Add comprehensive offline help system with fuzzy search
🎯 Enhanced Features: - Integrated navi, cheat, tldr, and fzf for interactive help - Custom cheat sheets for PDF analysis, malware analysis, and system utilities - find-tool command for fuzzy searching through all REMnux tools - Comprehensive help command with workflows and examples - Complete offline documentation system 📚 Help System Components: - help - Main help system - help tools [term] - Search for tools (fuzzy matching) - help cheat <tool> - Show command examples - help examples - Browse examples interactively (navi + fzf) - help pdf/malware/forensics - Analysis workflows - help --offline - Verify offline capabilities 🛠️ Tools Added: - navi: Interactive cheat sheet browser - cheat: Command-line cheat sheets - tldr: Quick command examples - fzf: Fuzzy finder (already included) All documentation works completely offline with local REMnux docs database and custom cheat sheets for analysis workflows.
This commit is contained in:
Tobias Kessels
63
cheatsheets/pdf-analysis.cheat
Normal file
63
cheatsheets/pdf-analysis.cheat
Normal file
@@ -0,0 +1,63 @@
|
||||
# PDF Analysis Tools
|
||||
# Quick reference for analyzing PDF files for malware
|
||||
|
||||
% pdf, malware, analysis
|
||||
|
||||
# Quick PDF overview - shows suspicious elements
|
||||
pdfid.py <pdf_file>
|
||||
|
||||
# Detailed PDF structure analysis
|
||||
pdf-parser.py <pdf_file>
|
||||
|
||||
# Interactive PDF analysis with JavaScript detection
|
||||
peepdf -i <pdf_file>
|
||||
|
||||
# Force processing of potentially corrupted PDF
|
||||
peepdf -f -i <pdf_file>
|
||||
|
||||
# Extract specific PDF object
|
||||
pdf-parser.py -o <object_id> <pdf_file>
|
||||
|
||||
# Hash PDF elements for comparison
|
||||
pdf-parser.py -H <pdf_file>
|
||||
|
||||
# Export embedded object from PDF
|
||||
pdf-parser.py -d <output_file> -f -o <object_id> <pdf_file>
|
||||
|
||||
# Flatten PDF (remove JavaScript and active elements)
|
||||
pdftk <pdf_file> cat output flattened_<pdf_file>
|
||||
|
||||
# Extract embedded files from PDF
|
||||
pdftk <pdf_file> unpack_files
|
||||
|
||||
# Extract from password-protected PDF
|
||||
pdftk <pdf_file> input_pw <password> unpack_files
|
||||
|
||||
# Convert PDF to TIFF (safe rendering)
|
||||
convert <pdf_file> <output_file>.tiff
|
||||
|
||||
# Analyze PDF metadata with Origami
|
||||
pdfmetadata <pdf_file>
|
||||
|
||||
# Extract PDF streams and objects
|
||||
pdfextract <pdf_file>
|
||||
|
||||
# Validate PDF structure
|
||||
pdfcop <pdf_file>
|
||||
|
||||
# Decrypt PDF file
|
||||
pdfdecrypt <pdf_file> <output_file>
|
||||
|
||||
# Merge multiple PDFs
|
||||
qpdf --empty --pages <pdf1> <pdf2> -- <output_file>
|
||||
|
||||
# Extract previous versions from PDF
|
||||
pdfresurrect <pdf_file>
|
||||
|
||||
# Analyze incremental updates in PDF
|
||||
pdftool.py <pdf_file>
|
||||
|
||||
$ pdf_file: ls *.pdf
|
||||
$ object_id: echo "1 2 3 4 5 6 7 8 9 10"
|
||||
$ output_file: echo "output"
|
||||
$ password: echo "password123"
|
||||
Reference in New Issue
Block a user