OfficeDissector is a parser library for static security analysis of Office Open XML (OOXML) Documents, created by Grier Forensics for the Cyber System Assessments Group at MIT’s Lincoln Laboratory.
OfficeDissector is the first parser designed specifically for security analysis of OOXML documents. It exposes all internals, including document properties, parts, content-type, relationships, embedded macros and multimedia, and comments, and more. It provides full JSON export, and a MASTIFF based plugin architecture. It also includes a nearly 600 MB test corpus, unit tests with nearly 100% coverage, smoke tests running against the entire corpus, and simple, well factored, fully commented code.
See Installing OfficeDissector for how to install and test OfficeDissector.
The best way to learn OfficeDissector is to look at the interactive ipython session demonstrating usage of OfficeDissector.
See Analyzing OOXML with Office Dissector for a quick start guide on how to use OfficeDissector to analyze OOXML documents.
To find more information about the MASTIFF plugin architecture and sample plugins, see mastiff-plugins/README.txt.
OfficeDissector’s API is fully documented in the API documentation: