Docem

Visit Tool

docem is an open-source security tool that embeds XXE and XSS payloads in various document formats like docx, odt, and pptx. It helps security researchers test document security and identify vulnerabilities by creating documents with embedded attack vectors.

Claim this tool

No Views Yet

At a glance

Pricing

Open Source

Free tier

Yes

API

Skill level

Technical

About

What is docem?

docem is a powerful open-source utility designed for security researchers and penetration testers to embed XXE (XML External Entity) and XSS (Cross-Site Scripting) payloads into common document formats such as docx, odt, pptx, and xlsx. These document types are essentially zip archives containing XML files, making them susceptible to such injection techniques. The tool streamlines the process of creating documents with embedded payloads, addressing the limitations of existing tools like oxml_xxe when needing to generate numerous documents with varied payload placements. Users can specify a sample document with 'magic symbols' that docem replaces with the chosen XXE or XSS payloads, offering different payload modes (per_document, per_file, per_place) for granular control over embedding. This makes docem an invaluable asset for comprehensive document security testing and vulnerability assessment.

Best used for

Ideal for developers and security researchers who need to perform comprehensive vulnerability assessments on document files, create custom test cases for XXE and XSS, and automate the generation of documents with embedded payloads. Especially valuable for penetration testers looking to efficiently test a large number of documents.

Common actions

embed security payloads

test document vulnerabilities

create attack vectors

github copilotface swapping"AI Agents"workflowsdeepfakeautomated workflowcollaborationlow-code/no-codeopen-source

Capabilities

Key features

Embed XXE payloads
Embed XSS payloads
Supports docx, odt, pptx, xlsx
Multiple payload modes
Custom sample document creation
Custom payload file formats

Target Audience

developer

Integrations

Not yet documented

Pricing & Plans

Open Source

Free

FAQs

What document formats does docem support for embedding payloads?

docem supports common document formats that are essentially zip archives containing XML files. Specifically, it can embed XXE and XSS payloads in docx, odt, pptx, and xlsx files, making it versatile for various document security testing scenarios.

How does docem handle different payload embedding scenarios?

docem offers three payload modes: 'per_document' (embeds payload in all places in all files, creating one document per payload), 'per_file' (embeds per file inside a document), and 'per_place' (embeds per place in every file, creating a new document for each). This allows for flexible and targeted testing.

Can I use my own custom sample documents with docem?

Yes, docem allows you to create custom sample documents. You can either unzip an existing document and add 'magic symbols' (XXCb8bBA9XX) to the desired payload locations, or directly add these symbols to a custom document file. The tool then replaces these symbols with your specified payloads.

Trending

Subcategories trending in Coding & Development

Code Assistants DevOps & Infrastructure No-Code / Low-Code Testing & QA Backend & APIs Prompt Engineering

Trending

Explore

Browse AI tools by category

Content & Design Productivity & Business Coding & Development AI Agents & Automation Research & Education Wellness & Lifestyle Career Development Marketing & Growth Data & Analytics Customer Support & CX Finance E-commerce