Overhaul help system UX with navi, recipes, and onboarding
- Rewrite fhelp: add 'start' onboarding, recipe fallback chain (our files → cheat → tldr), 'workflow' dynamic loader, tier badges - Add welcome.sh: unified English welcome for bash/zsh/fish - Replace German README with concise English version - Add Zsh F1/Ctrl+/ widget for inline help while typing - Configure navi Ctrl+G widget for interactive cheatsheet browsing - Fix dangerous 'alias help=fhelp' (was breaking bash builtin) - Add 'h' and 'analyse' as safe aliases Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
tobias
+10
-9
@@ -1,11 +1,12 @@
|
||||
README - pdfanalysis
|
||||
Dieser Container enthält Tools um PDFs zu analysieren:
|
||||
REMnux Malware Analysis Container
|
||||
===================================
|
||||
397 analysis tools | 8 workflows | Fully offline help
|
||||
|
||||
pdfid.py - Schnelle Übersicht über PDF-Aufbau.
|
||||
pdf-parser.py - Zerlegen und extrahieren von PDF-Elementen
|
||||
peepdf.py - PDF - Analyse Framework mit Javascript Analyse
|
||||
pdftk - Tool um das PDF zu "flatten"
|
||||
convert - ImageMagick Tool zum convertieren
|
||||
fhelp - Help system overview
|
||||
fhelp start - Quick start guide (30 sec)
|
||||
fhelp tools <keyword> - Search for tools
|
||||
fhelp cheat <tool> - Usage examples for a tool
|
||||
fhelp workflow - Step-by-step analysis workflows
|
||||
Ctrl+G - Interactive cheatsheet browser
|
||||
|
||||
Für Kommandobeispiele /opt/command_help lesen.
|
||||
Der Nutzer innerhalb des Containers braucht Schreibrechte auf das gemountete Verzeichnis.
|
||||
For mounted files: /work/ (or your mounted directory)
|
||||
|
||||
+14
-13
@@ -7,17 +7,13 @@ alias grep='grep --color=auto'
|
||||
alias fd='fdfind'
|
||||
alias rg='rg --color=auto'
|
||||
alias analyse='fhelp'
|
||||
alias ?='fhelp'
|
||||
alias h='fhelp'
|
||||
|
||||
# Fish prompt - simple and clean
|
||||
# Fish prompt
|
||||
function fish_prompt
|
||||
set_color cyan
|
||||
echo -n 'remnux'
|
||||
set_color normal
|
||||
echo -n '@'
|
||||
set_color blue
|
||||
echo -n (prompt_hostname)
|
||||
set_color normal
|
||||
echo -n ':'
|
||||
set_color yellow
|
||||
echo -n (prompt_pwd)
|
||||
@@ -25,10 +21,15 @@ function fish_prompt
|
||||
echo -n '> '
|
||||
end
|
||||
|
||||
# Welcome message
|
||||
if test -f /opt/README
|
||||
cat /opt/README
|
||||
echo ""
|
||||
echo "🐚 Shell: fish | Type 'fhelp' for help"
|
||||
echo ""
|
||||
end
|
||||
# Navi widget (Ctrl+G)
|
||||
if command -q navi
|
||||
navi widget fish | source 2>/dev/null
|
||||
end
|
||||
|
||||
# Welcome message (only once per session)
|
||||
if not set -q _WELCOME_SHOWN
|
||||
set -gx _WELCOME_SHOWN 1
|
||||
if test -f /usr/local/bin/welcome.sh
|
||||
bash /usr/local/bin/welcome.sh
|
||||
end
|
||||
end
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
# Unified welcome message for all shells
|
||||
# Sourced by bash, zsh, and fish on login
|
||||
|
||||
# Only show on login shells, not subshells
|
||||
if [[ -n "$_WELCOME_SHOWN" ]]; then
|
||||
return 0 2>/dev/null || exit 0
|
||||
fi
|
||||
export _WELCOME_SHOWN=1
|
||||
|
||||
# Colors (works in bash, zsh, fish)
|
||||
_C='\033[0;36m' # cyan
|
||||
_G='\033[0;32m' # green
|
||||
_Y='\033[1;33m' # yellow
|
||||
_N='\033[0m' # reset
|
||||
|
||||
echo ""
|
||||
echo -e "${_C}REMnux Malware Analysis Container${_N}"
|
||||
echo -e "$(printf '%.0s=' {1..38})"
|
||||
echo ""
|
||||
echo -e " ${_G}fhelp${_N} Help system"
|
||||
echo -e " ${_G}fhelp start${_N} Quick start guide"
|
||||
echo -e " ${_G}fhelp cheat${_N} <tool> Tool examples"
|
||||
echo -e " ${_G}fhelp workflow${_N} Analysis workflows"
|
||||
echo -e " ${_Y}Ctrl+G${_N} Interactive browser"
|
||||
echo ""
|
||||
+47
-37
@@ -9,12 +9,12 @@ if [[ ! -d "$HOME" ]] || [[ ! -w "$HOME" ]]; then
|
||||
HISTFILE=/tmp/.zsh_history_$$
|
||||
HISTSIZE=10000
|
||||
SAVEHIST=10000
|
||||
|
||||
|
||||
autoload -Uz compinit && compinit -d /tmp/.zcompdump_$$
|
||||
autoload -U colors && colors
|
||||
|
||||
PROMPT='%F{red}[🔍]%f %F{cyan}%~%f $ '
|
||||
|
||||
|
||||
PROMPT='%F{red}[>]%f %F{cyan}%~%f $ '
|
||||
|
||||
# Load plugins if available
|
||||
[[ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]] && \
|
||||
source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
|
||||
@@ -23,7 +23,7 @@ if [[ ! -d "$HOME" ]] || [[ ! -w "$HOME" ]]; then
|
||||
else
|
||||
# Oh My Zsh setup for regular users
|
||||
export ZSH="$HOME/.oh-my-zsh"
|
||||
|
||||
|
||||
# Install Oh My Zsh if not present
|
||||
if [[ ! -d "$ZSH" ]]; then
|
||||
echo "Installing Oh My Zsh..."
|
||||
@@ -32,25 +32,21 @@ else
|
||||
RUNZSH=no CHSH=no sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" 2>/dev/null
|
||||
}
|
||||
fi
|
||||
|
||||
# Oh My Zsh theme - using agnoster-like theme for security work
|
||||
|
||||
# Oh My Zsh theme
|
||||
ZSH_THEME="robbyrussell"
|
||||
|
||||
# Custom theme for file analysis work
|
||||
|
||||
if [[ -d "$ZSH" ]]; then
|
||||
# Plugins to load
|
||||
plugins=(git docker command-not-found colored-man-pages)
|
||||
|
||||
# Load Oh My Zsh
|
||||
source $ZSH/oh-my-zsh.sh 2>/dev/null || true
|
||||
|
||||
|
||||
# Custom prompt with analysis indicator
|
||||
PROMPT='%F{red}🔍%f %F{cyan}%~%f $(git_prompt_info)%# '
|
||||
PROMPT='%F{red}>%f %F{cyan}%~%f $(git_prompt_info)%# '
|
||||
RPROMPT='%F{yellow}%*%f'
|
||||
else
|
||||
# Fallback if OMZ installation failed
|
||||
autoload -U colors && colors
|
||||
PROMPT='%F{red}[🔍]%f %F{cyan}%~%f $ '
|
||||
PROMPT='%F{red}[>]%f %F{cyan}%~%f $ '
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -89,7 +85,7 @@ setopt AUTO_MENU
|
||||
[[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] && \
|
||||
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
|
||||
|
||||
# Aliases for file analysis
|
||||
# Standard aliases
|
||||
alias ls='ls --color=auto'
|
||||
alias ll='ls -lah'
|
||||
alias la='ls -A'
|
||||
@@ -100,12 +96,12 @@ alias egrep='egrep --color=auto'
|
||||
|
||||
# Tool aliases
|
||||
alias fd='fdfind'
|
||||
alias bat='batcat' # Ubuntu names it batcat
|
||||
alias bat='batcat'
|
||||
alias rg='rg --color=auto'
|
||||
alias analyse='fhelp'
|
||||
alias help='fhelp'
|
||||
|
||||
# Help alias (? needs special handling in zsh)
|
||||
# Help system aliases (note: 'help' intentionally NOT aliased — preserves bash builtin)
|
||||
alias analyse='fhelp'
|
||||
alias h='fhelp'
|
||||
if [[ -n "$ZSH_VERSION" ]]; then
|
||||
alias \?='fhelp'
|
||||
else
|
||||
@@ -135,21 +131,35 @@ fi
|
||||
export EDITOR=vim
|
||||
export VISUAL=vim
|
||||
|
||||
# Welcome message (only on interactive shells)
|
||||
if [[ -o interactive ]] && [[ -f /opt/README ]]; then
|
||||
# Only show welcome once per session
|
||||
if [[ -z "$_WELCOME_SHOWN" ]]; then
|
||||
echo ""
|
||||
echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m"
|
||||
echo "\033[1;31m File Analysis Container\033[0m \033[1;33m(zsh with Oh My Zsh)\033[0m"
|
||||
echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m"
|
||||
echo ""
|
||||
echo " \033[1;32mfhelp\033[0m or \033[1;32m?\033[0m - Help system"
|
||||
echo " \033[1;32mfhelp cheat <tool>\033[0m - Quick examples"
|
||||
echo " \033[1;32mfhelp tools pdf\033[0m - Find PDF tools"
|
||||
echo ""
|
||||
echo " Shells: \033[0;36mbash\033[0m (default), \033[0;36mzsh\033[0m (current), \033[0;36mfish\033[0m"
|
||||
echo ""
|
||||
export _WELCOME_SHOWN=1
|
||||
fi
|
||||
# ============================================================
|
||||
# Navi interactive cheatsheet widget (Ctrl+G)
|
||||
# ============================================================
|
||||
if command -v navi &>/dev/null; then
|
||||
eval "$(navi widget zsh)" 2>/dev/null
|
||||
fi
|
||||
|
||||
# ============================================================
|
||||
# F1 / Ctrl+H: Show help for the command being typed
|
||||
# ============================================================
|
||||
_fhelp_inline_widget() {
|
||||
local cmd="${BUFFER%% *}"
|
||||
if [[ -n "$cmd" ]]; then
|
||||
zle -I
|
||||
echo ""
|
||||
fhelp cheat "$cmd" 2>/dev/null || fhelp tools "$cmd" 2>/dev/null || echo "No help for: $cmd"
|
||||
echo ""
|
||||
zle reset-prompt
|
||||
zle redisplay
|
||||
fi
|
||||
}
|
||||
zle -N _fhelp_inline_widget
|
||||
bindkey '\eOP' _fhelp_inline_widget # F1
|
||||
bindkey '\e[11~' _fhelp_inline_widget # F1 (alternate escape)
|
||||
bindkey '^_' _fhelp_inline_widget # Ctrl+/ (universal fallback)
|
||||
|
||||
# ============================================================
|
||||
# Welcome message (login shells only)
|
||||
# ============================================================
|
||||
if [[ -o interactive && -o login ]] || [[ -o interactive && -z "$_WELCOME_SHOWN" ]]; then
|
||||
[[ -f /usr/local/bin/welcome.sh ]] && source /usr/local/bin/welcome.sh
|
||||
fi
|
||||
|
||||
+326
-174
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Enhanced File Analysis Help System
|
||||
# Integrates multiple help sources: custom cheat sheets, navi, tldr, and tool database
|
||||
# Integrates multiple help sources: custom cheat sheets, tldr, tool database, and workflows
|
||||
|
||||
# Color definitions
|
||||
RED='\033[0;31m'
|
||||
@@ -15,6 +15,7 @@ NC='\033[0m'
|
||||
# Help system paths
|
||||
TOOLS_DB="/opt/remnux-docs/tools.db"
|
||||
CHEAT_DIR="/opt/cheatsheets"
|
||||
WORKFLOW_DIR="/opt/remnux-docs/workflows"
|
||||
TLDR_CACHE="/home/remnux/.local/share/tldr"
|
||||
|
||||
# Resolve cheat file names from a user-provided tool name
|
||||
@@ -38,6 +39,10 @@ resolve_cheat_file() {
|
||||
echo "$CHEAT_DIR/personal/$cand"
|
||||
return 0
|
||||
fi
|
||||
if [[ -f "$CHEAT_DIR/personal/${cand}.cheat" ]]; then
|
||||
echo "$CHEAT_DIR/personal/${cand}.cheat"
|
||||
return 0
|
||||
fi
|
||||
if [[ -f "$CHEAT_DIR/${cand}.cheat" ]]; then
|
||||
echo "$CHEAT_DIR/${cand}.cheat"
|
||||
return 0
|
||||
@@ -47,104 +52,172 @@ resolve_cheat_file() {
|
||||
}
|
||||
|
||||
show_main_help() {
|
||||
echo -e "${CYAN}📚 File Analysis Container Help System${NC}"
|
||||
echo "======================================"
|
||||
echo -e "${CYAN}REMnux Analysis Container Help System${NC}"
|
||||
echo "======================================="
|
||||
echo ""
|
||||
echo -e "${GREEN}🔍 Tool Discovery:${NC}"
|
||||
echo " fhelp tools [term] - Search for analysis tools"
|
||||
echo " fhelp tools --interactive - Browse tools interactively"
|
||||
echo " fhelp tools --list - List all available tools"
|
||||
echo -e "${GREEN}Getting Started:${NC}"
|
||||
echo " fhelp start - Quick start guide (30 seconds)"
|
||||
echo ""
|
||||
echo -e "${GREEN}📖 Command Examples:${NC}"
|
||||
echo " fhelp cheat <tool> - Show cheat sheet for specific tool"
|
||||
echo " fhelp examples - Browse all command examples interactively"
|
||||
echo " fhelp quick <command> - Quick examples (tldr style)"
|
||||
echo -e "${GREEN}Find Tools:${NC}"
|
||||
echo " fhelp tools <keyword> - Search by name or category"
|
||||
echo " fhelp tools --interactive - Interactive browser (fzf)"
|
||||
echo " Ctrl+G - Interactive cheatsheet browser (navi)"
|
||||
echo ""
|
||||
echo -e "${GREEN}🎯 Analysis Workflows:${NC}"
|
||||
echo " fhelp pdf - PDF analysis workflow"
|
||||
echo " fhelp malware - Malware analysis workflow"
|
||||
echo " fhelp forensics - System forensics workflow"
|
||||
echo -e "${GREEN}Get Examples:${NC}"
|
||||
echo " fhelp cheat <tool> - Usage examples for a specific tool"
|
||||
echo " fhelp quick <command> - Quick tldr examples"
|
||||
echo " F1 / Ctrl+/ - Help for command you're typing (zsh)"
|
||||
echo ""
|
||||
echo -e "${GREEN}💡 Quick Access:${NC}"
|
||||
echo " fhelp --all - Show everything available"
|
||||
echo -e "${GREEN}Analysis Workflows:${NC}"
|
||||
echo " fhelp workflow - List all 8 analysis workflows"
|
||||
echo " fhelp workflow <name> - Show step-by-step workflow"
|
||||
echo ""
|
||||
echo -e "${GREEN}Other:${NC}"
|
||||
echo " fhelp coverage - Help coverage statistics"
|
||||
echo " fhelp examples - Browse all cheat sheets"
|
||||
echo " fhelp --offline - Verify offline capabilities"
|
||||
echo ""
|
||||
echo -e "${YELLOW}Shortcuts:${NC} analyse, h, ? (all run fhelp)"
|
||||
echo ""
|
||||
echo -e "${YELLOW}Examples:${NC}"
|
||||
echo " fhelp tools pdf # Find PDF analysis tools"
|
||||
echo " fhelp cheat pdfid.py # Show pdfid.py examples"
|
||||
echo " fhelp quick tar # Quick tar examples"
|
||||
echo " fhelp examples # Browse all examples"
|
||||
echo " fhelp cheat pdfid.py # pdfid.py usage examples"
|
||||
echo " fhelp workflow static # Static analysis workflow"
|
||||
}
|
||||
|
||||
show_start() {
|
||||
echo -e "${CYAN}Quick Start Guide${NC}"
|
||||
echo "================="
|
||||
echo ""
|
||||
|
||||
# Count tools
|
||||
local tool_count=0
|
||||
local rich_count=0
|
||||
if [[ -f "$TOOLS_DB" ]]; then
|
||||
tool_count=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
rich_count=$(grep -c '|rich$' "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
fi
|
||||
|
||||
echo -e " This container has ${GREEN}${tool_count} analysis tools${NC} installed."
|
||||
echo -e " ${GREEN}${rich_count}${NC} have detailed help with FOR610 lab examples."
|
||||
echo ""
|
||||
echo -e "${YELLOW}1. Find a tool:${NC}"
|
||||
echo " fhelp tools pdf # search by keyword"
|
||||
echo " fhelp tools --interactive # browse with fuzzy search"
|
||||
echo ""
|
||||
echo -e "${YELLOW}2. Get usage examples:${NC}"
|
||||
echo " fhelp cheat pdfid.py # cheat sheet with examples"
|
||||
echo " fhelp cheat oledump.py # Office document analysis"
|
||||
echo " fhelp cheat capa # malware capabilities"
|
||||
echo ""
|
||||
echo -e "${YELLOW}3. Follow a workflow:${NC}"
|
||||
echo " fhelp workflow # list all workflows"
|
||||
echo " fhelp workflow static # static analysis steps"
|
||||
echo " fhelp workflow document # document analysis steps"
|
||||
echo ""
|
||||
echo -e "${YELLOW}4. Interactive help:${NC}"
|
||||
echo -e " ${GREEN}Ctrl+G${NC} # browse cheatsheets (navi)"
|
||||
echo -e " ${GREEN}F1${NC} or ${GREEN}Ctrl+/${NC} # help for command you're typing (zsh)"
|
||||
echo ""
|
||||
echo -e "${YELLOW}5. Tool tiers:${NC}"
|
||||
echo -e " ${GREEN}[FOR610]${NC} Rich help with lab examples and workflows"
|
||||
echo -e " ${BLUE}[docs]${NC} Standard help from REMnux documentation"
|
||||
echo -e " ${YELLOW}[basic]${NC} Minimal help (try: tool --help)"
|
||||
echo ""
|
||||
echo "Mount your files to /work/ and start analyzing!"
|
||||
}
|
||||
|
||||
show_cheat() {
|
||||
local tool="$1"
|
||||
|
||||
|
||||
if [[ -z "$tool" ]]; then
|
||||
echo -e "${RED}❌ Please specify a tool name${NC}"
|
||||
echo -e "${RED}Please specify a tool name${NC}"
|
||||
echo "Usage: fhelp cheat <tool>"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Check for specific workflow cheat sheets
|
||||
|
||||
# Check for specific workflow cheat sheets first
|
||||
local cheat_file=""
|
||||
case "$tool" in
|
||||
"pdf"|"pdf-analysis")
|
||||
cheat_file="$CHEAT_DIR/pdf-analysis.cheat"
|
||||
;;
|
||||
"malware"|"malware-analysis")
|
||||
"malware"|"malware-analysis")
|
||||
cheat_file="$CHEAT_DIR/malware-analysis.cheat"
|
||||
;;
|
||||
"system"|"system-utilities")
|
||||
cheat_file="$CHEAT_DIR/system-utilities.cheat"
|
||||
;;
|
||||
*)
|
||||
cheat_file="$CHEAT_DIR/${tool}.cheat"
|
||||
cheat_file=""
|
||||
;;
|
||||
esac
|
||||
|
||||
if [[ -f "$cheat_file" ]]; then
|
||||
echo -e "${CYAN}📋 Cheat Sheet: ${YELLOW}$tool${NC}"
|
||||
echo "=" $(printf '=%.0s' $(seq 1 ${#tool}))
|
||||
|
||||
# If not a workflow cheat, try to resolve tool-specific cheat
|
||||
if [[ -z "$cheat_file" || ! -f "$cheat_file" ]]; then
|
||||
cheat_file=$(resolve_cheat_file "$tool") || cheat_file=""
|
||||
fi
|
||||
|
||||
if [[ -n "$cheat_file" && -f "$cheat_file" ]]; then
|
||||
echo -e "${CYAN}Cheat Sheet: ${YELLOW}$tool${NC}"
|
||||
echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 14))))"
|
||||
echo ""
|
||||
# Skip YAML frontmatter if present and print raw content (no ANSI coloring to avoid artifacts)
|
||||
# Display cheat file content (skip YAML frontmatter if present)
|
||||
awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$cheat_file"
|
||||
elif command -v cheat >/dev/null 2>&1 && cheat "$tool" >/dev/null 2>&1; then
|
||||
# Fallback: try the cheat command
|
||||
echo -e "${CYAN}Cheat Sheet (cheat): ${YELLOW}$tool${NC}"
|
||||
echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 22))))"
|
||||
echo ""
|
||||
cheat "$tool"
|
||||
elif command -v tldr >/dev/null 2>&1 && tldr "$tool" >/dev/null 2>&1; then
|
||||
# Fallback: try tldr
|
||||
echo -e "${CYAN}Quick Reference (tldr): ${YELLOW}$tool${NC}"
|
||||
echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 24))))"
|
||||
echo ""
|
||||
tldr "$tool"
|
||||
else
|
||||
# Try resolution of common variants (e.g., pdfid.py -> pdfid, oledump -> oledump.py)
|
||||
local resolved
|
||||
resolved=$(resolve_cheat_file "$tool") || true
|
||||
if [[ -n "$resolved" && -f "$resolved" ]]; then
|
||||
echo -e "${CYAN}📋 Cheat Sheet: ${YELLOW}$tool${NC}"
|
||||
echo "=" $(printf '=%.0s' $(seq 1 ${#tool}))
|
||||
echo ""
|
||||
awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$resolved"
|
||||
else
|
||||
echo -e "${YELLOW}⚠️ No cheat sheet found for '$tool'${NC}"
|
||||
echo ""
|
||||
echo "Available cheat sheets:"
|
||||
if [[ -d "$CHEAT_DIR/personal" ]]; then
|
||||
ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ • /'
|
||||
echo -e "${YELLOW}No help found for '$tool'${NC}"
|
||||
echo ""
|
||||
# Suggest similar tools
|
||||
if [[ -f "$TOOLS_DB" ]]; then
|
||||
local matches=$(grep -i "$tool" "$TOOLS_DB" 2>/dev/null | head -5)
|
||||
if [[ -n "$matches" ]]; then
|
||||
echo "Did you mean one of these?"
|
||||
echo "$matches" | while IFS='|' read -r name desc cat usage tier; do
|
||||
local badge=""
|
||||
case "$tier" in
|
||||
rich) badge="${GREEN}[FOR610]${NC}" ;;
|
||||
standard) badge="${BLUE}[docs]${NC}" ;;
|
||||
*) badge="${YELLOW}[basic]${NC}" ;;
|
||||
esac
|
||||
echo -e " ${GREEN}$name${NC} $badge - $desc"
|
||||
done
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
show_quick() {
|
||||
local command="$1"
|
||||
|
||||
|
||||
if [[ -z "$command" ]]; then
|
||||
echo -e "${RED}❌ Please specify a command name${NC}"
|
||||
echo -e "${RED}Please specify a command name${NC}"
|
||||
echo "Usage: fhelp quick <command>"
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo -e "${CYAN}📖 Quick examples for: ${YELLOW}$command${NC}"
|
||||
|
||||
echo -e "${CYAN}Quick examples for: ${YELLOW}$command${NC}"
|
||||
echo ""
|
||||
|
||||
|
||||
if command -v tldr >/dev/null 2>&1; then
|
||||
if ! tldr "$command" 2>/dev/null; then
|
||||
echo -e "${YELLOW}⚠️ No tldr page found for '$command'${NC}"
|
||||
echo -e "${YELLOW}No tldr page found for '$command'${NC}"
|
||||
echo "Try: fhelp cheat $command"
|
||||
fi
|
||||
else
|
||||
echo -e "${RED}❌ tldr command not available${NC}"
|
||||
echo -e "${RED}tldr command not available${NC}"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@@ -152,170 +225,238 @@ show_quick() {
|
||||
show_tools() {
|
||||
local search_term="$1"
|
||||
local option="$2"
|
||||
|
||||
case "$option" in
|
||||
|
||||
case "$search_term" in
|
||||
"--interactive")
|
||||
if command -v find-tool >/dev/null 2>&1; then
|
||||
find-tool --interactive
|
||||
else
|
||||
echo -e "${RED}❌ find-tool not available${NC}"
|
||||
echo -e "${RED}find-tool not available${NC}"
|
||||
fi
|
||||
return
|
||||
;;
|
||||
"--list")
|
||||
if command -v find-tool >/dev/null 2>&1; then
|
||||
find-tool --list
|
||||
else
|
||||
echo -e "${RED}❌ find-tool not available${NC}"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
if [[ -z "$search_term" ]]; then
|
||||
echo -e "${RED}❌ Please provide a search term${NC}"
|
||||
echo "Usage: fhelp tools <search_term>"
|
||||
echo " fhelp tools --interactive"
|
||||
echo " fhelp tools --list"
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo -e "${CYAN}🔍 Searching analysis tools...${NC}"
|
||||
if command -v find-tool >/dev/null 2>&1; then
|
||||
find-tool "$search_term"
|
||||
else
|
||||
echo -e "${RED}❌ find-tool not available${NC}"
|
||||
echo -e "${RED}find-tool not available${NC}"
|
||||
fi
|
||||
return
|
||||
;;
|
||||
esac
|
||||
|
||||
if [[ -z "$search_term" ]]; then
|
||||
echo -e "${RED}Please provide a search term${NC}"
|
||||
echo "Usage: fhelp tools <search_term>"
|
||||
echo " fhelp tools --interactive"
|
||||
echo " fhelp tools --list"
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo -e "${CYAN}Searching analysis tools for '${YELLOW}$search_term${CYAN}'...${NC}"
|
||||
echo ""
|
||||
|
||||
if command -v find-tool >/dev/null 2>&1; then
|
||||
find-tool "$search_term"
|
||||
elif [[ -f "$TOOLS_DB" ]]; then
|
||||
# Fallback: direct grep on tools.db
|
||||
local results=$(grep -i "$search_term" "$TOOLS_DB" 2>/dev/null)
|
||||
if [[ -n "$results" ]]; then
|
||||
echo "$results" | while IFS='|' read -r name desc cat usage tier; do
|
||||
local tier_badge=""
|
||||
case "$tier" in
|
||||
rich) tier_badge="${GREEN}[FOR610]${NC}" ;;
|
||||
standard) tier_badge="${BLUE}[docs]${NC}" ;;
|
||||
basic) tier_badge="${YELLOW}[basic]${NC}" ;;
|
||||
*) tier_badge="" ;;
|
||||
esac
|
||||
echo -e " ${GREEN}$name${NC} $tier_badge"
|
||||
echo " $desc"
|
||||
echo " Usage: $usage"
|
||||
echo ""
|
||||
done
|
||||
else
|
||||
echo "No tools found matching '$search_term'"
|
||||
fi
|
||||
else
|
||||
echo -e "${RED}No tools database available${NC}"
|
||||
fi
|
||||
}
|
||||
|
||||
show_examples() {
|
||||
echo -e "${CYAN}🎯 Available Command Examples${NC}"
|
||||
echo -e "${CYAN}Available Command Examples${NC}"
|
||||
echo ""
|
||||
echo "Available cheat sheets:"
|
||||
|
||||
if [[ -d "$CHEAT_DIR/personal" ]]; then
|
||||
echo -e "${GREEN}Cheat sheets (use: fhelp cheat <name>):${NC}"
|
||||
ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ • /'
|
||||
local count=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l)
|
||||
echo -e "${GREEN}Per-tool cheat sheets: $count${NC} (use: fhelp cheat <name>)"
|
||||
echo ""
|
||||
# Show a sample of tools grouped by first letter
|
||||
ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | head -30 | sed 's/^/ /'
|
||||
if [[ $count -gt 30 ]]; then
|
||||
echo " ... and $((count - 30)) more"
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
|
||||
echo "Available TLDR pages:"
|
||||
if [[ -d "/home/remnux/.local/share/tldr/pages/common" ]]; then
|
||||
echo -e "${GREEN}TLDR pages (use: tldr <name>):${NC}"
|
||||
ls -1 /home/remnux/.local/share/tldr/pages/common/*.md 2>/dev/null | sed 's|.*/||; s|\.md$||' | sed 's/^/ • /'
|
||||
|
||||
if [[ -d "$CHEAT_DIR" ]]; then
|
||||
echo -e "${GREEN}Workflow cheat sheets:${NC}"
|
||||
ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | sed 's/^/ /'
|
||||
echo ""
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}Analysis workflows:${NC} (use: fhelp workflow <name>)"
|
||||
if [[ -d "$WORKFLOW_DIR" ]]; then
|
||||
ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | sed 's|.*/||; s|\.txt$||' | grep -v index | sed 's/^/ /'
|
||||
else
|
||||
echo " static-analysis, behavioral-analysis, network-interception"
|
||||
echo " document-analysis, javascript-deobfuscation, unpacking"
|
||||
echo " code-injection, dotnet-analysis"
|
||||
fi
|
||||
}
|
||||
|
||||
show_workflow() {
|
||||
local name="$1"
|
||||
|
||||
if [[ -z "$name" ]]; then
|
||||
# Show workflow index
|
||||
if [[ -f "$WORKFLOW_DIR/index.txt" ]]; then
|
||||
cat "$WORKFLOW_DIR/index.txt"
|
||||
else
|
||||
echo -e "${CYAN}Available Analysis Workflows${NC}"
|
||||
echo "=============================="
|
||||
echo ""
|
||||
echo " static-analysis-workflow Static Properties Analysis"
|
||||
echo " behavioral-analysis-workflow Behavioral Analysis"
|
||||
echo " network-interception-workflow Network Interception"
|
||||
echo " document-analysis-workflow Malicious Document Analysis"
|
||||
echo " javascript-deobfuscation-workflow JavaScript Deobfuscation"
|
||||
echo " unpacking-workflow Unpacking Packed Executables"
|
||||
echo " code-injection-workflow Code Injection Analysis"
|
||||
echo " dotnet-analysis-workflow .NET Malware Analysis"
|
||||
echo ""
|
||||
echo "Usage: fhelp workflow <name>"
|
||||
echo "Example: fhelp workflow static-analysis"
|
||||
fi
|
||||
return
|
||||
fi
|
||||
|
||||
# Normalize name: allow partial matches
|
||||
local wf_file=""
|
||||
|
||||
# Try exact match first
|
||||
if [[ -f "$WORKFLOW_DIR/${name}.txt" ]]; then
|
||||
wf_file="$WORKFLOW_DIR/${name}.txt"
|
||||
elif [[ -f "$WORKFLOW_DIR/${name}-workflow.txt" ]]; then
|
||||
wf_file="$WORKFLOW_DIR/${name}-workflow.txt"
|
||||
else
|
||||
# Fuzzy match: find workflow files containing the search term
|
||||
if [[ -d "$WORKFLOW_DIR" ]]; then
|
||||
wf_file=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -i "$name" | grep -v index | head -1)
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -n "$wf_file" && -f "$wf_file" ]]; then
|
||||
cat "$wf_file"
|
||||
else
|
||||
echo -e "${YELLOW}No workflow found matching '$name'${NC}"
|
||||
echo ""
|
||||
show_workflow # Show list
|
||||
fi
|
||||
}
|
||||
|
||||
show_coverage() {
|
||||
echo -e "${CYAN}Help Coverage Statistics${NC}"
|
||||
echo "========================"
|
||||
echo ""
|
||||
|
||||
if [[ -f "$TOOLS_DB" ]]; then
|
||||
local total=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
local rich=$(grep -c '|rich$' "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
local standard=$(grep -c '|standard$' "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
local basic=$(grep -c '|basic$' "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
|
||||
echo -e " Tools in database: ${GREEN}$total${NC}"
|
||||
echo -e " Rich help (FOR610): ${GREEN}$rich${NC}"
|
||||
echo -e " Standard (docs): ${BLUE}$standard${NC}"
|
||||
echo -e " Basic: ${YELLOW}$basic${NC}"
|
||||
else
|
||||
echo " Tools database not available"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
||||
if [[ -d "$CHEAT_DIR/personal" ]]; then
|
||||
local cheats=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l)
|
||||
echo -e " Cheat sheets: ${GREEN}$cheats${NC}"
|
||||
fi
|
||||
|
||||
if [[ -d "$WORKFLOW_DIR" ]]; then
|
||||
local wfs=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -cv index 2>/dev/null || echo 0)
|
||||
echo -e " Workflows: ${GREEN}$wfs${NC}"
|
||||
fi
|
||||
}
|
||||
|
||||
show_offline_status() {
|
||||
echo -e "${CYAN}🔌 Offline Capability Check${NC}"
|
||||
echo -e "${CYAN}Offline Capability Check${NC}"
|
||||
echo "==========================="
|
||||
echo ""
|
||||
echo "Documentation Tools:"
|
||||
|
||||
|
||||
local tools=("find-tool" "cheat" "tldr")
|
||||
for tool in "${tools[@]}"; do
|
||||
if command -v "$tool" >/dev/null 2>&1; then
|
||||
echo -e " ${GREEN}✅ $tool - available${NC}"
|
||||
echo -e " ${GREEN}+ $tool - available${NC}"
|
||||
else
|
||||
echo -e " ${RED}❌ $tool - missing${NC}"
|
||||
echo -e " ${RED}- $tool - missing${NC}"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo ""
|
||||
echo "Documentation Files:"
|
||||
|
||||
local files=("$TOOLS_DB" "$CHEAT_DIR/pdf-analysis.cheat" "$CHEAT_DIR/malware-analysis.cheat")
|
||||
local file_names=("/opt/remnux-docs/tools.db" "/opt/cheatsheets/pdf-analysis.cheat" "/opt/cheatsheets/malware-analysis.cheat")
|
||||
|
||||
for i in "${!files[@]}"; do
|
||||
if [[ -f "${files[$i]}" ]]; then
|
||||
echo -e " ${GREEN}✅ ${file_names[$i]} - available${NC}"
|
||||
else
|
||||
echo -e " ${RED}❌ ${file_names[$i]} - missing${NC}"
|
||||
fi
|
||||
done
|
||||
|
||||
# Count available cheat sheets
|
||||
if [[ -d "$CHEAT_DIR" ]]; then
|
||||
local cheat_count=$(ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | wc -l)
|
||||
echo ""
|
||||
echo -e "${CYAN}📊 $cheat_count cheat sheets available${NC}"
|
||||
|
||||
if [[ -f "$TOOLS_DB" ]]; then
|
||||
local db_count=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0)
|
||||
echo -e " ${GREEN}+ tools.db - $db_count tools${NC}"
|
||||
else
|
||||
echo -e " ${RED}- tools.db - missing${NC}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo -e "${GREEN}🎉 Offline help system ready!${NC}"
|
||||
}
|
||||
|
||||
show_pdf_workflow() {
|
||||
echo -e "${CYAN}📄 PDF Analysis Workflow${NC}"
|
||||
echo "========================"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 1: Initial Analysis${NC}"
|
||||
echo " pdfid.py document.pdf # Quick overview"
|
||||
echo " file document.pdf # File type check"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 2: Detailed Analysis${NC}"
|
||||
echo " pdf-parser.py document.pdf # Structure analysis"
|
||||
echo " peepdf -i document.pdf # Interactive analysis"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 3: Security Measures${NC}"
|
||||
echo " pdftk document.pdf output safe.pdf flatten # Remove JavaScript"
|
||||
echo " qpdf --decrypt encrypted.pdf decrypted.pdf # Remove password"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 4: Deep Inspection${NC}"
|
||||
echo " strings document.pdf | grep -i javascript # Find suspicious strings"
|
||||
echo " exiftool document.pdf # Extract metadata"
|
||||
echo " convert document.pdf[0] preview.png # Safe preview"
|
||||
echo ""
|
||||
echo -e "${YELLOW}For more examples: fhelp cheat pdf${NC}"
|
||||
}
|
||||
if [[ -d "$CHEAT_DIR/personal" ]]; then
|
||||
local cheat_count=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l)
|
||||
echo -e " ${GREEN}+ cheatsheets - $cheat_count files${NC}"
|
||||
else
|
||||
echo -e " ${RED}- cheatsheets - missing${NC}"
|
||||
fi
|
||||
|
||||
if [[ -d "$WORKFLOW_DIR" ]]; then
|
||||
local wf_count=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -cv index 2>/dev/null || echo 0)
|
||||
echo -e " ${GREEN}+ workflows - $wf_count workflows${NC}"
|
||||
else
|
||||
echo -e " ${RED}- workflows - missing${NC}"
|
||||
fi
|
||||
|
||||
show_malware_workflow() {
|
||||
echo -e "${CYAN}🦠 Malware Analysis Workflow${NC}"
|
||||
echo "============================"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 1: File Identification${NC}"
|
||||
echo " file suspicious.exe # Identify file type"
|
||||
echo " exiftool suspicious.exe # Extract metadata"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 2: Static Analysis${NC}"
|
||||
echo " strings -n 8 malware.bin # Extract strings"
|
||||
echo " capa malware.exe # Detect capabilities"
|
||||
echo " binwalk malware.bin # Analyze binary structure"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 3: Document Analysis${NC}"
|
||||
echo " oledump.py document.doc # Office documents"
|
||||
echo " rtfdump.py document.rtf # RTF documents"
|
||||
echo " box-js suspicious.js # JavaScript sandbox"
|
||||
echo ""
|
||||
echo -e "${GREEN}Step 4: Data Extraction${NC}"
|
||||
echo " base64dump.py encoded.txt # Base64 content"
|
||||
echo " foremost -t exe,dll -i image.dd # File carving"
|
||||
echo ""
|
||||
echo -e "${YELLOW}For more examples: fhelp cheat malware${NC}"
|
||||
echo -e "${GREEN}Offline help system ready!${NC}"
|
||||
}
|
||||
|
||||
show_all() {
|
||||
echo -e "${CYAN}🔍 Complete Help System Overview${NC}"
|
||||
echo -e "${CYAN}Complete Help System Overview${NC}"
|
||||
echo "================================="
|
||||
echo ""
|
||||
|
||||
show_tools "analysis"
|
||||
|
||||
show_coverage
|
||||
echo ""
|
||||
echo -e "${CYAN}Available Workflows:${NC}"
|
||||
echo " • PDF Analysis (fhelp pdf)"
|
||||
echo " • Malware Analysis (fhelp malware)"
|
||||
show_workflow
|
||||
echo ""
|
||||
|
||||
if [[ -d "$CHEAT_DIR" ]]; then
|
||||
echo -e "${CYAN}Available Cheat Sheets:${NC}"
|
||||
ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | sed 's/^/ • /'
|
||||
echo ""
|
||||
fi
|
||||
|
||||
show_offline_status
|
||||
}
|
||||
|
||||
# Main command parsing
|
||||
case "${1:-}" in
|
||||
"start"|"quickstart"|"getting-started")
|
||||
show_start
|
||||
;;
|
||||
"tools")
|
||||
shift
|
||||
show_tools "$@"
|
||||
@@ -331,15 +472,21 @@ case "${1:-}" in
|
||||
"examples")
|
||||
show_examples
|
||||
;;
|
||||
"workflow")
|
||||
shift
|
||||
show_workflow "$@"
|
||||
;;
|
||||
"pdf")
|
||||
show_pdf_workflow
|
||||
show_workflow "document-analysis"
|
||||
;;
|
||||
"malware")
|
||||
show_malware_workflow
|
||||
show_workflow "static-analysis"
|
||||
;;
|
||||
"forensics")
|
||||
echo -e "${YELLOW}⚠️ Forensics workflow not yet implemented${NC}"
|
||||
echo "Try: fhelp malware or fhelp pdf"
|
||||
show_workflow "behavioral-analysis"
|
||||
;;
|
||||
"coverage")
|
||||
show_coverage
|
||||
;;
|
||||
"--offline")
|
||||
show_offline_status
|
||||
@@ -351,8 +498,13 @@ case "${1:-}" in
|
||||
show_main_help
|
||||
;;
|
||||
*)
|
||||
echo -e "${RED}Unknown option: $1${NC}"
|
||||
echo ""
|
||||
show_main_help
|
||||
# Try as workflow name first, then show error
|
||||
if [[ -d "$WORKFLOW_DIR" ]] && ls "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -qi "$1"; then
|
||||
show_workflow "$1"
|
||||
else
|
||||
echo -e "${RED}Unknown option: $1${NC}"
|
||||
echo ""
|
||||
show_main_help
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
|
||||
Reference in New Issue
Block a user