irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add comprehensive offline help system with fuzzy search

Browse Source 
🎯 Enhanced Features:
- Integrated navi, cheat, tldr, and fzf for interactive help
- Custom cheat sheets for PDF analysis, malware analysis, and system utilities
- find-tool command for fuzzy searching through all REMnux tools
- Comprehensive help command with workflows and examples
- Complete offline documentation system

📚 Help System Components:
- help                    - Main help system
- help tools [term]       - Search for tools (fuzzy matching)
- help cheat <tool>       - Show command examples
- help examples           - Browse examples interactively (navi + fzf)
- help pdf/malware/forensics - Analysis workflows
- help --offline          - Verify offline capabilities

🛠️ Tools Added:
- navi: Interactive cheat sheet browser
- cheat: Command-line cheat sheets
- tldr: Quick command examples
- fzf: Fuzzy finder (already included)

All documentation works completely offline with local REMnux docs database
and custom cheat sheets for analysis workflows.
This commit is contained in:
Tobias Kessels
2025-09-30 13:01:03 +02:00
parent 169ef5fb03
commit 6bfcfd7935
7 changed files with 902 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Dockerfile.remnux
View File

@@ -10,6 +10,7 @@ RUN apt-get update && apt-get install -y \
busybox \
catdoc \
docx2txt \
fzf \
mc \
pipx \
unrtf \
@@ -33,14 +34,42 @@ RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps
# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata
# Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
# Install navi for interactive cheat sheets
RUN wget https://github.com/denisidoro/navi/releases/download/v2.23.0/navi-v2.23.0-x86_64-unknown-linux-musl.tar.gz -O /tmp/navi.tar.gz \
&& tar -xzf /tmp/navi.tar.gz -C /usr/local/bin \
&& chmod +x /usr/local/bin/navi \
&& rm /tmp/navi.tar.gz
# Create data directory and set permissions
RUN mkdir -p /data \
&& chown remnux:remnux /data
# Add German documentation files
# Add documentation and search tools
ADD files/README /opt/README
ADD files/command_help /opt/command_help
RUN echo 'cat /opt/README' >> /etc/bash.bashrc
ADD scripts/download-docs.sh /usr/local/bin/download-docs.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/help /usr/local/bin/help
ADD cheatsheets/ /opt/cheatsheets/
# Download REMnux documentation and create searchable database
RUN chmod +x /usr/local/bin/download-docs.sh /usr/local/bin/find-tool /usr/local/bin/help \
&& /usr/local/bin/download-docs.sh
# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
&& echo 'echo " help - Complete help system"' >> /etc/bash.bashrc \
&& echo 'echo " help tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \
&& echo 'echo " help cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \
&& echo 'echo " help examples - Browse all examples (navi)"' >> /etc/bash.bashrc \
&& echo 'echo " help pdf - PDF analysis workflow"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc
# Switch to remnux user (REMnux default user)
USER remnux

96
cheatsheets/malware-analysis.cheat Normal file
View File

@@ -0,0 +1,96 @@
# Malware Analysis Tools
# Commands for analyzing malicious files and samples
% malware, analysis, forensics
# Detect malware capabilities with CAPA
capa <malware_file>
# CAPA verbose output with rule details
capa -v <malware_file>
# CAPA output in JSON format
capa -j <malware_file>
# Analyze JavaScript in sandbox
box-js <javascript_file>
# Box-js with custom timeout (seconds)
box-js --timeout=<timeout> <javascript_file>
# Box-js with download simulation
box-js --download --output-dir=<output_dir> <javascript_file>
# Analyze Office document with oledump
oledump.py <office_file>
# Show VBA macros in Office document
oledump.py -v <office_file>
# Extract specific stream from Office document
oledump.py -s <stream_number> <office_file>
# Decode VBA macros automatically
oledump.py -v -s <stream_number> <office_file>
# Analyze RTF document
rtfdump.py <rtf_file>
# Show RTF objects
rtfdump.py -O <rtf_file>
# Analyze email message
emldump.py <email_file>
# Extract attachments from email
emldump.py -e <email_file>
# URL analysis with unfurl
unfurl_cli.py <suspicious_url>
# Unfurl with detailed output
unfurl_cli.py -d <suspicious_url>
# Extract metadata from files
exiftool <file>
# Remove metadata from file
exiftool -all= <file>
# Analyze data interactively
vd <data_file>
# Quick file type detection
file <unknown_file>
# String analysis of binary
strings <binary_file> | head -20
# Hex dump analysis
xxd <binary_file> | head -20
# Base64 decode and analyze
base64dump.py <file_with_base64>
# Search for base64 patterns
base64dump.py -s <search_term> <file>
# OCR text extraction from image
tesseract <image_file> <output_text>
$ malware_file: ls *.exe *.dll *.bin *.sample
$ javascript_file: ls *.js
$ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx
$ rtf_file: ls *.rtf
$ email_file: ls *.eml *.msg
$ suspicious_url: echo "https://suspicious-domain.com/path"
$ stream_number: echo "1 2 3 4 5"
$ timeout: echo "30 60 120"
$ output_dir: echo "./output"
$ data_file: ls *.csv *.json *.log
$ unknown_file: ls *
$ binary_file: ls *.exe *.dll *.bin
$ file_with_base64: ls *.txt *.log
$ search_term: echo "keyword"
$ image_file: ls *.png *.jpg *.jpeg *.tiff
$ output_text: echo "extracted_text"

63
cheatsheets/pdf-analysis.cheat Normal file
View File

@@ -0,0 +1,63 @@
# PDF Analysis Tools
# Quick reference for analyzing PDF files for malware
% pdf, malware, analysis
# Quick PDF overview - shows suspicious elements
pdfid.py <pdf_file>
# Detailed PDF structure analysis
pdf-parser.py <pdf_file>
# Interactive PDF analysis with JavaScript detection
peepdf -i <pdf_file>
# Force processing of potentially corrupted PDF
peepdf -f -i <pdf_file>
# Extract specific PDF object
pdf-parser.py -o <object_id> <pdf_file>
# Hash PDF elements for comparison
pdf-parser.py -H <pdf_file>
# Export embedded object from PDF
pdf-parser.py -d <output_file> -f -o <object_id> <pdf_file>
# Flatten PDF (remove JavaScript and active elements)
pdftk <pdf_file> cat output flattened_<pdf_file>
# Extract embedded files from PDF
pdftk <pdf_file> unpack_files
# Extract from password-protected PDF
pdftk <pdf_file> input_pw <password> unpack_files
# Convert PDF to TIFF (safe rendering)
convert <pdf_file> <output_file>.tiff
# Analyze PDF metadata with Origami
pdfmetadata <pdf_file>
# Extract PDF streams and objects
pdfextract <pdf_file>
# Validate PDF structure
pdfcop <pdf_file>
# Decrypt PDF file
pdfdecrypt <pdf_file> <output_file>
# Merge multiple PDFs
qpdf --empty --pages <pdf1> <pdf2> -- <output_file>
# Extract previous versions from PDF
pdfresurrect <pdf_file>
# Analyze incremental updates in PDF
pdftool.py <pdf_file>
$ pdf_file: ls *.pdf
$ object_id: echo "1 2 3 4 5 6 7 8 9 10"
$ output_file: echo "output"
$ password: echo "password123"

121
cheatsheets/system-utilities.cheat Normal file
View File

@@ -0,0 +1,121 @@
# System Utilities and Forensics
# Essential commands for file analysis and system operations
% system, forensics, utilities
# Archive operations with 7zip
7z l <archive_file>
# Extract archive
7z x <archive_file>
# Create archive
7z a <output_archive> <files_to_compress>
# Extract with password
7z x -p<password> <archive_file>
# File manager with Midnight Commander
mc
# Navigate MC with panels
mc <left_dir> <right_dir>
# Convert document formats
catdoc <doc_file>
# Extract text from DOCX
docx2txt <docx_file>
# Convert RTF to text
unrtf --text <rtf_file>
# Advanced text processing with busybox
busybox <command> <args>
# Find files by type
find /data -name "*.<extension>" -type f
# Find files modified in last N days
find /data -mtime -<days> -type f
# Search for text in files
grep -r "<search_term>" /data/
# Case-insensitive search
grep -ri "<search_term>" /data/
# Search with context lines
grep -C <context_lines> "<search_term>" <file>
# Count file types in directory
find /data -name "*.*" | sed 's/.*\.//' | sort | uniq -c | sort -n
# Quick file statistics
wc -l <file>
# Get file size in human readable format
du -sh <file_or_directory>
# Monitor file changes
tail -f <log_file>
# Compare files
diff <file1> <file2>
# Create file hash (multiple algorithms)
md5sum <file>
sha1sum <file>
sha256sum <file>
# Verify file integrity
md5sum -c <checksum_file>
# Network utilities (if needed for analysis)
curl -I <url>
# Download file safely
wget --no-check-certificate <url>
# Show disk usage
df -h
# Show memory usage
free -h
# Process monitoring
ps aux | grep <process_name>
# Environment variables
printenv | sort
# File permissions
ls -la <file>
# Change permissions
chmod <permissions> <file>
$ archive_file: ls *.zip *.7z *.tar.gz *.rar
$ output_archive: echo "output.7z"
$ files_to_compress: echo "file1.txt file2.txt"
$ password: echo "password123"
$ left_dir: echo "/data"
$ right_dir: echo "/tmp"
$ doc_file: ls *.doc
$ docx_file: ls *.docx
$ rtf_file: ls *.rtf
$ command: echo "ls cat grep find"
$ args: echo "-la"
$ extension: echo "pdf txt log exe"
$ days: echo "1 7 30"
$ search_term: echo "malware suspicious error"
$ context_lines: echo "3 5 10"
$ file: ls *
$ file_or_directory: echo "/data"
$ log_file: ls *.log
$ file1: echo "file1.txt"
$ file2: echo "file2.txt"
$ checksum_file: echo "checksums.md5"
$ url: echo "https://example.com"
$ process_name: echo "python nginx apache"
$ permissions: echo "755 644 600"

118
scripts/download-docs.sh Executable file
View File

@@ -0,0 +1,118 @@
#!/bin/bash
# Download and process REMnux documentation for offline use
# This script creates a searchable database of all tools and their usage
set -e
DOCS_DIR="/opt/remnux-docs"
TOOLS_DB="/opt/remnux-docs/tools.db"
echo "📚 Downloading REMnux Documentation..."
# Create documentation directory
mkdir -p "$DOCS_DIR"
# Download key documentation files from REMnux docs
BASE_URL="https://docs.remnux.org"
# Categories of tools to download
CATEGORIES=(
"analyze+documents/pdf"
"analyze+documents/general"
"analyze+documents/microsoft+office"
"analyze+documents/email+messages"
"examine+static+properties/general"
"statically+analyze+code/general"
"statically+analyze+code/scripts"
"dynamically+reverse-engineer+code/general"
"gather+and+analyze+data"
"view+or+edit+files"
"general+utilities"
)
# Function to download and process a documentation page
download_category() {
local category="$1"
local filename=$(echo "$category" | sed 's/+/_/g' | sed 's/\//_/g')
echo "Downloading: $category"
if curl -s "$BASE_URL/discover-the-tools/$category.md" -o "$DOCS_DIR/${filename}.md"; then
echo "✓ Downloaded $filename.md"
else
echo "⚠ Failed to download $category"
fi
}
# Download all categories
for category in "${CATEGORIES[@]}"; do
download_category "$category"
done
# Create a consolidated tools database
echo "🔍 Creating searchable tools database..."
# Function to extract tool information from markdown files
create_tools_db() {
echo "# REMnux Tools Database" > "$TOOLS_DB"
echo "# Format: TOOL_NAME|DESCRIPTION|CATEGORY|USAGE_HINTS" >> "$TOOLS_DB"
echo "" >> "$TOOLS_DB"
for md_file in "$DOCS_DIR"/*.md; do
if [[ -f "$md_file" ]]; then
local category=$(basename "$md_file" .md | sed 's/_/ /g')
# Extract tool entries (they start with ##)
awk -v cat="$category" '
/^## / {
if (tool_name != "") {
print tool_name "|" description "|" cat "|" usage
}
tool_name = substr($0, 4) # Remove "## "
description = ""
usage = ""
in_tool = 1
next
}
/^#/ && !/^## / { in_tool = 0; next }
in_tool && /^[A-Z]/ && description == "" {
description = $0
next
}
in_tool && /^\*\*Website/ {
usage = usage $0 " "
next
}
in_tool && /^\*\*Notes/ {
usage = usage $0 " "
next
}
END {
if (tool_name != "") {
print tool_name "|" description "|" cat "|" usage
}
}
' "$md_file" >> "$TOOLS_DB"
fi
done
}
create_tools_db
# Add our custom tools to the database
echo "" >> "$TOOLS_DB"
echo "# Additional Tools Added to Container" >> "$TOOLS_DB"
echo "capa|Malware capability detection tool from Mandiant|malware analysis|Analyze executable files to identify capabilities" >> "$TOOLS_DB"
echo "box-js|JavaScript sandbox for malware analysis|malware analysis|box-js sample.js to analyze JavaScript in sandbox" >> "$TOOLS_DB"
echo "visidata|Interactive data exploration tool|data analysis|vd filename.csv to explore data interactively" >> "$TOOLS_DB"
echo "unfurl_cli.py|URL analysis and extraction tool|data analysis|unfurl_cli.py URL to analyze and extract components" >> "$TOOLS_DB"
echo "✅ Documentation download complete!"
echo "📊 Tools database created at: $TOOLS_DB"
# Count tools
TOOL_COUNT=$(grep -c "^[^#]" "$TOOLS_DB" | head -1)
echo "🔧 Indexed $TOOL_COUNT tools"
echo ""
echo "Usage: Use 'find-tool' command to search through all available tools"

169
scripts/find-tool Executable file
View File

@@ -0,0 +1,169 @@
#!/bin/bash
# REMnux Tool Finder - Fuzzy search through all available tools
# Usage: find-tool [search_term]
TOOLS_DB="/opt/remnux-docs/tools.db"
DOCS_DIR="/opt/remnux-docs"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
show_help() {
echo -e "${CYAN}🔍 REMnux Tool Finder${NC}"
echo ""
echo "Usage:"
echo " find-tool [search_term] - Search for tools"
echo " find-tool --list - List all available tools"
echo " find-tool --categories - Show tool categories"
echo " find-tool --interactive - Interactive fuzzy search (requires fzf)"
echo ""
echo "Examples:"
echo " find-tool pdf - Find all PDF-related tools"
echo " find-tool javascript - Find JavaScript analysis tools"
echo " find-tool parser - Find all parsers"
echo " find-tool --interactive - Browse all tools interactively"
}
list_categories() {
echo -e "${CYAN}📂 Available Tool Categories:${NC}"
if [[ -f "$TOOLS_DB" ]]; then
awk -F'|' '/^[^#]/ {print $3}' "$TOOLS_DB" | sort -u | while read -r category; do
count=$(awk -F'|' -v cat="$category" '/^[^#]/ && $3 == cat {count++} END {print count+0}' "$TOOLS_DB")
echo -e " ${GREEN}•${NC} $category (${YELLOW}$count tools${NC})"
done
else
echo -e "${RED}❌ Tools database not found. Run container build to initialize.${NC}"
fi
}
list_all_tools() {
echo -e "${CYAN}🛠️ All Available Tools:${NC}"
if [[ -f "$TOOLS_DB" ]]; then
awk -F'|' '/^[^#]/ {printf "%-20s %s\n", $1, $2}' "$TOOLS_DB" | sort
else
echo -e "${RED}❌ Tools database not found.${NC}"
fi
}
search_tools() {
local search_term="$1"
if [[ -z "$search_term" ]]; then
echo -e "${RED}❌ Please provide a search term${NC}"
show_help
return 1
fi
if [[ ! -f "$TOOLS_DB" ]]; then
echo -e "${RED}❌ Tools database not found.${NC}"
return 1
fi
echo -e "${CYAN}🔍 Searching for: ${YELLOW}$search_term${NC}"
echo ""
# Search in tool names, descriptions, categories, and usage hints
local matches=$(awk -F'|' -v term="$search_term" '
/^[^#]/ && (tolower($1) ~ tolower(term) || tolower($2) ~ tolower(term) || tolower($3) ~ tolower(term) || tolower($4) ~ tolower(term)) {
print $0
}' "$TOOLS_DB")
if [[ -z "$matches" ]]; then
echo -e "${YELLOW}⚠️ No tools found matching '$search_term'${NC}"
echo ""
echo -e "💡 Try broader terms like: ${GREEN}pdf${NC}, ${GREEN}malware${NC}, ${GREEN}javascript${NC}, ${GREEN}analysis${NC}"
return 0
fi
local count=0
echo "$matches" | while IFS='|' read -r name description category usage; do
count=$((count + 1))
echo -e "${GREEN}🔧 $name${NC}"
echo -e " ${BLUE}Description:${NC} $description"
echo -e " ${BLUE}Category:${NC} $category"
if [[ -n "$usage" && "$usage" != " " ]]; then
echo -e " ${BLUE}Usage:${NC} $usage"
fi
# Check if tool exists on system
if command -v "$name" >/dev/null 2>&1; then
echo -e " ${GREEN}✓ Available${NC}"
else
echo -e " ${YELLOW}⚠ Check path or alternative name${NC}"
fi
echo ""
done
local match_count=$(echo "$matches" | wc -l)
echo -e "${CYAN}📊 Found $match_count tool(s) matching '$search_term'${NC}"
}
interactive_search() {
if ! command -v fzf >/dev/null 2>&1; then
echo -e "${YELLOW}⚠️ fzf not found. Falling back to simple search.${NC}"
echo "Type search term and press Enter (or 'quit' to exit):"
while read -r -p "🔍 Search: " term; do
if [[ "$term" == "quit" || "$term" == "exit" ]]; then
break
fi
search_tools "$term"
echo "---"
done
return
fi
echo -e "${CYAN}🎯 Interactive Tool Search${NC}"
echo -e "Use ${GREEN}↑/↓${NC} to navigate, ${GREEN}Enter${NC} to select, ${GREEN}Ctrl+C${NC} to exit"
echo ""
local selected=$(awk -F'|' '/^[^#]/ {printf "%-20s │ %-30s │ %s\n", $1, $2, $3}' "$TOOLS_DB" | \
fzf --header="REMnux Tools - Select to see details" \
--header-lines=0 \
--preview='echo {} | cut -d"│" -f1 | xargs -I{} awk -F"|" -v tool="{}" "BEGIN{IGNORECASE=1} \$1 ~ tool {print \"🔧 Tool: \" \$1; print \"📝 Description: \" \$2; print \"📂 Category: \" \$3; if(\$4) print \"💡 Usage: \" \$4}" /opt/remnux-docs/tools.db' \
--preview-window=right:50%:wrap)
if [[ -n "$selected" ]]; then
local tool_name=$(echo "$selected" | cut -d'│' -f1 | xargs)
echo -e "${GREEN}Selected tool: $tool_name${NC}"
# Show detailed info
search_tools "$tool_name"
# Try to show help for the tool
echo -e "${CYAN}📖 Quick Help:${NC}"
if command -v "$tool_name" >/dev/null 2>&1; then
echo "Running: $tool_name --help"
timeout 3s "$tool_name" --help 2>/dev/null | head -10 || echo "No help available or timeout"
else
echo "Tool may be available under a different name or path"
fi
fi
}
# Main logic
case "${1:-}" in
--help|-h|help)
show_help
;;
--list|-l)
list_all_tools
;;
--categories|-c)
list_categories
;;
--interactive|-i)
interactive_search
;;
"")
show_help
;;
*)
search_tools "$1"
;;
esac

304
scripts/help Executable file
View File

@@ -0,0 +1,304 @@
#!/bin/bash
# Comprehensive Help System for File Analysis Container
# Integrates find-tool, navi, cheat, tldr for offline documentation
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
PURPLE='\033[0;35m'
NC='\033[0m' # No Color
show_main_help() {
echo -e "${CYAN}📚 File Analysis Container Help System${NC}"
echo -e "${CYAN}======================================${NC}"
echo ""
echo -e "${GREEN}🔍 Tool Discovery:${NC}"
echo " help tools [term] - Search for analysis tools"
echo " help tools --interactive - Browse tools interactively"
echo " help tools --list - List all available tools"
echo ""
echo -e "${GREEN}📖 Command Examples:${NC}"
echo " help cheat <tool> - Show cheat sheet for specific tool"
echo " help examples - Browse all command examples interactively"
echo " help quick <command> - Quick examples (tldr style)"
echo ""
echo -e "${GREEN}🎯 Analysis Workflows:${NC}"
echo " help pdf - PDF analysis workflow"
echo " help malware - Malware analysis workflow"
echo " help forensics - System forensics workflow"
echo ""
echo -e "${GREEN}💡 Quick Access:${NC}"
echo " help --all - Show everything available"
echo " help --offline - Verify offline capabilities"
echo ""
echo -e "${YELLOW}Examples:${NC}"
echo " help tools pdf # Find PDF analysis tools"
echo " help cheat pdfid.py # Show pdfid.py examples"
echo " help quick tar # Quick tar examples"
echo " help examples # Browse all examples"
}
search_tools() {
echo -e "${CYAN}🔍 Searching analysis tools...${NC}"
if [ "$1" = "--interactive" ]; then
find-tool --interactive
elif [ "$1" = "--list" ]; then
find-tool --list
elif [ -n "$1" ]; then
find-tool "$1"
else
find-tool
fi
}
show_cheat() {
local tool="$1"
if [ -z "$tool" ]; then
echo -e "${YELLOW}Available cheat sheets:${NC}"
echo " pdf-analysis - PDF analysis tools"
echo " malware - Malware analysis tools"
echo " system - System utilities"
echo ""
echo "Usage: help cheat <tool_name>"
echo "Example: help cheat pdfid.py"
return
fi
# First try cheat command for standard tools
if command -v cheat >/dev/null 2>&1; then
if cheat "$tool" 2>/dev/null; then
return
fi
fi
# Then try our custom categories
case "$tool" in
pdf*|PDF*)
echo -e "${CYAN}📄 PDF Analysis Commands:${NC}"
if [ -f "/opt/cheatsheets/pdf-analysis.cheat" ]; then
grep -v "^#" /opt/cheatsheets/pdf-analysis.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$"
fi
;;
malware*|capa*|box-js*|oledump*)
echo -e "${CYAN}🦠 Malware Analysis Commands:${NC}"
if [ -f "/opt/cheatsheets/malware-analysis.cheat" ]; then
grep -v "^#" /opt/cheatsheets/malware-analysis.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$"
fi
;;
system*|7z*|mc*|forensic*)
echo -e "${CYAN}🛠️ System Utilities Commands:${NC}"
if [ -f "/opt/cheatsheets/system-utilities.cheat" ]; then
grep -v "^#" /opt/cheatsheets/system-utilities.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$"
fi
;;
*)
echo -e "${YELLOW}⚠️ No specific cheat sheet found for '$tool'${NC}"
echo ""
echo -e "Try one of these:"
echo -e " ${GREEN}help cheat pdf${NC} - PDF analysis"
echo -e " ${GREEN}help cheat malware${NC} - Malware analysis"
echo -e " ${GREEN}help cheat system${NC} - System utilities"
echo -e " ${GREEN}help quick $tool${NC} - Quick examples"
;;
esac
}
show_examples() {
if command -v navi >/dev/null 2>&1; then
echo -e "${CYAN}🎯 Browsing command examples interactively...${NC}"
echo -e "Use ${GREEN}Ctrl+R${NC} in shell or run ${GREEN}navi${NC} directly"
navi --fzf
else
echo -e "${YELLOW}⚠️ Navi not available, showing static examples${NC}"
show_cheat "pdf"
fi
}
show_quick() {
local command="$1"
if [ -z "$command" ]; then
echo -e "${YELLOW}Usage: help quick <command>${NC}"
echo "Example: help quick tar"
return
fi
if command -v tldr >/dev/null 2>&1; then
echo -e "${CYAN}📖 Quick examples for: $command${NC}"
tldr "$command" 2>/dev/null || {
echo -e "${YELLOW}⚠️ No tldr page found for '$command'${NC}"
echo "Try: help cheat $command"
}
else
echo -e "${YELLOW}⚠️ tldr not available${NC}"
show_cheat "$command"
fi
}
show_workflow() {
local workflow="$1"
case "$workflow" in
pdf)
echo -e "${CYAN}📄 PDF Analysis Workflow:${NC}"
echo ""
echo -e "${GREEN}1. Initial Analysis:${NC}"
echo " pdfid.py sample.pdf # Quick overview"
echo " file sample.pdf # Verify file type"
echo ""
echo -e "${GREEN}2. Deep Analysis:${NC}"
echo " pdf-parser.py sample.pdf # Structure analysis"
echo " peepdf -i sample.pdf # Interactive analysis"
echo ""
echo -e "${GREEN}3. Extract Suspicious Content:${NC}"
echo " pdf-parser.py -o [obj_id] sample.pdf # Extract objects"
echo " pdftk sample.pdf unpack_files # Extract embedded files"
echo ""
echo -e "${GREEN}4. Safe Rendering:${NC}"
echo " pdftk sample.pdf cat output safe.pdf # Flatten PDF"
echo " convert sample.pdf sample.png # Convert to image"
;;
malware)
echo -e "${CYAN}🦠 Malware Analysis Workflow:${NC}"
echo ""
echo -e "${GREEN}1. File Identification:${NC}"
echo " file sample.exe # Identify file type"
echo " exiftool sample.exe # Extract metadata"
echo ""
echo -e "${GREEN}2. Capability Analysis:${NC}"
echo " capa sample.exe # Detect capabilities"
echo " strings sample.exe | head -50 # Extract strings"
echo ""
echo -e "${GREEN}3. Document Analysis:${NC}"
echo " oledump.py sample.doc # Office documents"
echo " box-js sample.js # JavaScript analysis"
echo ""
echo -e "${GREEN}4. Data Analysis:${NC}"
echo " vd sample.csv # Interactive data exploration"
echo " unfurl_cli.py suspicious-url # URL analysis"
;;
forensics)
echo -e "${CYAN}🔍 System Forensics Workflow:${NC}"
echo ""
echo -e "${GREEN}1. File System Analysis:${NC}"
echo " find /data -type f -mtime -1 # Recent files"
echo " ls -la /data # File permissions"
echo ""
echo -e "${GREEN}2. Content Analysis:${NC}"
echo " grep -r 'suspicious' /data/ # Text search"
echo " xxd suspicious_file | head # Hex analysis"
echo ""
echo -e "${GREEN}3. Archive Analysis:${NC}"
echo " 7z l archive.zip # List contents"
echo " 7z x archive.zip -o./extract/ # Extract safely"
echo ""
echo -e "${GREEN}4. Verification:${NC}"
echo " md5sum * > checksums.md5 # Create checksums"
echo " md5sum -c checksums.md5 # Verify integrity"
;;
*)
echo -e "${YELLOW}Available workflows:${NC}"
echo " help pdf - PDF analysis"
echo " help malware - Malware analysis"
echo " help forensics - System forensics"
;;
esac
}
show_all() {
echo -e "${CYAN}📚 Complete Help Overview${NC}"
echo -e "${CYAN}=========================${NC}"
echo ""
echo -e "${PURPLE}🛠️ Available Tools:${NC}"
find-tool --categories
echo ""
echo -e "${PURPLE}📖 Help Commands:${NC}"
echo " help - This help"
echo " help tools [term] - Search tools"
echo " help cheat <tool> - Command examples"
echo " help quick <cmd> - Quick examples"
echo " help examples - Browse examples"
echo " navi --fzf - Interactive cheat sheets"
echo ""
echo -e "${PURPLE}🎯 Analysis Workflows:${NC}"
echo " help pdf - PDF analysis"
echo " help malware - Malware analysis"
echo " help forensics - System forensics"
}
check_offline() {
echo -e "${CYAN}🔌 Offline Capability Check${NC}"
echo -e "${CYAN}===========================${NC}"
echo ""
local all_good=true
echo -e "${GREEN}Documentation Tools:${NC}"
for tool in find-tool navi cheat tldr; do
if command -v "$tool" >/dev/null 2>&1; then
echo -e " ✅ $tool - available"
else
echo -e " ❌ $tool - missing"
all_good=false
fi
done
echo ""
echo -e "${GREEN}Documentation Files:${NC}"
for file in "/opt/remnux-docs/tools.db" "/opt/cheatsheets/pdf-analysis.cheat" "/opt/cheatsheets/malware-analysis.cheat"; do
if [ -f "$file" ]; then
echo -e " ✅ $file - available"
else
echo -e " ❌ $file - missing"
all_good=false
fi
done
echo ""
if $all_good; then
echo -e "${GREEN}🎉 All offline help systems are working!${NC}"
else
echo -e "${YELLOW}⚠️ Some help systems are not available${NC}"
fi
}
# Main command router
case "${1:-}" in
tools)
shift
search_tools "$@"
;;
cheat)
shift
show_cheat "$1"
;;
examples)
show_examples
;;
quick)
shift
show_quick "$1"
;;
pdf|malware|forensics)
show_workflow "$1"
;;
--all)
show_all
;;
--offline)
check_offline
;;
--help|-h|"")
show_main_help
;;
*)
echo -e "${YELLOW}Unknown option: $1${NC}"
echo ""
show_main_help
;;
esac