diff --git a/Dockerfile.remnux b/Dockerfile.remnux index d6a8029..239cd5b 100644 --- a/Dockerfile.remnux +++ b/Dockerfile.remnux @@ -10,6 +10,7 @@ RUN apt-get update && apt-get install -y \ busybox \ catdoc \ docx2txt \ + fzf \ mc \ pipx \ unrtf \ @@ -33,14 +34,42 @@ RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps # Install visidata via pipx (for data exploration) RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata +# Install offline help and cheat sheet tools +RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \ + && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr + +# Install navi for interactive cheat sheets +RUN wget https://github.com/denisidoro/navi/releases/download/v2.23.0/navi-v2.23.0-x86_64-unknown-linux-musl.tar.gz -O /tmp/navi.tar.gz \ + && tar -xzf /tmp/navi.tar.gz -C /usr/local/bin \ + && chmod +x /usr/local/bin/navi \ + && rm /tmp/navi.tar.gz + # Create data directory and set permissions RUN mkdir -p /data \ && chown remnux:remnux /data -# Add German documentation files +# Add documentation and search tools ADD files/README /opt/README ADD files/command_help /opt/command_help -RUN echo 'cat /opt/README' >> /etc/bash.bashrc +ADD scripts/download-docs.sh /usr/local/bin/download-docs.sh +ADD scripts/find-tool /usr/local/bin/find-tool +ADD scripts/help /usr/local/bin/help +ADD cheatsheets/ /opt/cheatsheets/ + +# Download REMnux documentation and create searchable database +RUN chmod +x /usr/local/bin/download-docs.sh /usr/local/bin/find-tool /usr/local/bin/help \ + && /usr/local/bin/download-docs.sh + +# Update bashrc with welcome message and comprehensive help info +RUN echo 'cat /opt/README' >> /etc/bash.bashrc \ + && echo 'echo ""' >> /etc/bash.bashrc \ + && echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \ + && echo 'echo " help - Complete help system"' >> /etc/bash.bashrc \ + && echo 'echo " help tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \ + && echo 'echo " help cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \ + && echo 'echo " help examples - Browse all examples (navi)"' >> /etc/bash.bashrc \ + && echo 'echo " help pdf - PDF analysis workflow"' >> /etc/bash.bashrc \ + && echo 'echo ""' >> /etc/bash.bashrc # Switch to remnux user (REMnux default user) USER remnux diff --git a/cheatsheets/malware-analysis.cheat b/cheatsheets/malware-analysis.cheat new file mode 100644 index 0000000..a6a275e --- /dev/null +++ b/cheatsheets/malware-analysis.cheat @@ -0,0 +1,96 @@ +# Malware Analysis Tools +# Commands for analyzing malicious files and samples + +% malware, analysis, forensics + +# Detect malware capabilities with CAPA +capa + +# CAPA verbose output with rule details +capa -v + +# CAPA output in JSON format +capa -j + +# Analyze JavaScript in sandbox +box-js + +# Box-js with custom timeout (seconds) +box-js --timeout= + +# Box-js with download simulation +box-js --download --output-dir= + +# Analyze Office document with oledump +oledump.py + +# Show VBA macros in Office document +oledump.py -v + +# Extract specific stream from Office document +oledump.py -s + +# Decode VBA macros automatically +oledump.py -v -s + +# Analyze RTF document +rtfdump.py + +# Show RTF objects +rtfdump.py -O + +# Analyze email message +emldump.py + +# Extract attachments from email +emldump.py -e + +# URL analysis with unfurl +unfurl_cli.py + +# Unfurl with detailed output +unfurl_cli.py -d + +# Extract metadata from files +exiftool + +# Remove metadata from file +exiftool -all= + +# Analyze data interactively +vd + +# Quick file type detection +file + +# String analysis of binary +strings | head -20 + +# Hex dump analysis +xxd | head -20 + +# Base64 decode and analyze +base64dump.py + +# Search for base64 patterns +base64dump.py -s + +# OCR text extraction from image +tesseract + +$ malware_file: ls *.exe *.dll *.bin *.sample +$ javascript_file: ls *.js +$ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx +$ rtf_file: ls *.rtf +$ email_file: ls *.eml *.msg +$ suspicious_url: echo "https://suspicious-domain.com/path" +$ stream_number: echo "1 2 3 4 5" +$ timeout: echo "30 60 120" +$ output_dir: echo "./output" +$ data_file: ls *.csv *.json *.log +$ unknown_file: ls * +$ binary_file: ls *.exe *.dll *.bin +$ file_with_base64: ls *.txt *.log +$ search_term: echo "keyword" +$ image_file: ls *.png *.jpg *.jpeg *.tiff +$ output_text: echo "extracted_text" \ No newline at end of file diff --git a/cheatsheets/pdf-analysis.cheat b/cheatsheets/pdf-analysis.cheat new file mode 100644 index 0000000..c7bc311 --- /dev/null +++ b/cheatsheets/pdf-analysis.cheat @@ -0,0 +1,63 @@ +# PDF Analysis Tools +# Quick reference for analyzing PDF files for malware + +% pdf, malware, analysis + +# Quick PDF overview - shows suspicious elements +pdfid.py + +# Detailed PDF structure analysis +pdf-parser.py + +# Interactive PDF analysis with JavaScript detection +peepdf -i + +# Force processing of potentially corrupted PDF +peepdf -f -i + +# Extract specific PDF object +pdf-parser.py -o + +# Hash PDF elements for comparison +pdf-parser.py -H + +# Export embedded object from PDF +pdf-parser.py -d -f -o + +# Flatten PDF (remove JavaScript and active elements) +pdftk cat output flattened_ + +# Extract embedded files from PDF +pdftk unpack_files + +# Extract from password-protected PDF +pdftk input_pw unpack_files + +# Convert PDF to TIFF (safe rendering) +convert .tiff + +# Analyze PDF metadata with Origami +pdfmetadata + +# Extract PDF streams and objects +pdfextract + +# Validate PDF structure +pdfcop + +# Decrypt PDF file +pdfdecrypt + +# Merge multiple PDFs +qpdf --empty --pages -- + +# Extract previous versions from PDF +pdfresurrect + +# Analyze incremental updates in PDF +pdftool.py + +$ pdf_file: ls *.pdf +$ object_id: echo "1 2 3 4 5 6 7 8 9 10" +$ output_file: echo "output" +$ password: echo "password123" \ No newline at end of file diff --git a/cheatsheets/system-utilities.cheat b/cheatsheets/system-utilities.cheat new file mode 100644 index 0000000..3eec98c --- /dev/null +++ b/cheatsheets/system-utilities.cheat @@ -0,0 +1,121 @@ +# System Utilities and Forensics +# Essential commands for file analysis and system operations + +% system, forensics, utilities + +# Archive operations with 7zip +7z l + +# Extract archive +7z x + +# Create archive +7z a + +# Extract with password +7z x -p + +# File manager with Midnight Commander +mc + +# Navigate MC with panels +mc + +# Convert document formats +catdoc + +# Extract text from DOCX +docx2txt + +# Convert RTF to text +unrtf --text + +# Advanced text processing with busybox +busybox + +# Find files by type +find /data -name "*." -type f + +# Find files modified in last N days +find /data -mtime - -type f + +# Search for text in files +grep -r "" /data/ + +# Case-insensitive search +grep -ri "" /data/ + +# Search with context lines +grep -C "" + +# Count file types in directory +find /data -name "*.*" | sed 's/.*\.//' | sort | uniq -c | sort -n + +# Quick file statistics +wc -l + +# Get file size in human readable format +du -sh + +# Monitor file changes +tail -f + +# Compare files +diff + +# Create file hash (multiple algorithms) +md5sum +sha1sum +sha256sum + +# Verify file integrity +md5sum -c + +# Network utilities (if needed for analysis) +curl -I + +# Download file safely +wget --no-check-certificate + +# Show disk usage +df -h + +# Show memory usage +free -h + +# Process monitoring +ps aux | grep + +# Environment variables +printenv | sort + +# File permissions +ls -la + +# Change permissions +chmod + +$ archive_file: ls *.zip *.7z *.tar.gz *.rar +$ output_archive: echo "output.7z" +$ files_to_compress: echo "file1.txt file2.txt" +$ password: echo "password123" +$ left_dir: echo "/data" +$ right_dir: echo "/tmp" +$ doc_file: ls *.doc +$ docx_file: ls *.docx +$ rtf_file: ls *.rtf +$ command: echo "ls cat grep find" +$ args: echo "-la" +$ extension: echo "pdf txt log exe" +$ days: echo "1 7 30" +$ search_term: echo "malware suspicious error" +$ context_lines: echo "3 5 10" +$ file: ls * +$ file_or_directory: echo "/data" +$ log_file: ls *.log +$ file1: echo "file1.txt" +$ file2: echo "file2.txt" +$ checksum_file: echo "checksums.md5" +$ url: echo "https://example.com" +$ process_name: echo "python nginx apache" +$ permissions: echo "755 644 600" \ No newline at end of file diff --git a/scripts/download-docs.sh b/scripts/download-docs.sh new file mode 100755 index 0000000..39367e4 --- /dev/null +++ b/scripts/download-docs.sh @@ -0,0 +1,118 @@ +#!/bin/bash + +# Download and process REMnux documentation for offline use +# This script creates a searchable database of all tools and their usage + +set -e + +DOCS_DIR="/opt/remnux-docs" +TOOLS_DB="/opt/remnux-docs/tools.db" + +echo "📚 Downloading REMnux Documentation..." + +# Create documentation directory +mkdir -p "$DOCS_DIR" + +# Download key documentation files from REMnux docs +BASE_URL="https://docs.remnux.org" + +# Categories of tools to download +CATEGORIES=( + "analyze+documents/pdf" + "analyze+documents/general" + "analyze+documents/microsoft+office" + "analyze+documents/email+messages" + "examine+static+properties/general" + "statically+analyze+code/general" + "statically+analyze+code/scripts" + "dynamically+reverse-engineer+code/general" + "gather+and+analyze+data" + "view+or+edit+files" + "general+utilities" +) + +# Function to download and process a documentation page +download_category() { + local category="$1" + local filename=$(echo "$category" | sed 's/+/_/g' | sed 's/\//_/g') + + echo "Downloading: $category" + if curl -s "$BASE_URL/discover-the-tools/$category.md" -o "$DOCS_DIR/${filename}.md"; then + echo "✓ Downloaded $filename.md" + else + echo "⚠ Failed to download $category" + fi +} + +# Download all categories +for category in "${CATEGORIES[@]}"; do + download_category "$category" +done + +# Create a consolidated tools database +echo "🔍 Creating searchable tools database..." + +# Function to extract tool information from markdown files +create_tools_db() { + echo "# REMnux Tools Database" > "$TOOLS_DB" + echo "# Format: TOOL_NAME|DESCRIPTION|CATEGORY|USAGE_HINTS" >> "$TOOLS_DB" + echo "" >> "$TOOLS_DB" + + for md_file in "$DOCS_DIR"/*.md; do + if [[ -f "$md_file" ]]; then + local category=$(basename "$md_file" .md | sed 's/_/ /g') + + # Extract tool entries (they start with ##) + awk -v cat="$category" ' + /^## / { + if (tool_name != "") { + print tool_name "|" description "|" cat "|" usage + } + tool_name = substr($0, 4) # Remove "## " + description = "" + usage = "" + in_tool = 1 + next + } + /^#/ && !/^## / { in_tool = 0; next } + in_tool && /^[A-Z]/ && description == "" { + description = $0 + next + } + in_tool && /^\*\*Website/ { + usage = usage $0 " " + next + } + in_tool && /^\*\*Notes/ { + usage = usage $0 " " + next + } + END { + if (tool_name != "") { + print tool_name "|" description "|" cat "|" usage + } + } + ' "$md_file" >> "$TOOLS_DB" + fi + done +} + +create_tools_db + +# Add our custom tools to the database +echo "" >> "$TOOLS_DB" +echo "# Additional Tools Added to Container" >> "$TOOLS_DB" +echo "capa|Malware capability detection tool from Mandiant|malware analysis|Analyze executable files to identify capabilities" >> "$TOOLS_DB" +echo "box-js|JavaScript sandbox for malware analysis|malware analysis|box-js sample.js to analyze JavaScript in sandbox" >> "$TOOLS_DB" +echo "visidata|Interactive data exploration tool|data analysis|vd filename.csv to explore data interactively" >> "$TOOLS_DB" +echo "unfurl_cli.py|URL analysis and extraction tool|data analysis|unfurl_cli.py URL to analyze and extract components" >> "$TOOLS_DB" + +echo "✅ Documentation download complete!" +echo "📊 Tools database created at: $TOOLS_DB" + +# Count tools +TOOL_COUNT=$(grep -c "^[^#]" "$TOOLS_DB" | head -1) +echo "🔧 Indexed $TOOL_COUNT tools" + +echo "" +echo "Usage: Use 'find-tool' command to search through all available tools" \ No newline at end of file diff --git a/scripts/find-tool b/scripts/find-tool new file mode 100755 index 0000000..2cfbe48 --- /dev/null +++ b/scripts/find-tool @@ -0,0 +1,169 @@ +#!/bin/bash + +# REMnux Tool Finder - Fuzzy search through all available tools +# Usage: find-tool [search_term] + +TOOLS_DB="/opt/remnux-docs/tools.db" +DOCS_DIR="/opt/remnux-docs" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +BLUE='\033[0;34m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' # No Color + +show_help() { + echo -e "${CYAN}🔍 REMnux Tool Finder${NC}" + echo "" + echo "Usage:" + echo " find-tool [search_term] - Search for tools" + echo " find-tool --list - List all available tools" + echo " find-tool --categories - Show tool categories" + echo " find-tool --interactive - Interactive fuzzy search (requires fzf)" + echo "" + echo "Examples:" + echo " find-tool pdf - Find all PDF-related tools" + echo " find-tool javascript - Find JavaScript analysis tools" + echo " find-tool parser - Find all parsers" + echo " find-tool --interactive - Browse all tools interactively" +} + +list_categories() { + echo -e "${CYAN}📂 Available Tool Categories:${NC}" + if [[ -f "$TOOLS_DB" ]]; then + awk -F'|' '/^[^#]/ {print $3}' "$TOOLS_DB" | sort -u | while read -r category; do + count=$(awk -F'|' -v cat="$category" '/^[^#]/ && $3 == cat {count++} END {print count+0}' "$TOOLS_DB") + echo -e " ${GREEN}•${NC} $category (${YELLOW}$count tools${NC})" + done + else + echo -e "${RED}❌ Tools database not found. Run container build to initialize.${NC}" + fi +} + +list_all_tools() { + echo -e "${CYAN}🛠️ All Available Tools:${NC}" + if [[ -f "$TOOLS_DB" ]]; then + awk -F'|' '/^[^#]/ {printf "%-20s %s\n", $1, $2}' "$TOOLS_DB" | sort + else + echo -e "${RED}❌ Tools database not found.${NC}" + fi +} + +search_tools() { + local search_term="$1" + + if [[ -z "$search_term" ]]; then + echo -e "${RED}❌ Please provide a search term${NC}" + show_help + return 1 + fi + + if [[ ! -f "$TOOLS_DB" ]]; then + echo -e "${RED}❌ Tools database not found.${NC}" + return 1 + fi + + echo -e "${CYAN}🔍 Searching for: ${YELLOW}$search_term${NC}" + echo "" + + # Search in tool names, descriptions, categories, and usage hints + local matches=$(awk -F'|' -v term="$search_term" ' + /^[^#]/ && (tolower($1) ~ tolower(term) || tolower($2) ~ tolower(term) || tolower($3) ~ tolower(term) || tolower($4) ~ tolower(term)) { + print $0 + }' "$TOOLS_DB") + + if [[ -z "$matches" ]]; then + echo -e "${YELLOW}⚠️ No tools found matching '$search_term'${NC}" + echo "" + echo -e "💡 Try broader terms like: ${GREEN}pdf${NC}, ${GREEN}malware${NC}, ${GREEN}javascript${NC}, ${GREEN}analysis${NC}" + return 0 + fi + + local count=0 + echo "$matches" | while IFS='|' read -r name description category usage; do + count=$((count + 1)) + echo -e "${GREEN}🔧 $name${NC}" + echo -e " ${BLUE}Description:${NC} $description" + echo -e " ${BLUE}Category:${NC} $category" + if [[ -n "$usage" && "$usage" != " " ]]; then + echo -e " ${BLUE}Usage:${NC} $usage" + fi + + # Check if tool exists on system + if command -v "$name" >/dev/null 2>&1; then + echo -e " ${GREEN}✓ Available${NC}" + else + echo -e " ${YELLOW}⚠ Check path or alternative name${NC}" + fi + echo "" + done + + local match_count=$(echo "$matches" | wc -l) + echo -e "${CYAN}📊 Found $match_count tool(s) matching '$search_term'${NC}" +} + +interactive_search() { + if ! command -v fzf >/dev/null 2>&1; then + echo -e "${YELLOW}⚠️ fzf not found. Falling back to simple search.${NC}" + echo "Type search term and press Enter (or 'quit' to exit):" + while read -r -p "🔍 Search: " term; do + if [[ "$term" == "quit" || "$term" == "exit" ]]; then + break + fi + search_tools "$term" + echo "---" + done + return + fi + + echo -e "${CYAN}🎯 Interactive Tool Search${NC}" + echo -e "Use ${GREEN}↑/↓${NC} to navigate, ${GREEN}Enter${NC} to select, ${GREEN}Ctrl+C${NC} to exit" + echo "" + + local selected=$(awk -F'|' '/^[^#]/ {printf "%-20s │ %-30s │ %s\n", $1, $2, $3}' "$TOOLS_DB" | \ + fzf --header="REMnux Tools - Select to see details" \ + --header-lines=0 \ + --preview='echo {} | cut -d"│" -f1 | xargs -I{} awk -F"|" -v tool="{}" "BEGIN{IGNORECASE=1} \$1 ~ tool {print \"🔧 Tool: \" \$1; print \"📝 Description: \" \$2; print \"📂 Category: \" \$3; if(\$4) print \"💡 Usage: \" \$4}" /opt/remnux-docs/tools.db' \ + --preview-window=right:50%:wrap) + + if [[ -n "$selected" ]]; then + local tool_name=$(echo "$selected" | cut -d'│' -f1 | xargs) + echo -e "${GREEN}Selected tool: $tool_name${NC}" + + # Show detailed info + search_tools "$tool_name" + + # Try to show help for the tool + echo -e "${CYAN}📖 Quick Help:${NC}" + if command -v "$tool_name" >/dev/null 2>&1; then + echo "Running: $tool_name --help" + timeout 3s "$tool_name" --help 2>/dev/null | head -10 || echo "No help available or timeout" + else + echo "Tool may be available under a different name or path" + fi + fi +} + +# Main logic +case "${1:-}" in + --help|-h|help) + show_help + ;; + --list|-l) + list_all_tools + ;; + --categories|-c) + list_categories + ;; + --interactive|-i) + interactive_search + ;; + "") + show_help + ;; + *) + search_tools "$1" + ;; +esac \ No newline at end of file diff --git a/scripts/help b/scripts/help new file mode 100755 index 0000000..e3ef1d7 --- /dev/null +++ b/scripts/help @@ -0,0 +1,304 @@ +#!/bin/bash + +# Comprehensive Help System for File Analysis Container +# Integrates find-tool, navi, cheat, tldr for offline documentation + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +BLUE='\033[0;34m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +PURPLE='\033[0;35m' +NC='\033[0m' # No Color + +show_main_help() { + echo -e "${CYAN}📚 File Analysis Container Help System${NC}" + echo -e "${CYAN}======================================${NC}" + echo "" + echo -e "${GREEN}🔍 Tool Discovery:${NC}" + echo " help tools [term] - Search for analysis tools" + echo " help tools --interactive - Browse tools interactively" + echo " help tools --list - List all available tools" + echo "" + echo -e "${GREEN}📖 Command Examples:${NC}" + echo " help cheat - Show cheat sheet for specific tool" + echo " help examples - Browse all command examples interactively" + echo " help quick - Quick examples (tldr style)" + echo "" + echo -e "${GREEN}🎯 Analysis Workflows:${NC}" + echo " help pdf - PDF analysis workflow" + echo " help malware - Malware analysis workflow" + echo " help forensics - System forensics workflow" + echo "" + echo -e "${GREEN}💡 Quick Access:${NC}" + echo " help --all - Show everything available" + echo " help --offline - Verify offline capabilities" + echo "" + echo -e "${YELLOW}Examples:${NC}" + echo " help tools pdf # Find PDF analysis tools" + echo " help cheat pdfid.py # Show pdfid.py examples" + echo " help quick tar # Quick tar examples" + echo " help examples # Browse all examples" +} + +search_tools() { + echo -e "${CYAN}🔍 Searching analysis tools...${NC}" + if [ "$1" = "--interactive" ]; then + find-tool --interactive + elif [ "$1" = "--list" ]; then + find-tool --list + elif [ -n "$1" ]; then + find-tool "$1" + else + find-tool + fi +} + +show_cheat() { + local tool="$1" + if [ -z "$tool" ]; then + echo -e "${YELLOW}Available cheat sheets:${NC}" + echo " pdf-analysis - PDF analysis tools" + echo " malware - Malware analysis tools" + echo " system - System utilities" + echo "" + echo "Usage: help cheat " + echo "Example: help cheat pdfid.py" + return + fi + + # First try cheat command for standard tools + if command -v cheat >/dev/null 2>&1; then + if cheat "$tool" 2>/dev/null; then + return + fi + fi + + # Then try our custom categories + case "$tool" in + pdf*|PDF*) + echo -e "${CYAN}📄 PDF Analysis Commands:${NC}" + if [ -f "/opt/cheatsheets/pdf-analysis.cheat" ]; then + grep -v "^#" /opt/cheatsheets/pdf-analysis.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$" + fi + ;; + malware*|capa*|box-js*|oledump*) + echo -e "${CYAN}🦠 Malware Analysis Commands:${NC}" + if [ -f "/opt/cheatsheets/malware-analysis.cheat" ]; then + grep -v "^#" /opt/cheatsheets/malware-analysis.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$" + fi + ;; + system*|7z*|mc*|forensic*) + echo -e "${CYAN}🛠️ System Utilities Commands:${NC}" + if [ -f "/opt/cheatsheets/system-utilities.cheat" ]; then + grep -v "^#" /opt/cheatsheets/system-utilities.cheat | grep -v "^%" | grep -v "^\$" | grep -v "^$" + fi + ;; + *) + echo -e "${YELLOW}⚠️ No specific cheat sheet found for '$tool'${NC}" + echo "" + echo -e "Try one of these:" + echo -e " ${GREEN}help cheat pdf${NC} - PDF analysis" + echo -e " ${GREEN}help cheat malware${NC} - Malware analysis" + echo -e " ${GREEN}help cheat system${NC} - System utilities" + echo -e " ${GREEN}help quick $tool${NC} - Quick examples" + ;; + esac +} + +show_examples() { + if command -v navi >/dev/null 2>&1; then + echo -e "${CYAN}🎯 Browsing command examples interactively...${NC}" + echo -e "Use ${GREEN}Ctrl+R${NC} in shell or run ${GREEN}navi${NC} directly" + navi --fzf + else + echo -e "${YELLOW}⚠️ Navi not available, showing static examples${NC}" + show_cheat "pdf" + fi +} + +show_quick() { + local command="$1" + if [ -z "$command" ]; then + echo -e "${YELLOW}Usage: help quick ${NC}" + echo "Example: help quick tar" + return + fi + + if command -v tldr >/dev/null 2>&1; then + echo -e "${CYAN}📖 Quick examples for: $command${NC}" + tldr "$command" 2>/dev/null || { + echo -e "${YELLOW}⚠️ No tldr page found for '$command'${NC}" + echo "Try: help cheat $command" + } + else + echo -e "${YELLOW}⚠️ tldr not available${NC}" + show_cheat "$command" + fi +} + +show_workflow() { + local workflow="$1" + case "$workflow" in + pdf) + echo -e "${CYAN}📄 PDF Analysis Workflow:${NC}" + echo "" + echo -e "${GREEN}1. Initial Analysis:${NC}" + echo " pdfid.py sample.pdf # Quick overview" + echo " file sample.pdf # Verify file type" + echo "" + echo -e "${GREEN}2. Deep Analysis:${NC}" + echo " pdf-parser.py sample.pdf # Structure analysis" + echo " peepdf -i sample.pdf # Interactive analysis" + echo "" + echo -e "${GREEN}3. Extract Suspicious Content:${NC}" + echo " pdf-parser.py -o [obj_id] sample.pdf # Extract objects" + echo " pdftk sample.pdf unpack_files # Extract embedded files" + echo "" + echo -e "${GREEN}4. Safe Rendering:${NC}" + echo " pdftk sample.pdf cat output safe.pdf # Flatten PDF" + echo " convert sample.pdf sample.png # Convert to image" + ;; + malware) + echo -e "${CYAN}🦠 Malware Analysis Workflow:${NC}" + echo "" + echo -e "${GREEN}1. File Identification:${NC}" + echo " file sample.exe # Identify file type" + echo " exiftool sample.exe # Extract metadata" + echo "" + echo -e "${GREEN}2. Capability Analysis:${NC}" + echo " capa sample.exe # Detect capabilities" + echo " strings sample.exe | head -50 # Extract strings" + echo "" + echo -e "${GREEN}3. Document Analysis:${NC}" + echo " oledump.py sample.doc # Office documents" + echo " box-js sample.js # JavaScript analysis" + echo "" + echo -e "${GREEN}4. Data Analysis:${NC}" + echo " vd sample.csv # Interactive data exploration" + echo " unfurl_cli.py suspicious-url # URL analysis" + ;; + forensics) + echo -e "${CYAN}🔍 System Forensics Workflow:${NC}" + echo "" + echo -e "${GREEN}1. File System Analysis:${NC}" + echo " find /data -type f -mtime -1 # Recent files" + echo " ls -la /data # File permissions" + echo "" + echo -e "${GREEN}2. Content Analysis:${NC}" + echo " grep -r 'suspicious' /data/ # Text search" + echo " xxd suspicious_file | head # Hex analysis" + echo "" + echo -e "${GREEN}3. Archive Analysis:${NC}" + echo " 7z l archive.zip # List contents" + echo " 7z x archive.zip -o./extract/ # Extract safely" + echo "" + echo -e "${GREEN}4. Verification:${NC}" + echo " md5sum * > checksums.md5 # Create checksums" + echo " md5sum -c checksums.md5 # Verify integrity" + ;; + *) + echo -e "${YELLOW}Available workflows:${NC}" + echo " help pdf - PDF analysis" + echo " help malware - Malware analysis" + echo " help forensics - System forensics" + ;; + esac +} + +show_all() { + echo -e "${CYAN}📚 Complete Help Overview${NC}" + echo -e "${CYAN}=========================${NC}" + echo "" + + echo -e "${PURPLE}🛠️ Available Tools:${NC}" + find-tool --categories + echo "" + + echo -e "${PURPLE}📖 Help Commands:${NC}" + echo " help - This help" + echo " help tools [term] - Search tools" + echo " help cheat - Command examples" + echo " help quick - Quick examples" + echo " help examples - Browse examples" + echo " navi --fzf - Interactive cheat sheets" + echo "" + + echo -e "${PURPLE}🎯 Analysis Workflows:${NC}" + echo " help pdf - PDF analysis" + echo " help malware - Malware analysis" + echo " help forensics - System forensics" +} + +check_offline() { + echo -e "${CYAN}🔌 Offline Capability Check${NC}" + echo -e "${CYAN}===========================${NC}" + echo "" + + local all_good=true + + echo -e "${GREEN}Documentation Tools:${NC}" + for tool in find-tool navi cheat tldr; do + if command -v "$tool" >/dev/null 2>&1; then + echo -e " ✅ $tool - available" + else + echo -e " ❌ $tool - missing" + all_good=false + fi + done + + echo "" + echo -e "${GREEN}Documentation Files:${NC}" + for file in "/opt/remnux-docs/tools.db" "/opt/cheatsheets/pdf-analysis.cheat" "/opt/cheatsheets/malware-analysis.cheat"; do + if [ -f "$file" ]; then + echo -e " ✅ $file - available" + else + echo -e " ❌ $file - missing" + all_good=false + fi + done + + echo "" + if $all_good; then + echo -e "${GREEN}🎉 All offline help systems are working!${NC}" + else + echo -e "${YELLOW}⚠️ Some help systems are not available${NC}" + fi +} + +# Main command router +case "${1:-}" in + tools) + shift + search_tools "$@" + ;; + cheat) + shift + show_cheat "$1" + ;; + examples) + show_examples + ;; + quick) + shift + show_quick "$1" + ;; + pdf|malware|forensics) + show_workflow "$1" + ;; + --all) + show_all + ;; + --offline) + check_offline + ;; + --help|-h|"") + show_main_help + ;; + *) + echo -e "${YELLOW}Unknown option: $1${NC}" + echo "" + show_main_help + ;; +esac \ No newline at end of file