Add comprehensive offline help system with fuzzy search
🎯 Enhanced Features: - Integrated navi, cheat, tldr, and fzf for interactive help - Custom cheat sheets for PDF analysis, malware analysis, and system utilities - find-tool command for fuzzy searching through all REMnux tools - Comprehensive help command with workflows and examples - Complete offline documentation system 📚 Help System Components: - help - Main help system - help tools [term] - Search for tools (fuzzy matching) - help cheat <tool> - Show command examples - help examples - Browse examples interactively (navi + fzf) - help pdf/malware/forensics - Analysis workflows - help --offline - Verify offline capabilities 🛠️ Tools Added: - navi: Interactive cheat sheet browser - cheat: Command-line cheat sheets - tldr: Quick command examples - fzf: Fuzzy finder (already included) All documentation works completely offline with local REMnux docs database and custom cheat sheets for analysis workflows.
This commit is contained in:
Tobias Kessels
96
cheatsheets/malware-analysis.cheat
Normal file
96
cheatsheets/malware-analysis.cheat
Normal file
@@ -0,0 +1,96 @@
|
||||
# Malware Analysis Tools
|
||||
# Commands for analyzing malicious files and samples
|
||||
|
||||
% malware, analysis, forensics
|
||||
|
||||
# Detect malware capabilities with CAPA
|
||||
capa <malware_file>
|
||||
|
||||
# CAPA verbose output with rule details
|
||||
capa -v <malware_file>
|
||||
|
||||
# CAPA output in JSON format
|
||||
capa -j <malware_file>
|
||||
|
||||
# Analyze JavaScript in sandbox
|
||||
box-js <javascript_file>
|
||||
|
||||
# Box-js with custom timeout (seconds)
|
||||
box-js --timeout=<timeout> <javascript_file>
|
||||
|
||||
# Box-js with download simulation
|
||||
box-js --download --output-dir=<output_dir> <javascript_file>
|
||||
|
||||
# Analyze Office document with oledump
|
||||
oledump.py <office_file>
|
||||
|
||||
# Show VBA macros in Office document
|
||||
oledump.py -v <office_file>
|
||||
|
||||
# Extract specific stream from Office document
|
||||
oledump.py -s <stream_number> <office_file>
|
||||
|
||||
# Decode VBA macros automatically
|
||||
oledump.py -v -s <stream_number> <office_file>
|
||||
|
||||
# Analyze RTF document
|
||||
rtfdump.py <rtf_file>
|
||||
|
||||
# Show RTF objects
|
||||
rtfdump.py -O <rtf_file>
|
||||
|
||||
# Analyze email message
|
||||
emldump.py <email_file>
|
||||
|
||||
# Extract attachments from email
|
||||
emldump.py -e <email_file>
|
||||
|
||||
# URL analysis with unfurl
|
||||
unfurl_cli.py <suspicious_url>
|
||||
|
||||
# Unfurl with detailed output
|
||||
unfurl_cli.py -d <suspicious_url>
|
||||
|
||||
# Extract metadata from files
|
||||
exiftool <file>
|
||||
|
||||
# Remove metadata from file
|
||||
exiftool -all= <file>
|
||||
|
||||
# Analyze data interactively
|
||||
vd <data_file>
|
||||
|
||||
# Quick file type detection
|
||||
file <unknown_file>
|
||||
|
||||
# String analysis of binary
|
||||
strings <binary_file> | head -20
|
||||
|
||||
# Hex dump analysis
|
||||
xxd <binary_file> | head -20
|
||||
|
||||
# Base64 decode and analyze
|
||||
base64dump.py <file_with_base64>
|
||||
|
||||
# Search for base64 patterns
|
||||
base64dump.py -s <search_term> <file>
|
||||
|
||||
# OCR text extraction from image
|
||||
tesseract <image_file> <output_text>
|
||||
|
||||
$ malware_file: ls *.exe *.dll *.bin *.sample
|
||||
$ javascript_file: ls *.js
|
||||
$ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx
|
||||
$ rtf_file: ls *.rtf
|
||||
$ email_file: ls *.eml *.msg
|
||||
$ suspicious_url: echo "https://suspicious-domain.com/path"
|
||||
$ stream_number: echo "1 2 3 4 5"
|
||||
$ timeout: echo "30 60 120"
|
||||
$ output_dir: echo "./output"
|
||||
$ data_file: ls *.csv *.json *.log
|
||||
$ unknown_file: ls *
|
||||
$ binary_file: ls *.exe *.dll *.bin
|
||||
$ file_with_base64: ls *.txt *.log
|
||||
$ search_term: echo "keyword"
|
||||
$ image_file: ls *.png *.jpg *.jpeg *.tiff
|
||||
$ output_text: echo "extracted_text"
|
||||
Reference in New Issue
Block a user