# rtfdump.py
> Analyze RTF file structure, identify hex-encoded groups and embedded objects

**Category:** [[categories/analyze-documents-microsoft-office|Analyze Documents > Microsoft Office]] | **Tier:** Rich (FOR610) | **Author:** Didier Stevens
**Docs:** [https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office](https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office)

## Usage
```bash
rtfdump.py document.rtf
rtfdump.py document.rtf -s 5 -H -d > extracted.bin
```

## Recipes
- [[recipes/rtf-shellcode-extraction|Extract Shellcode from RTF Document]]

## Workflows
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 2: Structure Analysis
- [[workflows/shellcode-analysis-workflow|Shellcode Analysis]] — Step 2: Extraction

## Related Tools
- [[tools/evilclippy|evilclippy]] — Remove VBA project password protection and manipulate Office
- [[tools/libolecf|libolecf]] — Microsoft Office OLE2 compound documents.
- [[tools/msoffcrypto-crack|msoffcrypto-crack.py]] — Recover the password of an encrypted Microsoft Office docume
- [[tools/msoffcrypto-tool|msoffcrypto-tool]] — Decrypt password-protected Microsoft Office documents (OLE a
- [[tools/msoffice-crypt|msoffice-crypt]] — Encrypt and decrypt OOXML Microsoft Office documents.

## FOR610
**Labs:** 3.5
**Sections:** 3

#rtf #document #didier-stevens