Add comprehensive offline help system with fuzzy search

🎯 Enhanced Features:
- Integrated navi, cheat, tldr, and fzf for interactive help
- Custom cheat sheets for PDF analysis, malware analysis, and system utilities
- find-tool command for fuzzy searching through all REMnux tools
- Comprehensive help command with workflows and examples
- Complete offline documentation system

📚 Help System Components:
- help                    - Main help system
- help tools [term]       - Search for tools (fuzzy matching)
- help cheat <tool>       - Show command examples
- help examples           - Browse examples interactively (navi + fzf)
- help pdf/malware/forensics - Analysis workflows
- help --offline          - Verify offline capabilities

🛠️ Tools Added:
- navi: Interactive cheat sheet browser
- cheat: Command-line cheat sheets
- tldr: Quick command examples
- fzf: Fuzzy finder (already included)

All documentation works completely offline with local REMnux docs database
and custom cheat sheets for analysis workflows.

cheatsheets/malware-analysis.cheat

@@ -0,0 +1,96 @@
+# Malware Analysis Tools
+# Commands for analyzing malicious files and samples
+
+% malware, analysis, forensics
+
+# Detect malware capabilities with CAPA
+capa <malware_file>
+
+# CAPA verbose output with rule details
+capa -v <malware_file>
+
+# CAPA output in JSON format
+capa -j <malware_file>
+
+# Analyze JavaScript in sandbox
+box-js <javascript_file>
+
+# Box-js with custom timeout (seconds)
+box-js --timeout=<timeout> <javascript_file>
+
+# Box-js with download simulation
+box-js --download --output-dir=<output_dir> <javascript_file>
+
+# Analyze Office document with oledump
+oledump.py <office_file>
+
+# Show VBA macros in Office document
+oledump.py -v <office_file>
+
+# Extract specific stream from Office document
+oledump.py -s <stream_number> <office_file>
+
+# Decode VBA macros automatically
+oledump.py -v -s <stream_number> <office_file>
+
+# Analyze RTF document
+rtfdump.py <rtf_file>
+
+# Show RTF objects
+rtfdump.py -O <rtf_file>
+
+# Analyze email message
+emldump.py <email_file>
+
+# Extract attachments from email
+emldump.py -e <email_file>
+
+# URL analysis with unfurl
+unfurl_cli.py <suspicious_url>
+
+# Unfurl with detailed output
+unfurl_cli.py -d <suspicious_url>
+
+# Extract metadata from files
+exiftool <file>
+
+# Remove metadata from file
+exiftool -all= <file>
+
+# Analyze data interactively
+vd <data_file>
+
+# Quick file type detection
+file <unknown_file>
+
+# String analysis of binary
+strings <binary_file> | head -20
+
+# Hex dump analysis
+xxd <binary_file> | head -20
+
+# Base64 decode and analyze
+base64dump.py <file_with_base64>
+
+# Search for base64 patterns
+base64dump.py -s <search_term> <file>
+
+# OCR text extraction from image
+tesseract <image_file> <output_text>
+
+$ malware_file: ls *.exe *.dll *.bin *.sample
+$ javascript_file: ls *.js
+$ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx
+$ rtf_file: ls *.rtf
+$ email_file: ls *.eml *.msg
+$ suspicious_url: echo "https://suspicious-domain.com/path"
+$ stream_number: echo "1 2 3 4 5"
+$ timeout: echo "30 60 120"
+$ output_dir: echo "./output"
+$ data_file: ls *.csv *.json *.log
+$ unknown_file: ls *
+$ binary_file: ls *.exe *.dll *.bin
+$ file_with_base64: ls *.txt *.log
+$ search_term: echo "keyword"
+$ image_file: ls *.png *.jpg *.jpeg *.tiff
+$ output_text: echo "extracted_text"

cheatsheets/pdf-analysis.cheat

@@ -0,0 +1,63 @@
+# PDF Analysis Tools
+# Quick reference for analyzing PDF files for malware
+
+% pdf, malware, analysis
+
+# Quick PDF overview - shows suspicious elements
+pdfid.py <pdf_file>
+
+# Detailed PDF structure analysis
+pdf-parser.py <pdf_file>
+
+# Interactive PDF analysis with JavaScript detection
+peepdf -i <pdf_file>
+
+# Force processing of potentially corrupted PDF
+peepdf -f -i <pdf_file>
+
+# Extract specific PDF object
+pdf-parser.py -o <object_id> <pdf_file>
+
+# Hash PDF elements for comparison
+pdf-parser.py -H <pdf_file>
+
+# Export embedded object from PDF
+pdf-parser.py -d <output_file> -f -o <object_id> <pdf_file>
+
+# Flatten PDF (remove JavaScript and active elements)
+pdftk <pdf_file> cat output flattened_<pdf_file>
+
+# Extract embedded files from PDF
+pdftk <pdf_file> unpack_files
+
+# Extract from password-protected PDF
+pdftk <pdf_file> input_pw <password> unpack_files
+
+# Convert PDF to TIFF (safe rendering)
+convert <pdf_file> <output_file>.tiff
+
+# Analyze PDF metadata with Origami
+pdfmetadata <pdf_file>
+
+# Extract PDF streams and objects
+pdfextract <pdf_file>
+
+# Validate PDF structure
+pdfcop <pdf_file>
+
+# Decrypt PDF file
+pdfdecrypt <pdf_file> <output_file>
+
+# Merge multiple PDFs
+qpdf --empty --pages <pdf1> <pdf2> -- <output_file>
+
+# Extract previous versions from PDF
+pdfresurrect <pdf_file>
+
+# Analyze incremental updates in PDF
+pdftool.py <pdf_file>
+
+$ pdf_file: ls *.pdf
+$ object_id: echo "1 2 3 4 5 6 7 8 9 10"
+$ output_file: echo "output"
+$ password: echo "password123"

cheatsheets/system-utilities.cheat

@@ -0,0 +1,121 @@
+# System Utilities and Forensics
+# Essential commands for file analysis and system operations
+
+% system, forensics, utilities
+
+# Archive operations with 7zip
+7z l <archive_file>
+
+# Extract archive
+7z x <archive_file>
+
+# Create archive
+7z a <output_archive> <files_to_compress>
+
+# Extract with password
+7z x -p<password> <archive_file>
+
+# File manager with Midnight Commander
+mc
+
+# Navigate MC with panels
+mc <left_dir> <right_dir>
+
+# Convert document formats
+catdoc <doc_file>
+
+# Extract text from DOCX
+docx2txt <docx_file>
+
+# Convert RTF to text
+unrtf --text <rtf_file>
+
+# Advanced text processing with busybox
+busybox <command> <args>
+
+# Find files by type
+find /data -name "*.<extension>" -type f
+
+# Find files modified in last N days
+find /data -mtime -<days> -type f
+
+# Search for text in files
+grep -r "<search_term>" /data/
+
+# Case-insensitive search
+grep -ri "<search_term>" /data/
+
+# Search with context lines
+grep -C <context_lines> "<search_term>" <file>
+
+# Count file types in directory
+find /data -name "*.*" | sed 's/.*\.//' | sort | uniq -c | sort -n
+
+# Quick file statistics
+wc -l <file>
+
+# Get file size in human readable format
+du -sh <file_or_directory>
+
+# Monitor file changes
+tail -f <log_file>
+
+# Compare files
+diff <file1> <file2>
+
+# Create file hash (multiple algorithms)
+md5sum <file>
+sha1sum <file>
+sha256sum <file>
+
+# Verify file integrity
+md5sum -c <checksum_file>
+
+# Network utilities (if needed for analysis)
+curl -I <url>
+
+# Download file safely
+wget --no-check-certificate <url>
+
+# Show disk usage
+df -h
+
+# Show memory usage
+free -h
+
+# Process monitoring
+ps aux | grep <process_name>
+
+# Environment variables
+printenv | sort
+
+# File permissions
+ls -la <file>
+
+# Change permissions
+chmod <permissions> <file>
+
+$ archive_file: ls *.zip *.7z *.tar.gz *.rar
+$ output_archive: echo "output.7z"
+$ files_to_compress: echo "file1.txt file2.txt"
+$ password: echo "password123"
+$ left_dir: echo "/data"
+$ right_dir: echo "/tmp"
+$ doc_file: ls *.doc
+$ docx_file: ls *.docx
+$ rtf_file: ls *.rtf
+$ command: echo "ls cat grep find"
+$ args: echo "-la"
+$ extension: echo "pdf txt log exe"
+$ days: echo "1 7 30"
+$ search_term: echo "malware suspicious error"
+$ context_lines: echo "3 5 10"
+$ file: ls *
+$ file_or_directory: echo "/data"
+$ log_file: ls *.log
+$ file1: echo "file1.txt"
+$ file2: echo "file2.txt"
+$ checksum_file: echo "checksums.md5"
+$ url: echo "https://example.com"
+$ process_name: echo "python nginx apache"
+$ permissions: echo "755 644 600"