diff --git a/files/README b/files/README index 551bff5..9519843 100644 --- a/files/README +++ b/files/README @@ -1,11 +1,12 @@ -README - pdfanalysis -Dieser Container enthΓ€lt Tools um PDFs zu analysieren: +REMnux Malware Analysis Container +=================================== +397 analysis tools | 8 workflows | Fully offline help -pdfid.py - Schnelle Übersicht ΓΌber PDF-Aufbau. -pdf-parser.py - Zerlegen und extrahieren von PDF-Elementen -peepdf.py - PDF - Analyse Framework mit Javascript Analyse -pdftk - Tool um das PDF zu "flatten" -convert - ImageMagick Tool zum convertieren + fhelp - Help system overview + fhelp start - Quick start guide (30 sec) + fhelp tools - Search for tools + fhelp cheat - Usage examples for a tool + fhelp workflow - Step-by-step analysis workflows + Ctrl+G - Interactive cheatsheet browser -FΓΌr Kommandobeispiele /opt/command_help lesen. -Der Nutzer innerhalb des Containers braucht Schreibrechte auf das gemountete Verzeichnis. +For mounted files: /work/ (or your mounted directory) diff --git a/files/fish_config.fish b/files/fish_config.fish index 8becc9c..1f253ec 100644 --- a/files/fish_config.fish +++ b/files/fish_config.fish @@ -7,17 +7,13 @@ alias grep='grep --color=auto' alias fd='fdfind' alias rg='rg --color=auto' alias analyse='fhelp' -alias ?='fhelp' +alias h='fhelp' -# Fish prompt - simple and clean +# Fish prompt function fish_prompt set_color cyan echo -n 'remnux' set_color normal - echo -n '@' - set_color blue - echo -n (prompt_hostname) - set_color normal echo -n ':' set_color yellow echo -n (prompt_pwd) @@ -25,10 +21,15 @@ function fish_prompt echo -n '> ' end -# Welcome message -if test -f /opt/README - cat /opt/README - echo "" - echo "🐚 Shell: fish | Type 'fhelp' for help" - echo "" -end \ No newline at end of file +# Navi widget (Ctrl+G) +if command -q navi + navi widget fish | source 2>/dev/null +end + +# Welcome message (only once per session) +if not set -q _WELCOME_SHOWN + set -gx _WELCOME_SHOWN 1 + if test -f /usr/local/bin/welcome.sh + bash /usr/local/bin/welcome.sh + end +end diff --git a/files/welcome.sh b/files/welcome.sh new file mode 100644 index 0000000..a4c504a --- /dev/null +++ b/files/welcome.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Unified welcome message for all shells +# Sourced by bash, zsh, and fish on login + +# Only show on login shells, not subshells +if [[ -n "$_WELCOME_SHOWN" ]]; then + return 0 2>/dev/null || exit 0 +fi +export _WELCOME_SHOWN=1 + +# Colors (works in bash, zsh, fish) +_C='\033[0;36m' # cyan +_G='\033[0;32m' # green +_Y='\033[1;33m' # yellow +_N='\033[0m' # reset + +echo "" +echo -e "${_C}REMnux Malware Analysis Container${_N}" +echo -e "$(printf '%.0s=' {1..38})" +echo "" +echo -e " ${_G}fhelp${_N} Help system" +echo -e " ${_G}fhelp start${_N} Quick start guide" +echo -e " ${_G}fhelp cheat${_N} Tool examples" +echo -e " ${_G}fhelp workflow${_N} Analysis workflows" +echo -e " ${_Y}Ctrl+G${_N} Interactive browser" +echo "" diff --git a/files/zshrc b/files/zshrc index 6765b01..38e376c 100644 --- a/files/zshrc +++ b/files/zshrc @@ -9,12 +9,12 @@ if [[ ! -d "$HOME" ]] || [[ ! -w "$HOME" ]]; then HISTFILE=/tmp/.zsh_history_$$ HISTSIZE=10000 SAVEHIST=10000 - + autoload -Uz compinit && compinit -d /tmp/.zcompdump_$$ autoload -U colors && colors - - PROMPT='%F{red}[πŸ”]%f %F{cyan}%~%f $ ' - + + PROMPT='%F{red}[>]%f %F{cyan}%~%f $ ' + # Load plugins if available [[ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]] && \ source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh @@ -23,7 +23,7 @@ if [[ ! -d "$HOME" ]] || [[ ! -w "$HOME" ]]; then else # Oh My Zsh setup for regular users export ZSH="$HOME/.oh-my-zsh" - + # Install Oh My Zsh if not present if [[ ! -d "$ZSH" ]]; then echo "Installing Oh My Zsh..." @@ -32,25 +32,21 @@ else RUNZSH=no CHSH=no sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" 2>/dev/null } fi - - # Oh My Zsh theme - using agnoster-like theme for security work + + # Oh My Zsh theme ZSH_THEME="robbyrussell" - - # Custom theme for file analysis work + if [[ -d "$ZSH" ]]; then - # Plugins to load plugins=(git docker command-not-found colored-man-pages) - - # Load Oh My Zsh source $ZSH/oh-my-zsh.sh 2>/dev/null || true - + # Custom prompt with analysis indicator - PROMPT='%F{red}πŸ”%f %F{cyan}%~%f $(git_prompt_info)%# ' + PROMPT='%F{red}>%f %F{cyan}%~%f $(git_prompt_info)%# ' RPROMPT='%F{yellow}%*%f' else # Fallback if OMZ installation failed autoload -U colors && colors - PROMPT='%F{red}[πŸ”]%f %F{cyan}%~%f $ ' + PROMPT='%F{red}[>]%f %F{cyan}%~%f $ ' fi fi @@ -89,7 +85,7 @@ setopt AUTO_MENU [[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] && \ source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh -# Aliases for file analysis +# Standard aliases alias ls='ls --color=auto' alias ll='ls -lah' alias la='ls -A' @@ -100,12 +96,12 @@ alias egrep='egrep --color=auto' # Tool aliases alias fd='fdfind' -alias bat='batcat' # Ubuntu names it batcat +alias bat='batcat' alias rg='rg --color=auto' -alias analyse='fhelp' -alias help='fhelp' -# Help alias (? needs special handling in zsh) +# Help system aliases (note: 'help' intentionally NOT aliased β€” preserves bash builtin) +alias analyse='fhelp' +alias h='fhelp' if [[ -n "$ZSH_VERSION" ]]; then alias \?='fhelp' else @@ -135,21 +131,35 @@ fi export EDITOR=vim export VISUAL=vim -# Welcome message (only on interactive shells) -if [[ -o interactive ]] && [[ -f /opt/README ]]; then - # Only show welcome once per session - if [[ -z "$_WELCOME_SHOWN" ]]; then - echo "" - echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m" - echo "\033[1;31m File Analysis Container\033[0m \033[1;33m(zsh with Oh My Zsh)\033[0m" - echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m" - echo "" - echo " \033[1;32mfhelp\033[0m or \033[1;32m?\033[0m - Help system" - echo " \033[1;32mfhelp cheat \033[0m - Quick examples" - echo " \033[1;32mfhelp tools pdf\033[0m - Find PDF tools" - echo "" - echo " Shells: \033[0;36mbash\033[0m (default), \033[0;36mzsh\033[0m (current), \033[0;36mfish\033[0m" - echo "" - export _WELCOME_SHOWN=1 - fi +# ============================================================ +# Navi interactive cheatsheet widget (Ctrl+G) +# ============================================================ +if command -v navi &>/dev/null; then + eval "$(navi widget zsh)" 2>/dev/null +fi + +# ============================================================ +# F1 / Ctrl+H: Show help for the command being typed +# ============================================================ +_fhelp_inline_widget() { + local cmd="${BUFFER%% *}" + if [[ -n "$cmd" ]]; then + zle -I + echo "" + fhelp cheat "$cmd" 2>/dev/null || fhelp tools "$cmd" 2>/dev/null || echo "No help for: $cmd" + echo "" + zle reset-prompt + zle redisplay + fi +} +zle -N _fhelp_inline_widget +bindkey '\eOP' _fhelp_inline_widget # F1 +bindkey '\e[11~' _fhelp_inline_widget # F1 (alternate escape) +bindkey '^_' _fhelp_inline_widget # Ctrl+/ (universal fallback) + +# ============================================================ +# Welcome message (login shells only) +# ============================================================ +if [[ -o interactive && -o login ]] || [[ -o interactive && -z "$_WELCOME_SHOWN" ]]; then + [[ -f /usr/local/bin/welcome.sh ]] && source /usr/local/bin/welcome.sh fi diff --git a/scripts/fhelp b/scripts/fhelp index d41a376..44d8444 100755 --- a/scripts/fhelp +++ b/scripts/fhelp @@ -1,7 +1,7 @@ #!/bin/bash # Enhanced File Analysis Help System -# Integrates multiple help sources: custom cheat sheets, navi, tldr, and tool database +# Integrates multiple help sources: custom cheat sheets, tldr, tool database, and workflows # Color definitions RED='\033[0;31m' @@ -15,6 +15,7 @@ NC='\033[0m' # Help system paths TOOLS_DB="/opt/remnux-docs/tools.db" CHEAT_DIR="/opt/cheatsheets" +WORKFLOW_DIR="/opt/remnux-docs/workflows" TLDR_CACHE="/home/remnux/.local/share/tldr" # Resolve cheat file names from a user-provided tool name @@ -38,6 +39,10 @@ resolve_cheat_file() { echo "$CHEAT_DIR/personal/$cand" return 0 fi + if [[ -f "$CHEAT_DIR/personal/${cand}.cheat" ]]; then + echo "$CHEAT_DIR/personal/${cand}.cheat" + return 0 + fi if [[ -f "$CHEAT_DIR/${cand}.cheat" ]]; then echo "$CHEAT_DIR/${cand}.cheat" return 0 @@ -47,104 +52,172 @@ resolve_cheat_file() { } show_main_help() { - echo -e "${CYAN}πŸ“š File Analysis Container Help System${NC}" - echo "======================================" + echo -e "${CYAN}REMnux Analysis Container Help System${NC}" + echo "=======================================" echo "" - echo -e "${GREEN}πŸ” Tool Discovery:${NC}" - echo " fhelp tools [term] - Search for analysis tools" - echo " fhelp tools --interactive - Browse tools interactively" - echo " fhelp tools --list - List all available tools" + echo -e "${GREEN}Getting Started:${NC}" + echo " fhelp start - Quick start guide (30 seconds)" echo "" - echo -e "${GREEN}πŸ“– Command Examples:${NC}" - echo " fhelp cheat - Show cheat sheet for specific tool" - echo " fhelp examples - Browse all command examples interactively" - echo " fhelp quick - Quick examples (tldr style)" + echo -e "${GREEN}Find Tools:${NC}" + echo " fhelp tools - Search by name or category" + echo " fhelp tools --interactive - Interactive browser (fzf)" + echo " Ctrl+G - Interactive cheatsheet browser (navi)" echo "" - echo -e "${GREEN}🎯 Analysis Workflows:${NC}" - echo " fhelp pdf - PDF analysis workflow" - echo " fhelp malware - Malware analysis workflow" - echo " fhelp forensics - System forensics workflow" + echo -e "${GREEN}Get Examples:${NC}" + echo " fhelp cheat - Usage examples for a specific tool" + echo " fhelp quick - Quick tldr examples" + echo " F1 / Ctrl+/ - Help for command you're typing (zsh)" echo "" - echo -e "${GREEN}πŸ’‘ Quick Access:${NC}" - echo " fhelp --all - Show everything available" + echo -e "${GREEN}Analysis Workflows:${NC}" + echo " fhelp workflow - List all 8 analysis workflows" + echo " fhelp workflow - Show step-by-step workflow" + echo "" + echo -e "${GREEN}Other:${NC}" + echo " fhelp coverage - Help coverage statistics" + echo " fhelp examples - Browse all cheat sheets" echo " fhelp --offline - Verify offline capabilities" echo "" + echo -e "${YELLOW}Shortcuts:${NC} analyse, h, ? (all run fhelp)" + echo "" echo -e "${YELLOW}Examples:${NC}" echo " fhelp tools pdf # Find PDF analysis tools" - echo " fhelp cheat pdfid.py # Show pdfid.py examples" - echo " fhelp quick tar # Quick tar examples" - echo " fhelp examples # Browse all examples" + echo " fhelp cheat pdfid.py # pdfid.py usage examples" + echo " fhelp workflow static # Static analysis workflow" +} + +show_start() { + echo -e "${CYAN}Quick Start Guide${NC}" + echo "=================" + echo "" + + # Count tools + local tool_count=0 + local rich_count=0 + if [[ -f "$TOOLS_DB" ]]; then + tool_count=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0) + rich_count=$(grep -c '|rich$' "$TOOLS_DB" 2>/dev/null || echo 0) + fi + + echo -e " This container has ${GREEN}${tool_count} analysis tools${NC} installed." + echo -e " ${GREEN}${rich_count}${NC} have detailed help with FOR610 lab examples." + echo "" + echo -e "${YELLOW}1. Find a tool:${NC}" + echo " fhelp tools pdf # search by keyword" + echo " fhelp tools --interactive # browse with fuzzy search" + echo "" + echo -e "${YELLOW}2. Get usage examples:${NC}" + echo " fhelp cheat pdfid.py # cheat sheet with examples" + echo " fhelp cheat oledump.py # Office document analysis" + echo " fhelp cheat capa # malware capabilities" + echo "" + echo -e "${YELLOW}3. Follow a workflow:${NC}" + echo " fhelp workflow # list all workflows" + echo " fhelp workflow static # static analysis steps" + echo " fhelp workflow document # document analysis steps" + echo "" + echo -e "${YELLOW}4. Interactive help:${NC}" + echo -e " ${GREEN}Ctrl+G${NC} # browse cheatsheets (navi)" + echo -e " ${GREEN}F1${NC} or ${GREEN}Ctrl+/${NC} # help for command you're typing (zsh)" + echo "" + echo -e "${YELLOW}5. Tool tiers:${NC}" + echo -e " ${GREEN}[FOR610]${NC} Rich help with lab examples and workflows" + echo -e " ${BLUE}[docs]${NC} Standard help from REMnux documentation" + echo -e " ${YELLOW}[basic]${NC} Minimal help (try: tool --help)" + echo "" + echo "Mount your files to /work/ and start analyzing!" } show_cheat() { local tool="$1" - + if [[ -z "$tool" ]]; then - echo -e "${RED}❌ Please specify a tool name${NC}" + echo -e "${RED}Please specify a tool name${NC}" echo "Usage: fhelp cheat " return 1 fi - - # Check for specific workflow cheat sheets + + # Check for specific workflow cheat sheets first local cheat_file="" case "$tool" in "pdf"|"pdf-analysis") cheat_file="$CHEAT_DIR/pdf-analysis.cheat" ;; - "malware"|"malware-analysis") + "malware"|"malware-analysis") cheat_file="$CHEAT_DIR/malware-analysis.cheat" ;; + "system"|"system-utilities") + cheat_file="$CHEAT_DIR/system-utilities.cheat" + ;; *) - cheat_file="$CHEAT_DIR/${tool}.cheat" + cheat_file="" ;; esac - - if [[ -f "$cheat_file" ]]; then - echo -e "${CYAN}πŸ“‹ Cheat Sheet: ${YELLOW}$tool${NC}" - echo "=" $(printf '=%.0s' $(seq 1 ${#tool})) + + # If not a workflow cheat, try to resolve tool-specific cheat + if [[ -z "$cheat_file" || ! -f "$cheat_file" ]]; then + cheat_file=$(resolve_cheat_file "$tool") || cheat_file="" + fi + + if [[ -n "$cheat_file" && -f "$cheat_file" ]]; then + echo -e "${CYAN}Cheat Sheet: ${YELLOW}$tool${NC}" + echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 14))))" echo "" - # Skip YAML frontmatter if present and print raw content (no ANSI coloring to avoid artifacts) + # Display cheat file content (skip YAML frontmatter if present) awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$cheat_file" + elif command -v cheat >/dev/null 2>&1 && cheat "$tool" >/dev/null 2>&1; then + # Fallback: try the cheat command + echo -e "${CYAN}Cheat Sheet (cheat): ${YELLOW}$tool${NC}" + echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 22))))" + echo "" + cheat "$tool" + elif command -v tldr >/dev/null 2>&1 && tldr "$tool" >/dev/null 2>&1; then + # Fallback: try tldr + echo -e "${CYAN}Quick Reference (tldr): ${YELLOW}$tool${NC}" + echo "$(printf '=%.0s' $(seq 1 $((${#tool} + 24))))" + echo "" + tldr "$tool" else - # Try resolution of common variants (e.g., pdfid.py -> pdfid, oledump -> oledump.py) - local resolved - resolved=$(resolve_cheat_file "$tool") || true - if [[ -n "$resolved" && -f "$resolved" ]]; then - echo -e "${CYAN}πŸ“‹ Cheat Sheet: ${YELLOW}$tool${NC}" - echo "=" $(printf '=%.0s' $(seq 1 ${#tool})) - echo "" - awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$resolved" - else - echo -e "${YELLOW}⚠️ No cheat sheet found for '$tool'${NC}" - echo "" - echo "Available cheat sheets:" - if [[ -d "$CHEAT_DIR/personal" ]]; then - ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ β€’ /' + echo -e "${YELLOW}No help found for '$tool'${NC}" + echo "" + # Suggest similar tools + if [[ -f "$TOOLS_DB" ]]; then + local matches=$(grep -i "$tool" "$TOOLS_DB" 2>/dev/null | head -5) + if [[ -n "$matches" ]]; then + echo "Did you mean one of these?" + echo "$matches" | while IFS='|' read -r name desc cat usage tier; do + local badge="" + case "$tier" in + rich) badge="${GREEN}[FOR610]${NC}" ;; + standard) badge="${BLUE}[docs]${NC}" ;; + *) badge="${YELLOW}[basic]${NC}" ;; + esac + echo -e " ${GREEN}$name${NC} $badge - $desc" + done fi - return 1 fi + return 1 fi } show_quick() { local command="$1" - + if [[ -z "$command" ]]; then - echo -e "${RED}❌ Please specify a command name${NC}" + echo -e "${RED}Please specify a command name${NC}" echo "Usage: fhelp quick " return 1 fi - - echo -e "${CYAN}πŸ“– Quick examples for: ${YELLOW}$command${NC}" + + echo -e "${CYAN}Quick examples for: ${YELLOW}$command${NC}" echo "" - + if command -v tldr >/dev/null 2>&1; then if ! tldr "$command" 2>/dev/null; then - echo -e "${YELLOW}⚠️ No tldr page found for '$command'${NC}" + echo -e "${YELLOW}No tldr page found for '$command'${NC}" echo "Try: fhelp cheat $command" fi else - echo -e "${RED}❌ tldr command not available${NC}" + echo -e "${RED}tldr command not available${NC}" return 1 fi } @@ -152,170 +225,238 @@ show_quick() { show_tools() { local search_term="$1" local option="$2" - - case "$option" in + + case "$search_term" in "--interactive") if command -v find-tool >/dev/null 2>&1; then find-tool --interactive else - echo -e "${RED}❌ find-tool not available${NC}" + echo -e "${RED}find-tool not available${NC}" fi + return ;; "--list") if command -v find-tool >/dev/null 2>&1; then find-tool --list else - echo -e "${RED}❌ find-tool not available${NC}" - fi - ;; - *) - if [[ -z "$search_term" ]]; then - echo -e "${RED}❌ Please provide a search term${NC}" - echo "Usage: fhelp tools " - echo " fhelp tools --interactive" - echo " fhelp tools --list" - return 1 - fi - - echo -e "${CYAN}πŸ” Searching analysis tools...${NC}" - if command -v find-tool >/dev/null 2>&1; then - find-tool "$search_term" - else - echo -e "${RED}❌ find-tool not available${NC}" + echo -e "${RED}find-tool not available${NC}" fi + return ;; esac + + if [[ -z "$search_term" ]]; then + echo -e "${RED}Please provide a search term${NC}" + echo "Usage: fhelp tools " + echo " fhelp tools --interactive" + echo " fhelp tools --list" + return 1 + fi + + echo -e "${CYAN}Searching analysis tools for '${YELLOW}$search_term${CYAN}'...${NC}" + echo "" + + if command -v find-tool >/dev/null 2>&1; then + find-tool "$search_term" + elif [[ -f "$TOOLS_DB" ]]; then + # Fallback: direct grep on tools.db + local results=$(grep -i "$search_term" "$TOOLS_DB" 2>/dev/null) + if [[ -n "$results" ]]; then + echo "$results" | while IFS='|' read -r name desc cat usage tier; do + local tier_badge="" + case "$tier" in + rich) tier_badge="${GREEN}[FOR610]${NC}" ;; + standard) tier_badge="${BLUE}[docs]${NC}" ;; + basic) tier_badge="${YELLOW}[basic]${NC}" ;; + *) tier_badge="" ;; + esac + echo -e " ${GREEN}$name${NC} $tier_badge" + echo " $desc" + echo " Usage: $usage" + echo "" + done + else + echo "No tools found matching '$search_term'" + fi + else + echo -e "${RED}No tools database available${NC}" + fi } show_examples() { - echo -e "${CYAN}🎯 Available Command Examples${NC}" + echo -e "${CYAN}Available Command Examples${NC}" echo "" - echo "Available cheat sheets:" + if [[ -d "$CHEAT_DIR/personal" ]]; then - echo -e "${GREEN}Cheat sheets (use: fhelp cheat ):${NC}" - ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ β€’ /' + local count=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l) + echo -e "${GREEN}Per-tool cheat sheets: $count${NC} (use: fhelp cheat )" + echo "" + # Show a sample of tools grouped by first letter + ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | head -30 | sed 's/^/ /' + if [[ $count -gt 30 ]]; then + echo " ... and $((count - 30)) more" + fi echo "" fi - - echo "Available TLDR pages:" - if [[ -d "/home/remnux/.local/share/tldr/pages/common" ]]; then - echo -e "${GREEN}TLDR pages (use: tldr ):${NC}" - ls -1 /home/remnux/.local/share/tldr/pages/common/*.md 2>/dev/null | sed 's|.*/||; s|\.md$||' | sed 's/^/ β€’ /' + + if [[ -d "$CHEAT_DIR" ]]; then + echo -e "${GREEN}Workflow cheat sheets:${NC}" + ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | sed 's/^/ /' + echo "" + fi + + echo -e "${GREEN}Analysis workflows:${NC} (use: fhelp workflow )" + if [[ -d "$WORKFLOW_DIR" ]]; then + ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | sed 's|.*/||; s|\.txt$||' | grep -v index | sed 's/^/ /' + else + echo " static-analysis, behavioral-analysis, network-interception" + echo " document-analysis, javascript-deobfuscation, unpacking" + echo " code-injection, dotnet-analysis" + fi +} + +show_workflow() { + local name="$1" + + if [[ -z "$name" ]]; then + # Show workflow index + if [[ -f "$WORKFLOW_DIR/index.txt" ]]; then + cat "$WORKFLOW_DIR/index.txt" + else + echo -e "${CYAN}Available Analysis Workflows${NC}" + echo "==============================" + echo "" + echo " static-analysis-workflow Static Properties Analysis" + echo " behavioral-analysis-workflow Behavioral Analysis" + echo " network-interception-workflow Network Interception" + echo " document-analysis-workflow Malicious Document Analysis" + echo " javascript-deobfuscation-workflow JavaScript Deobfuscation" + echo " unpacking-workflow Unpacking Packed Executables" + echo " code-injection-workflow Code Injection Analysis" + echo " dotnet-analysis-workflow .NET Malware Analysis" + echo "" + echo "Usage: fhelp workflow " + echo "Example: fhelp workflow static-analysis" + fi + return + fi + + # Normalize name: allow partial matches + local wf_file="" + + # Try exact match first + if [[ -f "$WORKFLOW_DIR/${name}.txt" ]]; then + wf_file="$WORKFLOW_DIR/${name}.txt" + elif [[ -f "$WORKFLOW_DIR/${name}-workflow.txt" ]]; then + wf_file="$WORKFLOW_DIR/${name}-workflow.txt" + else + # Fuzzy match: find workflow files containing the search term + if [[ -d "$WORKFLOW_DIR" ]]; then + wf_file=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -i "$name" | grep -v index | head -1) + fi + fi + + if [[ -n "$wf_file" && -f "$wf_file" ]]; then + cat "$wf_file" + else + echo -e "${YELLOW}No workflow found matching '$name'${NC}" + echo "" + show_workflow # Show list + fi +} + +show_coverage() { + echo -e "${CYAN}Help Coverage Statistics${NC}" + echo "========================" + echo "" + + if [[ -f "$TOOLS_DB" ]]; then + local total=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0) + local rich=$(grep -c '|rich$' "$TOOLS_DB" 2>/dev/null || echo 0) + local standard=$(grep -c '|standard$' "$TOOLS_DB" 2>/dev/null || echo 0) + local basic=$(grep -c '|basic$' "$TOOLS_DB" 2>/dev/null || echo 0) + + echo -e " Tools in database: ${GREEN}$total${NC}" + echo -e " Rich help (FOR610): ${GREEN}$rich${NC}" + echo -e " Standard (docs): ${BLUE}$standard${NC}" + echo -e " Basic: ${YELLOW}$basic${NC}" + else + echo " Tools database not available" + fi + + echo "" + + if [[ -d "$CHEAT_DIR/personal" ]]; then + local cheats=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l) + echo -e " Cheat sheets: ${GREEN}$cheats${NC}" + fi + + if [[ -d "$WORKFLOW_DIR" ]]; then + local wfs=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -cv index 2>/dev/null || echo 0) + echo -e " Workflows: ${GREEN}$wfs${NC}" fi } show_offline_status() { - echo -e "${CYAN}πŸ”Œ Offline Capability Check${NC}" + echo -e "${CYAN}Offline Capability Check${NC}" echo "===========================" echo "" echo "Documentation Tools:" - + local tools=("find-tool" "cheat" "tldr") for tool in "${tools[@]}"; do if command -v "$tool" >/dev/null 2>&1; then - echo -e " ${GREEN}βœ… $tool - available${NC}" + echo -e " ${GREEN}+ $tool - available${NC}" else - echo -e " ${RED}❌ $tool - missing${NC}" + echo -e " ${RED}- $tool - missing${NC}" fi done - + echo "" echo "Documentation Files:" - - local files=("$TOOLS_DB" "$CHEAT_DIR/pdf-analysis.cheat" "$CHEAT_DIR/malware-analysis.cheat") - local file_names=("/opt/remnux-docs/tools.db" "/opt/cheatsheets/pdf-analysis.cheat" "/opt/cheatsheets/malware-analysis.cheat") - - for i in "${!files[@]}"; do - if [[ -f "${files[$i]}" ]]; then - echo -e " ${GREEN}βœ… ${file_names[$i]} - available${NC}" - else - echo -e " ${RED}❌ ${file_names[$i]} - missing${NC}" - fi - done - - # Count available cheat sheets - if [[ -d "$CHEAT_DIR" ]]; then - local cheat_count=$(ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | wc -l) - echo "" - echo -e "${CYAN}πŸ“Š $cheat_count cheat sheets available${NC}" + + if [[ -f "$TOOLS_DB" ]]; then + local db_count=$(wc -l < "$TOOLS_DB" 2>/dev/null || echo 0) + echo -e " ${GREEN}+ tools.db - $db_count tools${NC}" + else + echo -e " ${RED}- tools.db - missing${NC}" fi - - echo "" - echo -e "${GREEN}πŸŽ‰ Offline help system ready!${NC}" -} -show_pdf_workflow() { - echo -e "${CYAN}πŸ“„ PDF Analysis Workflow${NC}" - echo "========================" - echo "" - echo -e "${GREEN}Step 1: Initial Analysis${NC}" - echo " pdfid.py document.pdf # Quick overview" - echo " file document.pdf # File type check" - echo "" - echo -e "${GREEN}Step 2: Detailed Analysis${NC}" - echo " pdf-parser.py document.pdf # Structure analysis" - echo " peepdf -i document.pdf # Interactive analysis" - echo "" - echo -e "${GREEN}Step 3: Security Measures${NC}" - echo " pdftk document.pdf output safe.pdf flatten # Remove JavaScript" - echo " qpdf --decrypt encrypted.pdf decrypted.pdf # Remove password" - echo "" - echo -e "${GREEN}Step 4: Deep Inspection${NC}" - echo " strings document.pdf | grep -i javascript # Find suspicious strings" - echo " exiftool document.pdf # Extract metadata" - echo " convert document.pdf[0] preview.png # Safe preview" - echo "" - echo -e "${YELLOW}For more examples: fhelp cheat pdf${NC}" -} + if [[ -d "$CHEAT_DIR/personal" ]]; then + local cheat_count=$(ls -1 "$CHEAT_DIR/personal/"*.cheat 2>/dev/null | wc -l) + echo -e " ${GREEN}+ cheatsheets - $cheat_count files${NC}" + else + echo -e " ${RED}- cheatsheets - missing${NC}" + fi + + if [[ -d "$WORKFLOW_DIR" ]]; then + local wf_count=$(ls -1 "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -cv index 2>/dev/null || echo 0) + echo -e " ${GREEN}+ workflows - $wf_count workflows${NC}" + else + echo -e " ${RED}- workflows - missing${NC}" + fi -show_malware_workflow() { - echo -e "${CYAN}🦠 Malware Analysis Workflow${NC}" - echo "============================" echo "" - echo -e "${GREEN}Step 1: File Identification${NC}" - echo " file suspicious.exe # Identify file type" - echo " exiftool suspicious.exe # Extract metadata" - echo "" - echo -e "${GREEN}Step 2: Static Analysis${NC}" - echo " strings -n 8 malware.bin # Extract strings" - echo " capa malware.exe # Detect capabilities" - echo " binwalk malware.bin # Analyze binary structure" - echo "" - echo -e "${GREEN}Step 3: Document Analysis${NC}" - echo " oledump.py document.doc # Office documents" - echo " rtfdump.py document.rtf # RTF documents" - echo " box-js suspicious.js # JavaScript sandbox" - echo "" - echo -e "${GREEN}Step 4: Data Extraction${NC}" - echo " base64dump.py encoded.txt # Base64 content" - echo " foremost -t exe,dll -i image.dd # File carving" - echo "" - echo -e "${YELLOW}For more examples: fhelp cheat malware${NC}" + echo -e "${GREEN}Offline help system ready!${NC}" } show_all() { - echo -e "${CYAN}πŸ” Complete Help System Overview${NC}" + echo -e "${CYAN}Complete Help System Overview${NC}" echo "=================================" echo "" - - show_tools "analysis" + + show_coverage echo "" - echo -e "${CYAN}Available Workflows:${NC}" - echo " β€’ PDF Analysis (fhelp pdf)" - echo " β€’ Malware Analysis (fhelp malware)" + show_workflow echo "" - - if [[ -d "$CHEAT_DIR" ]]; then - echo -e "${CYAN}Available Cheat Sheets:${NC}" - ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | sed 's/^/ β€’ /' - echo "" - fi - show_offline_status } # Main command parsing case "${1:-}" in + "start"|"quickstart"|"getting-started") + show_start + ;; "tools") shift show_tools "$@" @@ -331,15 +472,21 @@ case "${1:-}" in "examples") show_examples ;; + "workflow") + shift + show_workflow "$@" + ;; "pdf") - show_pdf_workflow + show_workflow "document-analysis" ;; "malware") - show_malware_workflow + show_workflow "static-analysis" ;; "forensics") - echo -e "${YELLOW}⚠️ Forensics workflow not yet implemented${NC}" - echo "Try: fhelp malware or fhelp pdf" + show_workflow "behavioral-analysis" + ;; + "coverage") + show_coverage ;; "--offline") show_offline_status @@ -351,8 +498,13 @@ case "${1:-}" in show_main_help ;; *) - echo -e "${RED}Unknown option: $1${NC}" - echo "" - show_main_help + # Try as workflow name first, then show error + if [[ -d "$WORKFLOW_DIR" ]] && ls "$WORKFLOW_DIR"/*.txt 2>/dev/null | grep -qi "$1"; then + show_workflow "$1" + else + echo -e "${RED}Unknown option: $1${NC}" + echo "" + show_main_help + fi ;; -esac \ No newline at end of file +esac