Hashcat http://hashcat.net/hashcat/ is the definitely tool to use for cracking hashes. It might be highly possible that the hash might have been cracked by others online.
Therefore, it might be more convenient to perform a lookup using the online free services before even trying to crack the hash with Hashcat.
findmyhash is a very useful tool for cracking the hashes using free online services.
Most of the password dumps have been appearing on websites like Pastebin.com and it makes it even more useful if findmyhash is able to find and crack md5/sha1 hashes located in a website link like pastebin. I have submitted a patch to https://code.google.com/p/findmyhash/issues/detail?id=7 for this new feature.
If you do not feel comfortable with another party knowing about the hashes, you should skip using findmyhash all together and dive straight to hashcat instead.
I wrote an excel password cracker in Java.
There are a couple of password protections in Excel 2003
1. File encryption password – To protect file from viewing
2. File sharing password – To protect file from modification
3. Excel worksheet/workbook protection – To protect the cells and objects on a worksheet from modification
The java code uses Apache Jakarta for extracting the password hashes.
An executable version can also be found on my google project site.
This tool currently only brute forces the (3) excel worksheet/workbook protection password.
There are a large number of collisions for the worksheet/workbook protection password hash.
Therefore, it is possible to use a different password to unprotect the worksheet/workbook.
This speeds up the brute forcing process significantly.
I am still working on the code for brute forcing the file password hashes.
I might also be working on a tool to generate the rainbow tables for excel password hashes.
The code can be found at http://code.google.com/p/excelcrack/
If you are interested in working with me on this project, do drop me an email at keithlee2012[at]gmail.com or buzz me on twitter @keith55