office-exploits

本仓库维护目前已知的 MS Office 漏洞，欢迎大家提交 pull request

漏洞列表

• CVE-2017-8570
• CVE-2017-8759
• CVE-2017-11882
• CVE-2018-0802
• DDEAUTO
• 其他通过注入执行命令的方式

其他漏洞

以下漏洞还未测试

• CVE-2017-0199
• thom-s/docx-embeddedhtml-injection - This PowerShell script exploits a known vulnerability in Word 2016 documents with embedded online videos by injecting HTML code into a docx file, replacing the values of all pre-existing embeddedHtml tags
• webSettings.xml 获取 NTLM SSP hash

macro 工具

生成、混淆

• Shellntel/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents
• cldrn/macphish - Office for Mac Macro Payload Generator
• sevagas/macro_pack - a tool used to automatize obfuscation and generation of MS Office documents
• Mr-Un1k0d3r/MaliciousMacroGenerator - Malicious Macro Generator (支持VM检测)
• Pepitoh/VBad - VBA Obfuscation Tools combined with an MS office document generator

静态分析

• decalage2/oletools - python tools to analyze MS OLE2 files
  • mraptor
  • olevba
• egaus/MaliciousMacroBot - malicious office documents triage tool

模拟器、动态分析

• decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros
• tehsyntx/loffice - Lazy Office Analyzer
• eset/vba-dynamic-hook - VBA Dynamic Hook dynamically analyzes VBA macros inside Office documents by hooking function calls

其他工具

• 0x09AL/WordSteal - create a POC that will steal NTML hashes from a remote computer

其它项目

• office-exploit-case-study