OfficeDissector is a parser library for static security analysis of Office Open XML (OOXML) Documents, created by Grier Forensics for the Cyber System Assessments Group at MIT’s Lincoln Laboratory.

OfficeDissector is the first parser designed specifically for security analysis of OOXML documents. It exposes all internals, including document properties, parts, content-type, relationships, embedded macros and multimedia, and comments, and more. It provides full JSON export, and a MASTIFF based plugin architecture. It also includes a nearly 600 MB test corpus, unit tests with nearly 100% coverage, smoke tests running against the entire corpus, and simple, well factored, fully commented code.


See Installing OfficeDissector for how to install and test OfficeDissector.

Usage Examples

The best way to learn OfficeDissector is to look at the interactive ipython session demonstrating usage of OfficeDissector.

Analyzing OOXML

See Analyzing OOXML with Office Dissector for a quick start guide on how to use OfficeDissector to analyze OOXML documents.

Plugin Architecture

To find more information about the MASTIFF plugin architecture and sample plugins, see mastiff-plugins/README.txt.

Table Of Contents

Next topic

OfficeDissector API Documentation

This Page