Skip to content
/ MacroScope Public

A malicious forensic triage toolkit for examining Office and PDF files for advanced forms of malware payloads before execution in sensitive environments.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pottsie283/MacroScope

BranchesTags

Repository files navigation

📄 MacroScope – Malicious Document Triage Toolkit

MacroScope is an open-source, offline-first framework for detecting and analyzing malicious document files.
It supports Microsoft Office, PDF, and RTF formats, helping analysts and students quickly identify hidden threats like macros, embedded payloads, and exploit signatures.

MacroScope is for educational and research purposes only. Use it only on files you have permission to analyse. The authors are not responsible for misuse, damage, or any consequences arising from the use of this software. Always run MacroScope in a safe, isolated environment when working with suspicious files.

✨ Features

  • 🕵️ Detects malicious macros, JavaScript, and embedded objects
  • 📂 Supports .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .rtf
  • 🔍 Extracts and deobfuscates VBA macros & PDF JavaScript
  • 🚨 Suspiciousness scoring with clear risk indicators
  • 💻 100% local execution – no cloud upload needed
  • 🛡️ Runs in isolated processes to protect your system

🔮 Future Development

  • 📌 OneNote & HTML Smuggling Support – Expand file format coverage
  • 📌 Dynamic Analysis Sandbox Mode – Optional safe execution to capture runtime behavior
  • 📌 Threat Intel Integration – Check file hashes against known malware databases
  • 📌 GUI Frontend – Drag-and-drop document analysis for non-technical users
  • 📌 Rule-based Scoring Engine – Customizable detection rules
  • 📌 Timeline View – Visualize macro or script execution flow
  • 📌 Multi-Language Support – Internationalized reports

💡 Use Cases

  • 📨 Email Security – Triage suspicious attachments before opening them
  • 🧪 Malware Research – Quickly surface potential payloads for deeper analysis
  • 🏫 Education & Training – Teach students about document-based threats
  • 🛠️ Incident Response – Rapidly investigate documents during phishing incidents
  • 📊 Threat Hunting – Identify recurring malicious document patterns

📥 Installation

Requirements

  • Python 3.9+
  • pip package manager

Steps

# 1️⃣ Clone the repository
git clone https://github.com/pottsie283/MacroScope
cd macroscope

# 2️⃣ Create a virtual environment (recommended)
python3 -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate

# 3️⃣ Install dependencies
pip install -r requirements.txt

# 4️⃣ Run MacroScope
python -m scripts.cli --help

About

A malicious forensic triage toolkit for examining Office and PDF files for advanced forms of malware payloads before execution in sensitive environments.

Topics

incident-response cybersecurity malware-analysis digital-forensics threat-intelligence pdf-analysis cybersecurity-tools document-security macro-analysis office-malware

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages