In this update of msoffcrypto-crack.py, two new options were added:
-e takes a text file and extracts all words from this text file to be used in the dictionary attack. Words are strings delimited by space characters. Words between single or double quotes, and words after string “password” are put at the beginning of the list for the dictionary attack.
The idea for option -e, is that you give it the content of an email message that contains the password of the encrypted attachment(s).
-c takes the password to decrypt the document. You use this option after the password was recovered (with option -p or -e for example), and need to run the tool again to decrypt the document. You can run the password cracking each time when you need to decrypt the document, but if this takes too long, then you just run it once and from then on provide the recovered password with option -c.
Password VelvetSweatshop was added to the embedded password list.
msoffcrypto-crack_V0_0_2.zip (https)
MD5: 010B7FA68FCF9CE84427815EFDFE1C42
SHA256: 6B368E40EEE8A907D444A49963B37F456A3645991201CE06F0E46A0F2E188A74
Didier Stevens 
I’ve tested the script on .xls and .doc files and it works as intended. However it doesn’t work with newer Office formats, it always says “Password found: infected”, even though that isn’t the password
Comment by Anonymous — Tuesday 22 January 2019 @ 13:54
Works wonders for the old binary format, but it doesn’t quite work for the ooxml format? I’ve noticed the library required works for all Office Open XML formats, but the script keeps returning the password as being either 123456 or infected (I’ve tested with an xlsx file with the password VelvetSweatshop and with a docx file with the password rocky, both passwords are in the wordlist).
Comment by JJ — Wednesday 23 January 2019 @ 14:14
Just posted a bug fix: https://blog.didierstevens.com/2019/01/26/update-msoffcrypto-crack-py-version-0-0-3/
Comment by Didier Stevens — Saturday 26 January 2019 @ 13:46