decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros
- tehsyntx/loffice - Lazy Office Analyzer
- eset/vba-dynamic-hook - VBA Dynamic Hook dynamically analyzes VBA macros inside Office documents by hooking function calls