irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Major repository cleanup and enhancement

Browse Source 
- Reorganize documentation: moved old docs to docs/ directory
- Add comprehensive README.md with build options and usage guide
- Add detailed CONTRIBUTING.md with help content management guide
- Create Makefile for automated building and testing
- Add Dockerfile.scratch for building from Ubuntu 20.04 base
- Enhance all Dockerfiles with PowerShell + PSScriptAnalyzer
- Add modern shells: zsh (with plugins) and fish (with config)
- Add modern CLI tools: fd-find, ripgrep, fzf
- Create comprehensive help system with cheat/TLDR/fish completions
- Add helper scripts for help content management and coverage checking
- Fix Dockerfile.remnux script references
- Support three build variants: upstream (REMnux), scratch (Ubuntu), kali

Build options:
  - make build-upstream: Fast, uses REMnux upstream (recommended)
  - make build-scratch: Full control, builds from Ubuntu 20.04
  - make build-kali: Legacy Kali Linux base

Features:
  - PowerShell with PSScriptAnalyzer module
  - Modern shells (zsh, fish) with custom configurations
  - Enhanced help system (cheat sheets, TLDR pages, fish completions)
  - Help coverage checking and bulk import tools
  - Comprehensive documentation for users and contributors
This commit is contained in:
Tobias Kessels
2025-10-01 11:45:56 +02:00
parent 6bfcfd7935
commit b98aaee3e0
27 changed files with 5000 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
scripts/add-tool-cheats.sh Executable file
View File

@@ -0,0 +1,173 @@
#!/bin/bash
# Add cheat sheets for fd-find, ripgrep, zsh, fish
CHEAT_DIR="/opt/cheatsheets/personal"
mkdir -p "$CHEAT_DIR"
# fd-find cheat sheet
cat > "$CHEAT_DIR/fd" << 'EOF'
# fd (fdfind) - Fast and user-friendly alternative to find
# Find files by name
fdfind pattern
# Find in specific directory
fdfind pattern /path/to/search
# Find only files (no directories)
fdfind -t f pattern
# Find only directories
fdfind -t d pattern
# Case-insensitive search
fdfind -i PDF
# Include hidden and ignored files
fdfind -H pattern
# Execute command on results
fdfind pattern -x rm
# Find and show absolute paths
fdfind -a pattern
# Find files modified in last 24 hours
fdfind -t f --changed-within 24h
# Find PDF files in current directory
fdfind -e pdf
# Exclude directories from search
fdfind pattern -E node_modules -E vendor
EOF
# ripgrep cheat sheet
cat > "$CHEAT_DIR/rg" << 'EOF'
# ripgrep (rg) - Fast recursive grep alternative
# Basic search
rg pattern
# Case-insensitive search
rg -i pattern
# Search specific file types
rg -t py pattern
rg -t js pattern
# Search in specific files
rg pattern -g '*.pdf'
# Show context (3 lines before/after)
rg -C 3 pattern
# Show only filenames with matches
rg -l pattern
# Count matches per file
rg -c pattern
# Search for exact word
rg -w word
# Search hidden files
rg --hidden pattern
# Search compressed files
rg -z pattern file.gz
# Find URLs in files
rg 'https?://[^\s]+'
# Find suspicious JavaScript in PDFs
rg -i 'javascript|openaction' -g '*.pdf'
# Search with file types excluded
rg pattern --type-not python
# Multiline search
rg -U 'pattern1.*pattern2'
EOF
# ripgrep alias
cp "$CHEAT_DIR/rg" "$CHEAT_DIR/ripgrep"
# zsh cheat sheet
cat > "$CHEAT_DIR/zsh" << 'EOF'
# zsh - Z Shell with powerful features
# Start zsh
zsh
# Set zsh as default shell
chsh -s $(which zsh)
# Autocompletion
# Type command and press TAB
# History search
# Type start of command and press UP arrow
# Directory stack
dirs -v # Show directory stack
pushd /path # Push directory and cd
popd # Pop and return to previous
# Glob patterns
ls **/*.pdf # Recursive glob
ls *.pdf~*.bak # Exclude pattern
# Aliases (already configured in container)
ll # ls -lah
fd # fdfind
analyse # fhelp
? # fhelp
# History commands
history # Show all history
history 10 # Show last 10
!$ # Last argument of previous command
!! # Repeat last command
EOF
# fish cheat sheet
cat > "$CHEAT_DIR/fish" << 'EOF'
# fish - Friendly Interactive Shell
# Start fish
fish
# Set fish as default shell
chsh -s $(which fish)
# Autocompletion
# Type command and press TAB (shows suggestions automatically)
# History search
# Type start of command and see suggestions
# Press RIGHT arrow to accept
# Command abbreviations
abbr --add gco git checkout
abbr --list
abbr --erase gco
# Functions (instead of aliases)
function ll
ls -lah $argv
end
funcsave ll # Save function permanently
# Environment variables
set -x PATH /new/path $PATH # Export
set -e VARIABLE # Erase
# Configuration
fish_config # Open web-based configuration
# Plugins (fisher)
# curl -sL https://git.io/fisher | source && fisher install jorgebucaran/fisher
EOF
echo "✅ Added cheat sheets for fd, ripgrep, zsh, fish"

329
scripts/check-help-coverage.sh Normal file
View File

@@ -0,0 +1,329 @@
#!/usr/bin/env bash
# check-help-coverage.sh
# Check cheat and tldr help coverage for a benchmark list of analysis tools.
# Designed to run inside the container (tabledevil/file-analysis:*).
# - Cheat sheets are expected under /opt/cheatsheets/personal or /opt/cheatsheets/*.cheat
# - TLDR pages are checked under /home/remnux/.local/share/tldr/pages/{common,linux}
#
# Exit codes:
# 0 - ran successfully
# 1 - minor warnings
# 2 - failed to run (e.g., missing directories)
set -euo pipefail
CHEAT_DIR_PERSONAL="/opt/cheatsheets/personal"
CHEAT_DIR_GLOBAL="/opt/cheatsheets"
TLDR_DIRS=("/home/remnux/.local/share/tldr/pages/common" "/home/remnux/.local/share/tldr/pages/linux")
# Resolve a cheat file from a name
resolve_cheat_file() {
local name="$1"
local base
base="$(echo "$name" | sed 's/\.[Pp][Yy]$//')"
# candidate names to try in order
local candidates=(
"$name"
"$base"
"${base}.py"
"${base// /-}"
"${base// /_}"
"${base//-/_}"
"${base//_/-}"
)
for cand in "${candidates[@]}"; do
# personal dir (preferred)
if [[ -f "$CHEAT_DIR_PERSONAL/$cand" ]]; then
echo "$CHEAT_DIR_PERSONAL/$cand"; return 0
fi
# global .cheat files
if [[ -f "$CHEAT_DIR_GLOBAL/${cand}.cheat" ]]; then
echo "$CHEAT_DIR_GLOBAL/${cand}.cheat"; return 0
fi
done
return 1
}
# Check if any TLDR page exists for a given tool name (try variants)
resolve_tldr_page() {
local name="$1"
local base lower
base="$(echo "$name" | sed 's/\.[Pp][Yy]$//; s/[() ]//g')"
lower="$(echo "$name" | tr '[:upper:]' '[:lower:]')"
local candidates=(
"$name"
"$lower"
"$base"
"${base}.py"
"${lower// /-}"
"${lower// /_}"
"${lower//-/_}"
"${lower//_/-}"
)
for dir in "${TLDR_DIRS[@]}"; do
for cand in "${candidates[@]}"; do
if [[ -f "$dir/${cand}.md" ]]; then
echo "$dir/${cand}.md"; return 0
fi
done
done
return 1
}
# Print a line with fixed columns
print_row() {
printf "%-18s | %-35s | %-6s | %-6s\n" "$1" "$2" "$3" "$4"
}
# Benchmark list: Category | Display Name | Cheat candidates (comma) | TLDR candidates (comma)
# Keep names short for display; put multiple candidate names to test resolution logic.
TOOL_LIST=$(cat << 'EOF'
General | TrID | trid | trid
General | Magika | magika | magika
General | file | file | file
General | Detect-It-Easy | die,diec | die
General | ExifTool | exiftool | exiftool
General | YARA | yara,yarac | yara
General | signsrch | signsrch | signsrch
General | ssdeep | ssdeep | ssdeep
General | ClamAV | clamscan,freshclam | clamscan,freshclam
General | bulk_extractor | bulk_extractor | bulk_extractor
General | Hachoir | hachoir-metadata,hachoir-subfile | hachoir-metadata
General | Sleuth Kit | fls,icat,tsk_recover | fls,icat
General | binwalk | binwalk | binwalk
General | 7-Zip | 7z,7za,7zr,7zz | 7z
General | wxHexEditor | wxhexeditor | wxhexeditor
General | zipdump | zipdump,zipdump.py | zipdump
General | msitools | msiinfo,msiextract | msiinfo,msiextract
General | numbers-to-string | numbers-to-string,numbers-to-string.py | numbers-to-string
General | re-search | re-search,re-search.py | re-search
General | disitool | disitool,disitool.py | disitool
General | Name-That-Hash | nth | nth
General | Hash ID | hashid,hash-id.py | hashid
PE | manalyze | manalyze | manalyze
PE | peframe | peframe | peframe
PE | pefile (lib) | pefile | pefile
PE | pescan | pescan,pescan.py | pescan
PE | portex | portex,portex.py | portex
PE | bearcommander | bearcommander | bearcommander
PE | pecheck | pecheck | pecheck
ELF | pyew | pyew | pyew
ELF | readelf.py | readelf,readelf.py | readelf
Strings | pestr | pestr | pestr
Strings | bbcrack | bbcrack | bbcrack
Strings | brxor | brxor,brxor.py | brxor
Strings | base64dump | base64dump,base64dump.py | base64dump
Strings | xorsearch | xorsearch | xorsearch
Strings | XORStrings | xorstrings | xorstrings
Strings | flarestrings | flarestrings | flarestrings
Strings | FLOSS | floss | floss
Strings | CyberChef | cyberchef | cyberchef
Emulation | binee | binee | binee
Emulation | capa | capa | capa
Emulation | vivbin | vivbin | vivbin
RE | Ghidra | ghidra,analyzeHeadless | ghidra
RE | Cutter | cutter | cutter
RE | Radare2 | r2 | r2
RE | Rizin | rizin | rizin
RE | objdump | objdump | objdump
RE | RetDec | retdec-decompiler,retdec-decompiler.py | retdec
Debuggers | edb | edb | edb
Debuggers | gdb | gdb | gdb
Packers | upx | upx | upx
Packers | bytehist | bytehist | bytehist
Packers | de4dot | de4dot | de4dot
Android | apktool | apktool | apktool
Android | droidlysis | droidlysis | droidlysis
Android | androgui | androgui,androgui.py | androgui
Android | baksmali | baksmali | baksmali
Android | dex2jar | dex2jar | dex2jar
Java | CFR | cfr | cfr
Java | Procyon | procyon | procyon
Java | JAD | jad | jad
Java | jd-gui | jd-gui | jd-gui
Java | idx_parser | idx_parser,idx_parser.py | idx_parser
Python | pyinstxtractor | pyinstxtractor,pyinstxtractor.py | pyinstxtractor
Python | pycdc | pycdc | pycdc
JavaScript | js | js | js
JavaScript | js-file | js-file | js-file
JavaScript | objects.js | objects.js | objects.js
JavaScript | box-js | box-js | box-js
JavaScript | JSDetox | jsdetox | jsdetox
JavaScript | de4js | de4js | de4js
PowerShell | pwsh | pwsh | pwsh
Flash | swfdump | swfdump | swfdump
Flash | flare | flare | flare
Flash | flasm | flasm | flasm
Flash | swf_mastah | swf_mastah,swf_mastah.py | swf_mastah
Flash | xxxswf | xxxswf | xxxswf
Shellcode | shellcode2exe | shellcode2exe,shellcode2exe.bat | shellcode2exe
Shellcode | scdbg | scdbg | scdbg
Office | vmonkey | vmonkey | vmonkey
Office | pcodedmp | pcodedmp | pcodedmp
Office | olevba | olevba | olevba
Office | xlmdeobfuscator | xlmdeobfuscator | xlmdeobfuscator
Office | oledump | oledump,oledump.py | oledump
Office | msoffice-crypt | msoffice-crypt | msoffice-crypt
Office | ssview | ssview | ssview
PDF | pdfid | pdfid,pdfid.py | pdfid, pdfid.py
PDF | pdfparser | pdfparser,pdf-parser.py | pdfparser,pdf-parser.py
PDF | pdfextract | pdfextract | pdfextract
PDF | pdfdecrypt | pdfdecrypt | pdfdecrypt
PDF | peepdf | peepdf | peepdf
PDF | pdftk | pdftk | pdftk
PDF | pdfresurrect | pdfresurrect | pdfresurrect
PDF | qpdf | qpdf | qpdf
PDF | pdfobjflow | pdfobjflow | pdfobjflow
RTF | rtfobj | rtfobj | rtfobj
RTF | rtfdump | rtfdump,rtfdump.py | rtfdump
Email | emldump | emldump,emldump.py | emldump
Email | msgconvert | msgconvert | msgconvert
NetMon | Burp Suite | burpsuite | burpsuite
NetMon | NetworkMiner | networkminer | networkminer
NetMon | polarproxy | polarproxy | polarproxy
NetMon | mitmproxy | mitmproxy | mitmproxy
NetMon | Wireshark | wireshark | wireshark
NetMon | tshark | tshark | tshark
NetMon | ngrep | ngrep | ngrep
NetMon | tcpxtract | tcpxtract | tcpxtract
Services | Thug | thug | thug
Services | fakedns | fakedns | fakedns
Services | fakemail | fakemail | fakemail
Services | accept-all-ips | accept-all-ips | accept-all-ips
Services | inetsim | inetsim | inetsim
Services | fakenet | fakenet | fakenet
NetUtils | netcat | nc,netcat | nc
NetUtils | tor | tor | tor
NetUtils | wget | wget | wget
NetUtils | curl | curl | curl
NetUtils | ssh | ssh | ssh
NetUtils | unfurl | unfurl,unfurl_cli.py | unfurl
Memory | Volatility 2 | vol.py,volatility | volatility
Memory | Volatility 3 | vol3,volatility3 | vol3
Memory | Rekall | rekall | rekall
Memory | linux_mem_diff | linux_mem_diff,linux_mem_diff.py | linux_mem_diff
Memory | aeskeyfind | aeskeyfind | aeskeyfind
Memory | rsakeyfind | rsakeyfind | rsakeyfind
Intel | Automater | automater,automater.py | automater
Intel | Shodan | shodan | shodan
Intel | ipwhois_cli | ipwhois_cli,ipwhois_cli.py | ipwhois_cli
Intel | pdnstool | pdnstool | pdnstool
Intel | malwoverview | malwoverview,malwoverview.py | malwoverview
Intel | nsrllookup | nsrllookup | nsrllookup
Intel | vt | vt | vt
Intel | YARA engine | yara | yara
Intel | Viper | viper | viper
Intel | dexray | dexray | dexray
Intel | time-decode | time-decode,time-decode.py | time-decode
Intel | ioc_writer | ioc_writer,ioc_writer.py | ioc_writer
Behavior | ltrace | ltrace | ltrace
Behavior | strace | strace | strace
Behavior | frida | frida,frida-trace | frida
Behavior | sysdig | sysdig | sysdig
Behavior | unhide | unhide | unhide
Files | scalpel | scalpel | scalpel
Files | unzip | unzip | unzip
Files | unrar | unrar | unrar
Files | cabextract | cabextract | cabextract
View | code | code | code
View | scite | scite | scite
View | xpdf | xpdf | xpdf
View | feh | feh | feh
View | convert | convert | convert
View | tesseract | tesseract | tesseract
EOF
)
# Counters
missing_cheat=0
missing_tldr=0
total=0
# Header
print_row "Category" "Tool" "CHEAT" "TLDR"
printf -- "%.0s-" $(seq 1 74); echo
# Iterate tools
while IFS='|' read -r category name cheat_list tldr_list; do
# skip empty/comment lines
[[ -z "${category// }" ]] && continue
# trim spaces
category="${category//[$'\t\r\n']}"; category="$(echo "$category" | sed 's/^ *//; s/ *$//')"
name="$(echo "$name" | sed 's/^ *//; s/ *$//')"
cheat_list="$(echo "$cheat_list" | sed 's/^ *//; s/ *$//')"
tldr_list="$(echo "$tldr_list" | sed 's/^ *//; s/ *$//')"
(( total++ ))
# CHEAT check: iterate candidates until one resolves
cheat_status="MISS"
IFS=',' read -r -a cheat_candidates <<< "$cheat_list"
for c in "${cheat_candidates[@]}"; do
c="$(echo "$c" | sed 's/^ *//; s/ *$//')"
if resolved="$(resolve_cheat_file "$c")"; then
cheat_status="OK"
break
fi
done
# TLDR check
tldr_status="MISS"
IFS=',' read -r -a tldr_candidates <<< "$tldr_list"
for t in "${tldr_candidates[@]}"; do
t="$(echo "$t" | sed 's/^ *//; s/ *$//')"
if resolved_tldr="$(resolve_tldr_page "$t")"; then
tldr_status="OK"
break
fi
done
[[ "$cheat_status" == "MISS" ]] && ((missing_cheat++))
[[ "$tldr_status" == "MISS" ]] && ((missing_tldr++))
print_row "$category" "$name" "$cheat_status" "$tldr_status"
done <<< "$TOOL_LIST"
printf -- "%.0s-" $(seq 1 74); echo
printf "Total: %d | Missing CHEAT: %d | Missing TLDR: %d\n" "$total" "$missing_cheat" "$missing_tldr"
# Hints
echo
if [[ "$missing_cheat" -gt 0 || "$missing_tldr" -gt 0 ]]; then
echo "Hints:"
echo "- Add cheat sheets in $CHEAT_DIR_PERSONAL (names without extension recommended)."
echo "- Add TLDR pages in: ${TLDR_DIRS[*]} (as <tool>.md)."
echo "- fhelp cheat uses resolution similar to this script (handles .py and hyphen/underscore variants)."
fi

243
scripts/convert-remnux-cheats.py Normal file
View File

@@ -0,0 +1,243 @@
#!/usr/bin/env python3
"""
convert-remnux-cheats.py
Parse a consolidated markdown cheatsheet (e.g., remnux-tldr-cheatsheet.md)
and generate cheat sheets and TLDR pages for tools missing from the system.
Heuristics:
- A tool section is detected by a heading line (## or ###). The heading text
is the tool display name. If parentheses provide aliases, the first alias is
used as the canonical filename (e.g., "7-Zip (7z, 7za)" => 7z).
- Within a section, bullet lines ("- " or "* ") are treated as descriptions.
Inline code `...` on those lines is extracted as commands.
- Fenced code blocks (``` ... ```) are extracted; each non-empty line becomes a command entry.
- TLDR entries: produce simple bullets with the command in backticks and the description when available.
- Cheat entries: print description as a comment line, followed by the command.
By default, only missing files are created. Existing cheat or TLDR files are left intact
unless --overwrite is provided.
"""
import argparse
import os
import re
from pathlib import Path
HDR_RE = re.compile(r"^(#{2,3})\s+(.+?)\s*$")
FENCE_RE = re.compile(r"^```(.*)$")
INLINE_CODE_RE = re.compile(r"`([^`]+)`")
def choose_canonical_name(heading: str) -> str:
"""From a heading like "7-Zip (7z, 7za, 7zr, 7zz)" choose the first alias if present,
else sanitize the heading text to a plausible command name."""
text = heading.strip()
# If parentheses include aliases, pick the first alias
m = re.search(r"\(([^)]+)\)", text)
if m:
inner = m.group(1)
# split on comma or whitespace
cand = re.split(r"[\s,]+", inner.strip())[0]
if cand:
return cand
# Otherwise, drop parentheses and after a dash if looks like "Tool - description"
text = re.sub(r"\(.*?\)", "", text)
text = text.split(" - ")[0]
text = text.strip()
# Replace spaces with hyphens, keep .py if present
# Remove characters not typical for command names
safe = re.sub(r"[^a-zA-Z0-9._+-]", "-", text).strip("-")
# Lowercase for TLDR filenames; cheat files can be exact
return safe
def parse_sections(lines):
sections = [] # list of dicts: {name, display, desc_cmds:[(desc, cmd)], cmds:[cmd]}
current = None
in_fence = False
fence_accum = []
bullet_desc = None # last bullet description without inline code
for raw in lines:
line = raw.rstrip("\n")
h = HDR_RE.match(line)
if h and not in_fence:
# start new section
if current:
sections.append(current)
hdr_text = h.group(2).strip()
current = {
"display": hdr_text,
"name": choose_canonical_name(hdr_text),
"desc_cmds": [], # list of (desc, cmd)
"cmds": [] # list of commands (from code fences)
}
bullet_desc = None
continue
# fence handling
f = FENCE_RE.match(line)
if f:
if not in_fence:
in_fence = True
fence_accum = []
else:
# closing fence: flush accumulated commands
in_fence = False
if current and fence_accum:
for cmdline in fence_accum:
cmdline = cmdline.strip()
if cmdline:
current["cmds"].append(cmdline)
fence_accum = []
continue
if in_fence:
fence_accum.append(line)
continue
# bullets with potential inline code
if re.match(r"^\s*[-*]\s+", line):
# extract inline code first
codes = INLINE_CODE_RE.findall(line)
# remove code spans for a cleaner description
desc = INLINE_CODE_RE.sub("{}", line)
desc = re.sub(r"^\s*[-*]\s+", "", desc).strip()
if current is not None:
if codes:
for code in codes:
current["desc_cmds"].append((desc, code.strip()))
else:
# bullet with no code -> remember as a description context for next code block lines if desired
bullet_desc = desc
continue
# plain text lines with inline code, treat similarly
codes = INLINE_CODE_RE.findall(line)
if codes and current is not None:
desc = INLINE_CODE_RE.sub("{}", line).strip()
for code in codes:
current["desc_cmds"].append((desc, code.strip()))
continue
# otherwise ignore
if current:
sections.append(current)
return sections
def ensure_dir(p: Path):
p.mkdir(parents=True, exist_ok=True)
def write_cheat(tool_name: str, section, out_dir: Path, overwrite: bool) -> bool:
# cheat file path chosen as plain name without extension (.cheat not required)
filename = tool_name
cheat_path = out_dir / filename
if cheat_path.exists() and not overwrite:
return False
lines = []
# Header as comment
lines.append(f"# {section['display']}")
lines.append("")
# From desc_cmds (description + single command)
for desc, cmd in section.get("desc_cmds", []):
if desc:
lines.append(f"# {desc}")
lines.append(cmd)
lines.append("")
# From cmds (code fences)
for cmd in section.get("cmds", []):
lines.append(cmd)
lines.append("")
# Write
cheat_path.write_text("\n".join(lines).rstrip() + "\n", encoding="utf-8")
return True
def write_tldr(tool_name: str, section, out_dir: Path, overwrite: bool) -> bool:
# TLDR pages expect lowercase filenames with .md
filename = tool_name.lower()
tldr_path = out_dir / f"{filename}.md"
if tldr_path.exists() and not overwrite:
return False
md = []
md.append(f"# {tool_name}")
md.append("")
md.append("> Generated from remnux-tldr-cheatsheet.md. Review for accuracy.")
md.append("")
# Emit desc_cmds first
for desc, cmd in section.get("desc_cmds", []):
if desc:
md.append(f"- {desc}:")
else:
md.append(f"- Example:")
md.append("")
md.append(f"`{cmd}`")
md.append("")
# Emit code-fence commands as generic examples
for cmd in section.get("cmds", []):
md.append(f"- Example:")
md.append("")
md.append(f"`{cmd}`")
md.append("")
tldr_path.write_text("\n".join(md).rstrip() + "\n", encoding="utf-8")
return True
def main():
ap = argparse.ArgumentParser()
ap.add_argument("--in", dest="infile", required=True, help="Path to remnux-tldr-cheatsheet.md")
ap.add_argument("--cheat-dir", required=True, help="Output directory for cheat sheets")
ap.add_argument("--tldr-dir", required=True, help="Output directory for TLDR pages")
ap.add_argument("--only-missing", action="store_true", help="Only create files that don't already exist")
ap.add_argument("--overwrite", action="store_true", help="Overwrite existing files")
args = ap.parse_args()
if args.overwrite and args.only_missing:
print("[!] --overwrite and --only-missing are mutually exclusive; using --overwrite")
args.only_missing = False
text = Path(args.infile).read_text(encoding="utf-8", errors="replace").splitlines()
sections = parse_sections(text)
cheat_dir = Path(args.cheat_dir)
tldr_dir = Path(args.tldr_dir)
ensure_dir(cheat_dir)
ensure_dir(tldr_dir)
created_cheat = created_tldr = 0
skipped_cheat = skipped_tldr = 0
for sec in sections:
tool_name = sec["name"]
# Write cheat
c_written = write_cheat(tool_name, sec, cheat_dir, overwrite=not args.only_missing)
if c_written:
created_cheat += 1
else:
skipped_cheat += 1
# Write tldr
t_written = write_tldr(tool_name, sec, tldr_dir, overwrite=not args.only_missing)
if t_written:
created_tldr += 1
else:
skipped_tldr += 1
print(f"✅ Conversion complete: cheat created={created_cheat}, skipped={skipped_cheat}; tldr created={created_tldr}, skipped={skipped_tldr}")
if __name__ == "__main__":
main()

112
scripts/create-accurate-tools-db.sh Executable file
View File

@@ -0,0 +1,112 @@
#!/bin/bash
# Create accurate tools database for REMnux-based container
# This script only includes tools that actually exist in the container
# with their correct command names and practical usage examples
set -e
DOCS_DIR="/opt/remnux-docs"
TOOLS_DB="/opt/remnux-docs/tools.db"
echo "🔧 Creating accurate tools database..."
# Create documentation directory
mkdir -p "$DOCS_DIR"
# Create the tools database with verified tools
cat > "$TOOLS_DB" << 'EOF'
# REMnux Enhanced Tools Database
# Format: TOOL_NAME|DESCRIPTION|CATEGORY|USAGE_EXAMPLE|AVAILABLE
# Only includes tools verified to be available in container
# PDF Analysis Tools
pdf-parser.py|Parse and analyze PDF structure and objects|analyze documents pdf|pdf-parser.py suspicious.pdf|✓
pdfid.py|Identify suspicious elements in PDF files|analyze documents pdf|pdfid.py document.pdf|✓
peepdf|Interactive PDF analysis framework with JavaScript detection|analyze documents pdf|peepdf -i malicious.pdf|✓
pdftk|Manipulate PDF files (merge, split, encrypt)|analyze documents pdf|pdftk input.pdf output output.pdf flatten|✓
qpdf|PDF manipulation tool (merge, convert, transform)|analyze documents pdf|qpdf --decrypt encrypted.pdf output.pdf|✓
pdfresurrect|Extract previous versions from PDF files|analyze documents pdf|pdfresurrect document.pdf|✓
pdftool.py|Analyze PDF incremental updates|analyze documents pdf|pdftool.py document.pdf|✓
# Malware Analysis Tools
capa|Detect malware capabilities using MITRE ATT&CK framework|malware analysis|capa malware.exe|✓
box-js|JavaScript sandbox for malware analysis|malware analysis|box-js --output-dir=/tmp suspicious.js|✓
oletools|Office document analysis suite (oledump.py, rtfdump.py, etc)|malware analysis|oledump.py document.doc|✓
oledump.py|Analyze OLE files (Office documents)|malware analysis|oledump.py document.xls|✓
rtfdump.py|Analyze RTF documents|malware analysis|rtfdump.py document.rtf|✓
emldump.py|Analyze EML email files|malware analysis|emldump.py message.eml|✓
base64dump.py|Extract and decode base64 strings|malware analysis|base64dump.py document.txt|✓
strings|Extract printable strings from files|malware analysis|strings -n 10 binary.exe|✓
hexdump|Display file content in hexadecimal|malware analysis|hexdump -C binary.dat|✓
xxd|Create hex dump or reverse it|malware analysis|xxd binary.exe|✓
# Data Analysis Tools
visidata|Interactive data exploration and analysis|data analysis|vd data.csv|✓
unfurl|URL analysis and extraction tool|data analysis|echo "http://example.com/path" | unfurl|✓
# Origami PDF Tools (Ruby-based)
pdfcop|Examine PDF file structure using Origami|analyze documents pdf|ruby -e "require 'origami'; puts Origami::PDF.read('file.pdf').info"|⚠
pdfextract|Extract objects from PDF using Origami|analyze documents pdf|pdfextract document.pdf|⚠
pdfmetadata|Extract PDF metadata using Origami|analyze documents pdf|pdfmetadata document.pdf|⚠
# File Format Tools
exiftool|Extract metadata from files|general utilities|exiftool document.pdf|✓
file|Determine file type|general utilities|file suspicious.dat|✓
binwalk|Analyze and extract firmware images|malware analysis|binwalk firmware.bin|✓
foremost|File carving tool|forensics|foremost -t pdf,jpg -i disk.img|✓
# Text Processing
catdoc|Convert MS Word documents to text|view or edit files|catdoc document.doc|✓
docx2txt|Extract text from DOCX files|view or edit files|docx2txt document.docx|✓
unrtf|Convert RTF to other formats|view or edit files|unrtf --html document.rtf|✓
# Archive Tools
7z|7-Zip archiver with high compression|general utilities|7z x archive.7z|✓
unzip|Extract ZIP archives|general utilities|unzip archive.zip|✓
tar|Archive files|general utilities|tar -xzf archive.tar.gz|✓
# Network Analysis
tshark|Network protocol analyzer (Wireshark CLI)|network analysis|tshark -r capture.pcap|✓
tcpdump|Command-line packet analyzer|network analysis|tcpdump -r capture.pcap|✓
# System Tools
mc|Midnight Commander file manager|general utilities|mc|✓
htop|Interactive process viewer|general utilities|htop|✓
tree|Display directory structure as tree|general utilities|tree /path/to/directory|✓
# Image Processing
convert|ImageMagick convert tool|general utilities|convert input.pdf output.png|✓
identify|ImageMagick identify tool|general utilities|identify image.jpg|✓
# OCR Tools
tesseract|OCR text extraction|general utilities|tesseract image.png output|✓
# Container-Added Tools
curl|Transfer data from servers|network analysis|curl -L http://example.com|✓
wget|Download files from web|network analysis|wget http://example.com/file.pdf|✓
jq|JSON processor|data analysis|cat data.json | jq '.field'|✓
yq|YAML processor|data analysis|cat data.yaml | yq '.field'|✓
# Text Editors
vim|Vi/Vim text editor|view or edit files|vim filename.txt|✓
nano|Simple text editor|view or edit files|nano filename.txt|✓
# Python Tools Available
python3|Python 3 interpreter|general utilities|python3 script.py|✓
pip3|Python package installer|general utilities|pip3 install package|✓
EOF
echo "✅ Accurate tools database created at: $TOOLS_DB"
# Count tools
TOOL_COUNT=$(grep -c "^[^#]" "$TOOLS_DB" 2>/dev/null || echo "0")
echo "🔧 Indexed $TOOL_COUNT verified tools"
echo ""
echo "📝 Notes:"
echo " ✓ = Tool verified available"
echo " ⚠ = Tool may need different invocation or setup"
echo ""
echo "Usage: find-tool [search_term] to search through available tools"

439
scripts/create-enhanced-cheatsheets.sh Executable file
View File

@@ -0,0 +1,439 @@
#!/bin/bash
# Create enhanced cheat sheets by combining existing ones with file analysis examples
# This leverages existing resources and adds specific malware/PDF analysis use cases
set -e
CHEAT_DIR="/opt/cheatsheets"
NAVI_DIR="/opt/navi-cheats"
TLDR_CACHE="/root/.local/share/tldr"
echo "📚 Creating enhanced cheat sheet collection..."
# Create directories
mkdir -p "$CHEAT_DIR" "$NAVI_DIR" "$TLDR_CACHE"
# Function to download and enhance existing cheat sheets
download_and_enhance() {
local tool="$1"
local base_url="https://raw.githubusercontent.com/cheat/cheatsheets/master"
local output_file="$CHEAT_DIR/$tool.cheat"
echo "Processing $tool..."
# Try to download existing cheat sheet
if curl -s "$base_url/$tool" -o "/tmp/${tool}_base.cheat" && [ -s "/tmp/${tool}_base.cheat" ]; then
echo "✓ Found existing cheat sheet for $tool"
cp "/tmp/${tool}_base.cheat" "$output_file"
else
echo "⚠ No existing cheat sheet for $tool, creating from scratch"
echo "# $tool" > "$output_file"
echo "" >> "$output_file"
fi
}
# Download base cheat sheets for key tools and fix directory structure
TOOLS=("pdftk" "7z" "tar" "unzip" "exiftool")
# Create proper cheat directory structure (cheat expects files without extensions in subdirs)
mkdir -p "$CHEAT_DIR/personal"
for tool in "${TOOLS[@]}"; do
download_and_enhance "$tool"
# Copy to proper cheat structure (without .cheat extension)
if [[ -f "$CHEAT_DIR/${tool}.cheat" ]]; then
cp "$CHEAT_DIR/${tool}.cheat" "$CHEAT_DIR/personal/${tool}"
fi
done
# Enhance pdftk with file analysis specific examples
cat >> "$CHEAT_DIR/pdftk.cheat" << 'EOF'
# === FILE ANALYSIS ENHANCEMENTS ===
# Flatten PDF to prevent JavaScript execution (SECURITY)
pdftk suspicious.pdf output safe.pdf flatten
# Remove form fields and JavaScript (SECURITY)
pdftk malicious.pdf output cleaned.pdf flatten dont_ask
# Extract pages for isolated analysis
pdftk document.pdf cat 1-3 output first_pages.pdf
# Combine with metadata removal workflow
pdftk input.pdf output temp.pdf flatten
exiftool -all= temp.pdf
mv temp.pdf_original analysis_ready.pdf
# Decompress PDF streams for analysis
pdftk compressed.pdf output uncompressed.pdf uncompress
EOF
# Create comprehensive PDF analysis cheat sheet (doesn't exist in standard repos)
cat > "$CHEAT_DIR/pdf-analysis.cheat" << 'EOF'
---
tags: [ pdf, malware, analysis, security ]
---
# PDF Analysis Workflow
# Quick PDF overview and suspicious element detection
pdfid.py document.pdf
# Detailed PDF structure analysis
pdf-parser.py document.pdf
# Interactive analysis with JavaScript detection
peepdf -i document.pdf
# Extract metadata
exiftool document.pdf
# Remove passwords for analysis
qpdf --password=PASSWORD --decrypt encrypted.pdf decrypted.pdf
# Flatten PDF to remove interactive elements (SECURITY)
pdftk suspicious.pdf output safe.pdf flatten
# Extract embedded files
pdf-parser.py --extract document.pdf
# Convert PDF to images for safe viewing
convert document.pdf[0-2] page-%02d.png
# OCR text from PDF images
convert document.pdf page.png && tesseract page.png output
# Check for embedded JavaScript
peepdf -s extract_js document.pdf
# Analyze PDF with Origami (if available)
ruby -e "require 'origami'; pdf = Origami::PDF.read('document.pdf'); puts pdf.each_object.select{|o| o.is_a? Origami::Stream}.count"
# Extract strings from PDF
strings document.pdf | grep -i "javascript\|openaction\|aa\|js"
# Hexdump analysis of PDF structure
hexdump -C document.pdf | head -50
EOF
# Create malware analysis workflow cheat sheet
cat > "$CHEAT_DIR/malware-analysis.cheat" << 'EOF'
---
tags: [ malware, analysis, security, forensics ]
---
# Malware Analysis Workflow
# File type identification
file suspicious.exe
# Extract readable strings
strings -n 8 malware.bin
# Detect capabilities with CAPA
capa malware.exe
# Analyze JavaScript in sandbox
box-js --output-dir=/tmp/js_analysis suspicious.js
# Office document analysis
oledump.py document.doc
# RTF document analysis
rtfdump.py document.rtf
# Email analysis
emldump.py message.eml
# Extract base64 content
base64dump.py document.txt
# Binary analysis and extraction
binwalk malware.bin
# File carving
foremost -t exe,dll,pdf -i disk.img
# Hex analysis
xxd malware.exe | head -20
# Extract metadata from any file
exiftool malware.exe
# Archive analysis
7z l suspicious.zip
unzip -l suspicious.zip
# Network capture analysis (if pcap available)
tshark -r capture.pcap -Y "http.request.uri contains .exe"
EOF
# Create NAVI cheat sheets (interactive format)
cat > "$NAVI_DIR/pdf-analysis.cheat" << 'EOF'
% pdf analysis
# Quick PDF info and suspicious elements
pdfid.py <pdf_file>
# Detailed PDF structure analysis
pdf-parser.py <pdf_file>
# Interactive PDF analysis
peepdf -i <pdf_file>
# Flatten PDF for security (remove JavaScript/forms)
pdftk <input_pdf> output <output_pdf> flatten
# Decrypt password-protected PDF
qpdf --password=<password> --decrypt <encrypted_pdf> <output_pdf>
# Extract PDF metadata
exiftool <pdf_file>
# Convert PDF pages to images
convert <pdf_file>[<page_range>] <output_pattern>
# Extract strings with JavaScript keywords
strings <pdf_file> | grep -i "javascript\|openaction\|aa\|js"
$ pdf_file: find . -name "*.pdf" -type f
$ input_pdf: find . -name "*.pdf" -type f
$ encrypted_pdf: find . -name "*.pdf" -type f
$ page_range: echo "0-2"
$ output_pattern: echo "page-%02d.png"
$ password: echo "password123"
$ output_pdf: echo "output.pdf"
EOF
cat > "$NAVI_DIR/malware-analysis.cheat" << 'EOF'
% malware analysis
# Identify file type
file <suspicious_file>
# Extract printable strings
strings -n <min_length> <binary_file>
# Detect malware capabilities
capa <executable_file>
# Analyze JavaScript in sandbox
box-js --output-dir=<output_dir> <js_file>
# Analyze Office documents
oledump.py <office_file>
# Analyze RTF documents
rtfdump.py <rtf_file>
# Extract and analyze base64 content
base64dump.py <file_with_base64>
# Binary analysis and file extraction
binwalk <binary_file>
# File carving from disk image
foremost -t <file_types> -i <disk_image>
# Hex dump analysis
xxd <binary_file> | head -<num_lines>
$ suspicious_file: find . -type f ! -name "*.txt" ! -name "*.md"
$ binary_file: find . -type f \( -name "*.exe" -o -name "*.dll" -o -name "*.bin" \)
$ executable_file: find . -type f \( -name "*.exe" -o -name "*.dll" \)
$ js_file: find . -name "*.js" -type f
$ office_file: find . -type f \( -name "*.doc" -o -name "*.xls" -o -name "*.ppt" \)
$ rtf_file: find . -name "*.rtf" -type f
$ file_with_base64: find . -name "*.txt" -o -name "*.log" -type f
$ disk_image: find . -name "*.img" -o -name "*.dd" -type f
$ min_length: echo "8"
$ output_dir: echo "/tmp/analysis"
$ file_types: echo "exe,dll,pdf,jpg"
$ num_lines: echo "20"
EOF
# Create custom tldr pages for tools missing from standard tldr
mkdir -p "$TLDR_CACHE/pages/common"
cat > "$TLDR_CACHE/pages/common/pdfid.py.md" << 'EOF'
# pdfid.py
> Analyze PDF files and identify potentially suspicious elements.
> Part of Didier Stevens' PDF analysis toolkit.
> More information: <https://blog.didierstevens.com/programs/pdf-tools/>.
- Analyze a PDF file for suspicious elements:
`pdfid.py {{path/to/document.pdf}}`
- Show detailed analysis including object counts:
`pdfid.py {{[-v|--verbose]}} {{path/to/document.pdf}}`
- Analyze all PDF files in a directory:
`pdfid.py {{path/to/directory/*.pdf}}`
- Output results in CSV format:
`pdfid.py {{[-c|--csv]}} {{path/to/document.pdf}}`
- Scan for specific keywords in PDF:
`pdfid.py {{[-k|--keyword]}} {{javascript}} {{path/to/document.pdf}}`
EOF
cat > "$TLDR_CACHE/pages/common/pdf-parser.py.md" << 'EOF'
# pdf-parser.py
> Parse and analyze PDF file structure, extract objects and streams.
> Part of Didier Stevens' PDF analysis toolkit.
> More information: <https://blog.didierstevens.com/programs/pdf-tools/>.
- Parse PDF structure and show all objects:
`pdf-parser.py {{path/to/document.pdf}}`
- Extract a specific object by number:
`pdf-parser.py {{[-o|--object]}} {{object_number}} {{path/to/document.pdf}}`
- Search for objects containing specific text:
`pdf-parser.py {{[-s|--search]}} {{javascript}} {{path/to/document.pdf}}`
- Extract and decode streams:
`pdf-parser.py {{[-f|--filter]}} {{path/to/document.pdf}}`
- Dump raw object content:
`pdf-parser.py {{[-d|--dump]}} {{[-o|--object]}} {{object_number}} {{path/to/document.pdf}}`
- Generate statistics about PDF structure:
`pdf-parser.py {{[-a|--stats]}} {{path/to/document.pdf}}`
EOF
cat > "$TLDR_CACHE/pages/common/peepdf.md" << 'EOF'
# peepdf
> Interactive PDF analysis framework with JavaScript analysis capabilities.
> More information: <https://eternal-todo.com/tools/peepdf-pdf-analysis-tool>.
- Analyze PDF file interactively:
`peepdf {{[-i|--interactive]}} {{path/to/document.pdf}}`
- Analyze PDF and automatically extract suspicious elements:
`peepdf {{[-f|--force-mode]}} {{path/to/document.pdf}}`
- Load PDF and execute peepdf script:
`peepdf {{[-s|--script]}} {{script.txt}} {{path/to/document.pdf}}`
- Analyze PDF with specific password:
`peepdf {{[-p|--password]}} {{password}} {{path/to/document.pdf}}`
- Generate XML report:
`peepdf {{[-x|--xml]}} {{path/to/document.pdf}}`
- Update malicious URL database:
`peepdf {{[-u|--update]}}`
EOF
cat > "$TLDR_CACHE/pages/common/capa.md" << 'EOF'
# capa
> Detect malware capabilities using the MITRE ATT&CK framework.
> Analyzes executables and maps them to threat behaviors.
> More information: <https://github.com/mandiant/capa>.
- Analyze an executable for capabilities:
`capa {{path/to/malware.exe}}`
- Show verbose analysis with detailed explanations:
`capa {{[-v|--verbose]}} {{path/to/malware.exe}}`
- Output results in JSON format:
`capa {{[-j|--json]}} {{path/to/malware.exe}}`
- Analyze with custom rules directory:
`capa {{[-r|--rules]}} {{path/to/rules}} {{path/to/malware.exe}}`
- Show only capabilities above certain confidence:
`capa {{[-t|--tag]}} {{communication}} {{path/to/malware.exe}}`
- Analyze shellcode instead of PE file:
`capa {{[-f|--format]}} {{shellcode}} {{path/to/shellcode.bin}}`
EOF
# Configure cheat to use our cheat sheets directory (for remnux user)
mkdir -p /home/remnux/.config/cheat
cat > /home/remnux/.config/cheat/conf.yml << 'EOF'
---
cheatpaths:
- name: personal
path: /opt/cheatsheets/personal
tags: [personal]
readonly: false
EOF
chown -R remnux:remnux /home/remnux/.config/
# Fix navi configuration to prevent fzf preview errors (for remnux user)
mkdir -p /home/remnux/.config/navi
cat > /home/remnux/.config/navi/config.yaml << 'EOF'
cheats:
paths:
- /opt/navi-cheats
- /opt/cheatsheets
finder:
command: fzf
preview_window: right:50%
shell:
command: bash
EOF
chown -R remnux:remnux /home/remnux/.config/
# Copy custom cheat sheets to proper cheat structure
cp "$CHEAT_DIR/pdf-analysis.cheat" "$CHEAT_DIR/personal/pdf-analysis" 2>/dev/null || true
cp "$CHEAT_DIR/malware-analysis.cheat" "$CHEAT_DIR/personal/malware-analysis" 2>/dev/null || true
echo "✅ Enhanced cheat sheet collection created!"
echo ""
echo "📊 Summary:"
echo " 📁 Cheat sheets: $CHEAT_DIR"
echo " 🎯 Navi cheats: $NAVI_DIR"
echo " 📚 TLDR cache: $TLDR_CACHE"
echo ""
echo "Available cheat sheets:"
ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ • /' || echo " • (checking directory structure...)"
echo ""
echo "Usage examples:"
echo " cheat pdftk # Show pdftk cheat sheet"
echo " navi # Interactive cheat browser"
echo " tldr pdfid.py # Quick examples for pdfid.py"
echo " fhelp cheat pdf # File analysis PDF workflow"

492
scripts/create-offline-help-system.sh Executable file
View File

@@ -0,0 +1,492 @@
#!/bin/bash
# Create comprehensive offline help system focused on tldr and cheat
# Removes navi complexity and ensures reliable offline operation
set -e
CHEAT_DIR="/opt/cheatsheets"
TLDR_CACHE="/home/remnux/.local/share/tldr"
TOOLS_DB="/opt/remnux-docs/tools.db"
echo "📚 Creating streamlined offline help system..."
# Create directories
mkdir -p "$CHEAT_DIR/personal" "$TLDR_CACHE/pages/common" "/opt/remnux-docs"
# Configure cheat properly for remnux user
mkdir -p /home/remnux/.config/cheat
cat > /home/remnux/.config/cheat/conf.yml << 'EOF'
---
cheatpaths:
- name: personal
path: /opt/cheatsheets/personal
tags: [personal]
readonly: false
EOF
# Download existing cheat sheets and place them correctly
echo "📥 Downloading existing cheat sheets..."
TOOLS=("tar" "7z" "unzip" "grep" "find" "awk" "sed")
for tool in "${TOOLS[@]}"; do
echo " • Downloading $tool cheat sheet..."
if curl -s "https://raw.githubusercontent.com/cheat/cheatsheets/master/$tool" -o "$CHEAT_DIR/personal/$tool" && [ -s "$CHEAT_DIR/personal/$tool" ]; then
echo " ✅ Downloaded $tool"
else
echo " ⚠ Failed to download $tool, creating basic version"
echo "# $tool" > "$CHEAT_DIR/personal/$tool"
echo "# Basic usage examples for $tool" >> "$CHEAT_DIR/personal/$tool"
fi
done
# Create comprehensive cheat sheets for your original analysis tools
echo "📋 Creating analysis-focused cheat sheets..."
# PDF Analysis cheat sheet
cat > "$CHEAT_DIR/personal/pdf-analysis" << 'EOF'
# PDF Analysis Workflow
# Quick PDF overview and suspicious element detection
pdfid.py document.pdf
# Detailed PDF structure analysis
pdf-parser.py document.pdf
# Interactive analysis with JavaScript detection
peepdf -i document.pdf
# Extract metadata
exiftool document.pdf
# Remove passwords for analysis
qpdf --password=PASSWORD --decrypt encrypted.pdf decrypted.pdf
# Flatten PDF to remove interactive elements (SECURITY)
pdftk suspicious.pdf output safe.pdf flatten
# Extract embedded files
pdf-parser.py --extract document.pdf
# Convert PDF to images for safe viewing
convert document.pdf[0-2] page-%02d.png
# OCR text from PDF images
convert document.pdf page.png && tesseract page.png output
# Check for embedded JavaScript
peepdf -s extract_js document.pdf
# Extract strings from PDF
strings document.pdf | grep -i "javascript\|openaction\|aa\|js"
# Hexdump analysis of PDF structure
hexdump -C document.pdf | head -50
EOF
# Individual tool cheat sheets
cat > "$CHEAT_DIR/personal/pdfid" << 'EOF'
# pdfid.py - PDF Analysis Tool
# Basic PDF analysis
pdfid.py document.pdf
# Verbose output with detailed object counts
pdfid.py -a document.pdf
# Scan all PDFs in directory
pdfid.py *.pdf
# Output in CSV format (requires plugins)
pdfid.py -c document.pdf
# Force analysis of potentially corrupted PDFs
pdfid.py -f document.pdf
EOF
cat > "$CHEAT_DIR/personal/pdf-parser" << 'EOF'
# pdf-parser.py - PDF Structure Analysis
# Parse PDF structure
pdf-parser.py document.pdf
# Extract specific object by number
pdf-parser.py -o 5 document.pdf
# Search for objects containing text
pdf-parser.py -s javascript document.pdf
# Extract and decode streams
pdf-parser.py -f document.pdf
# Dump raw object content
pdf-parser.py -d -o 5 document.pdf
# Generate statistics
pdf-parser.py -a document.pdf
# Extract all objects to files
pdf-parser.py --extract document.pdf
EOF
cat > "$CHEAT_DIR/personal/peepdf" << 'EOF'
# peepdf - Interactive PDF Analysis
# Interactive analysis mode
peepdf -i document.pdf
# Force mode for suspicious PDFs
peepdf -f document.pdf
# Load PDF with script
peepdf -s script.txt document.pdf
# Analyze with specific password
peepdf -p password document.pdf
# Generate XML report
peepdf -x document.pdf
# Update malicious URL database
peepdf -u
# Check for vulnerabilities
peepdf -C document.pdf
EOF
cat > "$CHEAT_DIR/personal/pdftk" << 'EOF'
# pdftk - PDF Manipulation
# Flatten PDF (remove JavaScript/forms) - SECURITY
pdftk suspicious.pdf output safe.pdf flatten
# Concatenate PDFs
pdftk file1.pdf file2.pdf cat output combined.pdf
# Extract specific pages
pdftk document.pdf cat 1-3 output pages1-3.pdf
# Split PDF into single pages
pdftk document.pdf burst
# Decrypt password-protected PDF
pdftk encrypted.pdf input_pw password output decrypted.pdf
# Add password to PDF
pdftk document.pdf output protected.pdf user_pw password
# Decompress PDF streams for analysis
pdftk compressed.pdf output uncompressed.pdf uncompress
EOF
# OLE document analysis (oledump)
cat > "$CHEAT_DIR/personal/oledump.py" << 'EOF'
# oledump.py - Analyze OLE files (Office documents)
# List all streams (basic overview)
oledump.py document.doc
# Dump the content of a specific stream (e.g., 8) to stdout
oledump.py -s 8 -d document.doc > stream8.bin
# Analyze a specific stream (e.g., 8) in detail
oledump.py -s 8 document.doc
EOF
# Provide alias without .py for convenience
cp "$CHEAT_DIR/personal/oledump.py" "$CHEAT_DIR/personal/oledump" 2>/dev/null || true
# Malware analysis cheat sheet
cat > "$CHEAT_DIR/personal/malware-analysis" << 'EOF'
# Malware Analysis Workflow
# File identification
file suspicious.exe
exiftool suspicious.exe
# String analysis
strings -n 8 malware.bin
strings -e l malware.bin # little-endian 16-bit
strings -e b malware.bin # big-endian 16-bit
# Capability detection
capa malware.exe
# JavaScript analysis
box-js --output-dir=/tmp/js_analysis suspicious.js
# Office document analysis
oledump.py document.doc
rtfdump.py document.rtf
emldump.py message.eml
# Base64 content extraction
base64dump.py document.txt
# Binary analysis
binwalk malware.bin
hexdump -C malware.exe | head -20
# File carving
foremost -t exe,dll,pdf -i disk.img
EOF
cat > "$CHEAT_DIR/personal/capa" << 'EOF'
# capa - Malware Capability Detection
# Basic capability analysis
capa malware.exe
# Verbose output with detailed explanations
capa -v malware.exe
# Output in JSON format
capa -j malware.exe
# Use custom rules directory
capa -r /path/to/rules malware.exe
# Show only specific capability tags
capa -t communication malware.exe
# Analyze shellcode
capa -f shellcode shellcode.bin
# Analyze with specific architecture
capa -a x64 malware.exe
EOF
# Create comprehensive TLDR pages
echo "📖 Creating TLDR pages for analysis tools..."
cat > "$TLDR_CACHE/pages/common/pdfid.py.md" << 'EOF'
# pdfid.py
> Analyze PDF files and identify potentially suspicious elements.
> Part of Didier Stevens' PDF analysis toolkit.
> More information: <https://blog.didierstevens.com/programs/pdf-tools/>.
- Analyze a PDF file for suspicious elements:
`pdfid.py {{path/to/document.pdf}}`
- Show detailed analysis with object counts:
`pdfid.py {{-a|--all}} {{path/to/document.pdf}}`
- Analyze all PDF files in current directory:
`pdfid.py {{*.pdf}}`
- Output results in CSV format (requires plugins):
`pdfid.py {{-c|--csv}} {{path/to/document.pdf}}`
- Force analysis of potentially corrupted PDF:
`pdfid.py {{-f|--force}} {{path/to/document.pdf}}`
EOF
cat > "$TLDR_CACHE/pages/common/pdf-parser.py.md" << 'EOF'
# pdf-parser.py
> Parse and analyze PDF file structure, extract objects and streams.
> Part of Didier Stevens' PDF analysis toolkit.
> More information: <https://blog.didierstevens.com/programs/pdf-tools/>.
- Parse PDF structure and show all objects:
`pdf-parser.py {{path/to/document.pdf}}`
- Extract a specific object by number:
`pdf-parser.py {{-o|--object}} {{object_number}} {{path/to/document.pdf}}`
- Search for objects containing specific text:
`pdf-parser.py {{-s|--search}} {{javascript}} {{path/to/document.pdf}}`
- Extract and decode streams:
`pdf-parser.py {{-f|--filter}} {{path/to/document.pdf}}`
- Dump raw object content to file:
`pdf-parser.py {{-d|--dump}} {{-o|--object}} {{object_number}} {{path/to/document.pdf}}`
- Generate statistics about PDF structure:
`pdf-parser.py {{-a|--stats}} {{path/to/document.pdf}}`
- Extract all objects to separate files:
`pdf-parser.py {{--extract}} {{path/to/document.pdf}}`
EOF
cat > "$TLDR_CACHE/pages/common/peepdf.md" << 'EOF'
# peepdf
> Interactive PDF analysis framework with JavaScript analysis capabilities.
> More information: <https://eternal-todo.com/tools/peepdf-pdf-analysis-tool>.
- Analyze PDF file interactively:
`peepdf {{-i|--interactive}} {{path/to/document.pdf}}`
- Analyze PDF and force processing of suspicious elements:
`peepdf {{-f|--force-mode}} {{path/to/document.pdf}}`
- Load PDF and execute peepdf script:
`peepdf {{-s|--script}} {{script.txt}} {{path/to/document.pdf}}`
- Analyze PDF with specific password:
`peepdf {{-p|--password}} {{password}} {{path/to/document.pdf}}`
- Generate XML analysis report:
`peepdf {{-x|--xml}} {{path/to/document.pdf}}`
- Check for known vulnerabilities:
`peepdf {{-C|--check-vulns}} {{path/to/document.pdf}}`
- Update malicious URL database:
`peepdf {{-u|--update}}`
EOF
cat > "$TLDR_CACHE/pages/common/capa.md" << 'EOF'
# capa
> Detect malware capabilities using the MITRE ATT&CK framework.
> Analyzes executables and maps them to threat behaviors.
> More information: <https://github.com/mandiant/capa>.
- Analyze an executable for capabilities:
`capa {{path/to/malware.exe}}`
- Show verbose analysis with detailed explanations:
`capa {{-v|--verbose}} {{path/to/malware.exe}}`
- Output results in JSON format:
`capa {{-j|--json}} {{path/to/malware.exe}}`
- Analyze with custom rules directory:
`capa {{-r|--rules}} {{path/to/rules}} {{path/to/malware.exe}}`
- Show only capabilities matching specific tag:
`capa {{-t|--tag}} {{communication}} {{path/to/malware.exe}}`
- Analyze shellcode instead of PE file:
`capa {{-f|--format}} {{shellcode}} {{path/to/shellcode.bin}}`
- Analyze with specific architecture:
`capa {{-a|--arch}} {{x64}} {{path/to/malware.exe}}`
EOF
cat > "$TLDR_CACHE/pages/common/box-js.md" << 'EOF'
# box-js
> JavaScript sandbox for malware analysis and deobfuscation.
> More information: <https://github.com/CapacitorSet/box-js>.
- Analyze JavaScript file in sandbox:
`box-js {{suspicious.js}}`
- Analyze with custom output directory:
`box-js {{--output-dir}} {{/tmp/analysis}} {{suspicious.js}}`
- Enable verbose logging:
`box-js {{--verbose}} {{suspicious.js}}`
- Analyze with timeout (in seconds):
`box-js {{--timeout}} {{30}} {{suspicious.js}}`
- Download and analyze JavaScript from URL:
`box-js {{--download}} {{http://example.com/malicious.js}}`
- Analyze with custom user agent:
`box-js {{--user-agent}} {{"Custom Agent"}} {{suspicious.js}}`
EOF
# Create accurate tools database
cat > "$TOOLS_DB" << 'EOF'
# REMnux Analysis Tools Database
# Format: TOOL_NAME|DESCRIPTION|CATEGORY|USAGE_EXAMPLE
# PDF Analysis Tools (Your Original Focus)
pdfid.py|Identify suspicious elements in PDF files|pdf analysis|pdfid.py document.pdf
pdf-parser.py|Parse and analyze PDF structure and objects|pdf analysis|pdf-parser.py document.pdf
peepdf|Interactive PDF analysis framework with JavaScript detection|pdf analysis|peepdf -i malicious.pdf
pdftk|Manipulate PDF files (merge, split, flatten)|pdf analysis|pdftk input.pdf output output.pdf flatten
qpdf|PDF manipulation tool (decrypt, merge, convert)|pdf analysis|qpdf --decrypt encrypted.pdf output.pdf
# Malware Analysis Tools
capa|Detect malware capabilities using MITRE ATT&CK|malware analysis|capa malware.exe
box-js|JavaScript sandbox for malware analysis|malware analysis|box-js --output-dir=/tmp suspicious.js
oledump.py|Analyze OLE files (Office documents)|malware analysis|oledump.py document.xls
rtfdump.py|Analyze RTF documents|malware analysis|rtfdump.py document.rtf
emldump.py|Analyze EML email files|malware analysis|emldump.py message.eml
base64dump.py|Extract and decode base64 strings|malware analysis|base64dump.py document.txt
# File Analysis Tools
strings|Extract printable strings from files|file analysis|strings -n 10 binary.exe
hexdump|Display file content in hexadecimal|file analysis|hexdump -C binary.dat
file|Determine file type|file analysis|file suspicious.dat
exiftool|Extract metadata from files|file analysis|exiftool document.pdf
binwalk|Analyze and extract firmware/binary images|file analysis|binwalk firmware.bin
# Archive and Compression
7z|7-Zip archiver with high compression|utilities|7z x archive.7z
unzip|Extract ZIP archives|utilities|unzip archive.zip
tar|Archive files with compression|utilities|tar -xzf archive.tar.gz
# Text Processing and Search
grep|Search text using patterns|text processing|grep -r "pattern" directory/
find|Find files and directories|file search|find /path -name "*.pdf"
awk|Text processing and pattern scanning|text processing|awk '{print $1}' file.txt
sed|Stream editor for text manipulation|text processing|sed 's/old/new/g' file.txt
EOF
# Initialize tldr cache and ensure offline functionality
echo "🔄 Initializing tldr cache for offline use..."
export HOME=/home/remnux
su - remnux -c "tldr --update" 2>/dev/null || echo "⚠ TLDR update attempted"
# Set proper ownership
chown -R remnux:remnux /home/remnux/.config /home/remnux/.local "$CHEAT_DIR" 2>/dev/null || true
echo "✅ Streamlined offline help system created!"
echo ""
echo "📊 Summary:"
echo " 📁 Cheat sheets: $CHEAT_DIR/personal/"
echo " 📚 TLDR cache: $TLDR_CACHE/pages/common/"
echo " 🔍 Tools database: $TOOLS_DB"
echo ""
echo "Available help:"
echo " fhelp cheat pdf-analysis # PDF analysis workflow"
echo " fhelp cheat pdfid # pdfid.py examples"
echo " tldr pdfid.py # Quick pdfid.py reference"
echo " tldr capa # Quick capa reference"
echo ""
# Count resources
cheat_count=$(find "$CHEAT_DIR/personal" -type f 2>/dev/null | wc -l)
tldr_count=$(find "$TLDR_CACHE/pages/common" -name "*.md" 2>/dev/null | wc -l)
echo "📈 Resources: $cheat_count cheat sheets, $tldr_count TLDR pages"

64
scripts/demo-help-coverage.sh Normal file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
# Simple demo to show current help coverage status
echo "📚 Current Help System Status"
echo "=============================="
echo ""
echo "📋 Available Cheat Sheets:"
echo "-------------------------"
ls -1 /opt/cheatsheets/personal/ 2>/dev/null | head -20 | sed 's/^/ ✅ /'
echo ""
echo "📖 Available TLDR Pages (custom):"
echo "---------------------------------"
ls -1 /home/remnux/.local/share/tldr/pages/common/*.md 2>/dev/null | \
sed 's|.*/||; s|\.md$||' | head -20 | sed 's/^/ ✅ /'
echo ""
echo "🧪 Testing fhelp cheat resolution:"
echo "----------------------------------"
echo " Testing: fhelp cheat pdfid"
fhelp cheat pdfid 2>&1 | head -5 | sed 's/^/ /'
echo ""
echo " Testing: fhelp cheat pdfid.py (with .py)"
fhelp cheat pdfid.py 2>&1 | head -5 | sed 's/^/ /'
echo ""
echo " Testing: fhelp cheat oledump"
fhelp cheat oledump 2>&1 | head -5 | sed 's/^/ /'
echo ""
echo "📊 Quick Check - Key Tools:"
echo "--------------------------"
KEY_TOOLS=("pdfid" "pdf-parser" "peepdf" "pdftk" "capa" "oledump" "binwalk" "strings")
for tool in "${KEY_TOOLS[@]}"; do
cheat_status="❌"
tldr_status="❌"
# Check cheat (simple file test)
if [[ -f "/opt/cheatsheets/personal/$tool" ]] || [[ -f "/opt/cheatsheets/personal/${tool}.py" ]]; then
cheat_status="✅"
fi
# Check TLDR (simple file test)
if [[ -f "/home/remnux/.local/share/tldr/pages/common/${tool}.md" ]] || \
[[ -f "/home/remnux/.local/share/tldr/pages/common/${tool}.py.md" ]]; then
tldr_status="✅"
fi
printf " %-20s CHEAT: %s TLDR: %s\n" "$tool" "$cheat_status" "$tldr_status"
done
echo ""
echo "✨ Summary:"
cheat_count=$(ls -1 /opt/cheatsheets/personal/ 2>/dev/null | wc -l)
tldr_count=$(ls -1 /home/remnux/.local/share/tldr/pages/common/*.md 2>/dev/null | wc -l)
echo " 📁 Cheat sheets: $cheat_count"
echo " 📚 TLDR pages: $tldr_count"
echo ""
echo "💡 To add more tools:"
echo " 1. Place remnux-tldr-cheatsheet.md in /data"
echo " 2. Run: import-remnux-cheatsheets.sh /data/remnux-tldr-cheatsheet.md"

358
scripts/fhelp Executable file
View File

@@ -0,0 +1,358 @@
#!/bin/bash
# Enhanced File Analysis Help System
# Integrates multiple help sources: custom cheat sheets, navi, tldr, and tool database
# Color definitions
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
MAGENTA='\033[0;35m'
NC='\033[0m'
# Help system paths
TOOLS_DB="/opt/remnux-docs/tools.db"
CHEAT_DIR="/opt/cheatsheets"
TLDR_CACHE="/home/remnux/.local/share/tldr"
# Resolve cheat file names from a user-provided tool name
# Tries several variants: exact, without .py, with .py, hyphen/underscore alternatives
resolve_cheat_file() {
local name="$1"
local base=$(echo "$name" | sed 's/\.[Pp][Yy]$//')
# candidates to try in order
local candidates=(
"$name"
"$base"
"${base}.py"
"${base//_/}"
"${base//-/_}"
"${base//_/-}"
)
for cand in "${candidates[@]}"; do
if [[ -f "$CHEAT_DIR/personal/$cand" ]]; then
echo "$CHEAT_DIR/personal/$cand"
return 0
fi
if [[ -f "$CHEAT_DIR/${cand}.cheat" ]]; then
echo "$CHEAT_DIR/${cand}.cheat"
return 0
fi
done
return 1
}
show_main_help() {
echo -e "${CYAN}📚 File Analysis Container Help System${NC}"
echo "======================================"
echo ""
echo -e "${GREEN}🔍 Tool Discovery:${NC}"
echo " fhelp tools [term] - Search for analysis tools"
echo " fhelp tools --interactive - Browse tools interactively"
echo " fhelp tools --list - List all available tools"
echo ""
echo -e "${GREEN}📖 Command Examples:${NC}"
echo " fhelp cheat <tool> - Show cheat sheet for specific tool"
echo " fhelp examples - Browse all command examples interactively"
echo " fhelp quick <command> - Quick examples (tldr style)"
echo ""
echo -e "${GREEN}🎯 Analysis Workflows:${NC}"
echo " fhelp pdf - PDF analysis workflow"
echo " fhelp malware - Malware analysis workflow"
echo " fhelp forensics - System forensics workflow"
echo ""
echo -e "${GREEN}💡 Quick Access:${NC}"
echo " fhelp --all - Show everything available"
echo " fhelp --offline - Verify offline capabilities"
echo ""
echo -e "${YELLOW}Examples:${NC}"
echo " fhelp tools pdf # Find PDF analysis tools"
echo " fhelp cheat pdfid.py # Show pdfid.py examples"
echo " fhelp quick tar # Quick tar examples"
echo " fhelp examples # Browse all examples"
}
show_cheat() {
local tool="$1"
if [[ -z "$tool" ]]; then
echo -e "${RED}❌ Please specify a tool name${NC}"
echo "Usage: fhelp cheat <tool>"
return 1
fi
# Check for specific workflow cheat sheets
local cheat_file=""
case "$tool" in
"pdf"|"pdf-analysis")
cheat_file="$CHEAT_DIR/pdf-analysis.cheat"
;;
"malware"|"malware-analysis")
cheat_file="$CHEAT_DIR/malware-analysis.cheat"
;;
*)
cheat_file="$CHEAT_DIR/${tool}.cheat"
;;
esac
if [[ -f "$cheat_file" ]]; then
echo -e "${CYAN}📋 Cheat Sheet: ${YELLOW}$tool${NC}"
echo "=" $(printf '=%.0s' $(seq 1 ${#tool}))
echo ""
# Skip YAML frontmatter if present and print raw content (no ANSI coloring to avoid artifacts)
awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$cheat_file"
else
# Try resolution of common variants (e.g., pdfid.py -> pdfid, oledump -> oledump.py)
local resolved
resolved=$(resolve_cheat_file "$tool") || true
if [[ -n "$resolved" && -f "$resolved" ]]; then
echo -e "${CYAN}📋 Cheat Sheet: ${YELLOW}$tool${NC}"
echo "=" $(printf '=%.0s' $(seq 1 ${#tool}))
echo ""
awk '/^---$/{if(++c==2) start=1; next} start || !/^---$/ && c!=1' "$resolved"
else
echo -e "${YELLOW}⚠️ No cheat sheet found for '$tool'${NC}"
echo ""
echo "Available cheat sheets:"
if [[ -d "$CHEAT_DIR/personal" ]]; then
ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ • /'
fi
return 1
fi
fi
}
show_quick() {
local command="$1"
if [[ -z "$command" ]]; then
echo -e "${RED}❌ Please specify a command name${NC}"
echo "Usage: fhelp quick <command>"
return 1
fi
echo -e "${CYAN}📖 Quick examples for: ${YELLOW}$command${NC}"
echo ""
if command -v tldr >/dev/null 2>&1; then
if ! tldr "$command" 2>/dev/null; then
echo -e "${YELLOW}⚠️ No tldr page found for '$command'${NC}"
echo "Try: fhelp cheat $command"
fi
else
echo -e "${RED}❌ tldr command not available${NC}"
return 1
fi
}
show_tools() {
local search_term="$1"
local option="$2"
case "$option" in
"--interactive")
if command -v find-tool >/dev/null 2>&1; then
find-tool --interactive
else
echo -e "${RED}❌ find-tool not available${NC}"
fi
;;
"--list")
if command -v find-tool >/dev/null 2>&1; then
find-tool --list
else
echo -e "${RED}❌ find-tool not available${NC}"
fi
;;
*)
if [[ -z "$search_term" ]]; then
echo -e "${RED}❌ Please provide a search term${NC}"
echo "Usage: fhelp tools <search_term>"
echo " fhelp tools --interactive"
echo " fhelp tools --list"
return 1
fi
echo -e "${CYAN}🔍 Searching analysis tools...${NC}"
if command -v find-tool >/dev/null 2>&1; then
find-tool "$search_term"
else
echo -e "${RED}❌ find-tool not available${NC}"
fi
;;
esac
}
show_examples() {
echo -e "${CYAN}🎯 Available Command Examples${NC}"
echo ""
echo "Available cheat sheets:"
if [[ -d "$CHEAT_DIR/personal" ]]; then
echo -e "${GREEN}Cheat sheets (use: fhelp cheat <name>):${NC}"
ls -1 "$CHEAT_DIR/personal/" 2>/dev/null | sed 's/^/ • /'
echo ""
fi
echo "Available TLDR pages:"
if [[ -d "/home/remnux/.local/share/tldr/pages/common" ]]; then
echo -e "${GREEN}TLDR pages (use: tldr <name>):${NC}"
ls -1 /home/remnux/.local/share/tldr/pages/common/*.md 2>/dev/null | sed 's|.*/||; s|\.md$||' | sed 's/^/ • /'
fi
}
show_offline_status() {
echo -e "${CYAN}🔌 Offline Capability Check${NC}"
echo "==========================="
echo ""
echo "Documentation Tools:"
local tools=("find-tool" "cheat" "tldr")
for tool in "${tools[@]}"; do
if command -v "$tool" >/dev/null 2>&1; then
echo -e " ${GREEN}✅ $tool - available${NC}"
else
echo -e " ${RED}❌ $tool - missing${NC}"
fi
done
echo ""
echo "Documentation Files:"
local files=("$TOOLS_DB" "$CHEAT_DIR/pdf-analysis.cheat" "$CHEAT_DIR/malware-analysis.cheat")
local file_names=("/opt/remnux-docs/tools.db" "/opt/cheatsheets/pdf-analysis.cheat" "/opt/cheatsheets/malware-analysis.cheat")
for i in "${!files[@]}"; do
if [[ -f "${files[$i]}" ]]; then
echo -e " ${GREEN}✅ ${file_names[$i]} - available${NC}"
else
echo -e " ${RED}❌ ${file_names[$i]} - missing${NC}"
fi
done
# Count available cheat sheets
if [[ -d "$CHEAT_DIR" ]]; then
local cheat_count=$(ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | wc -l)
echo ""
echo -e "${CYAN}📊 $cheat_count cheat sheets available${NC}"
fi
echo ""
echo -e "${GREEN}🎉 Offline help system ready!${NC}"
}
show_pdf_workflow() {
echo -e "${CYAN}📄 PDF Analysis Workflow${NC}"
echo "========================"
echo ""
echo -e "${GREEN}Step 1: Initial Analysis${NC}"
echo " pdfid.py document.pdf # Quick overview"
echo " file document.pdf # File type check"
echo ""
echo -e "${GREEN}Step 2: Detailed Analysis${NC}"
echo " pdf-parser.py document.pdf # Structure analysis"
echo " peepdf -i document.pdf # Interactive analysis"
echo ""
echo -e "${GREEN}Step 3: Security Measures${NC}"
echo " pdftk document.pdf output safe.pdf flatten # Remove JavaScript"
echo " qpdf --decrypt encrypted.pdf decrypted.pdf # Remove password"
echo ""
echo -e "${GREEN}Step 4: Deep Inspection${NC}"
echo " strings document.pdf | grep -i javascript # Find suspicious strings"
echo " exiftool document.pdf # Extract metadata"
echo " convert document.pdf[0] preview.png # Safe preview"
echo ""
echo -e "${YELLOW}For more examples: fhelp cheat pdf${NC}"
}
show_malware_workflow() {
echo -e "${CYAN}🦠 Malware Analysis Workflow${NC}"
echo "============================"
echo ""
echo -e "${GREEN}Step 1: File Identification${NC}"
echo " file suspicious.exe # Identify file type"
echo " exiftool suspicious.exe # Extract metadata"
echo ""
echo -e "${GREEN}Step 2: Static Analysis${NC}"
echo " strings -n 8 malware.bin # Extract strings"
echo " capa malware.exe # Detect capabilities"
echo " binwalk malware.bin # Analyze binary structure"
echo ""
echo -e "${GREEN}Step 3: Document Analysis${NC}"
echo " oledump.py document.doc # Office documents"
echo " rtfdump.py document.rtf # RTF documents"
echo " box-js suspicious.js # JavaScript sandbox"
echo ""
echo -e "${GREEN}Step 4: Data Extraction${NC}"
echo " base64dump.py encoded.txt # Base64 content"
echo " foremost -t exe,dll -i image.dd # File carving"
echo ""
echo -e "${YELLOW}For more examples: fhelp cheat malware${NC}"
}
show_all() {
echo -e "${CYAN}🔍 Complete Help System Overview${NC}"
echo "================================="
echo ""
show_tools "analysis"
echo ""
echo -e "${CYAN}Available Workflows:${NC}"
echo " • PDF Analysis (fhelp pdf)"
echo " • Malware Analysis (fhelp malware)"
echo ""
if [[ -d "$CHEAT_DIR" ]]; then
echo -e "${CYAN}Available Cheat Sheets:${NC}"
ls -1 "$CHEAT_DIR"/*.cheat 2>/dev/null | sed 's|.*/||; s|\.cheat$||' | sed 's/^/ • /'
echo ""
fi
show_offline_status
}
# Main command parsing
case "${1:-}" in
"tools")
shift
show_tools "$@"
;;
"cheat")
shift
show_cheat "$@"
;;
"quick")
shift
show_quick "$@"
;;
"examples")
show_examples
;;
"pdf")
show_pdf_workflow
;;
"malware")
show_malware_workflow
;;
"forensics")
echo -e "${YELLOW}⚠️ Forensics workflow not yet implemented${NC}"
echo "Try: fhelp malware or fhelp pdf"
;;
"--offline")
show_offline_status
;;
"--all")
show_all
;;
"--help"|"-h"|"help"|"")
show_main_help
;;
*)
echo -e "${RED}Unknown option: $1${NC}"
echo ""
show_main_help
;;
esac

14
scripts/find-tool
View File

@@ -68,7 +68,7 @@ search_tools() {
echo -e "${CYAN}🔍 Searching for: ${YELLOW}$search_term${NC}"
echo ""
# Search in tool names, descriptions, categories, and usage hints
# Search in tool names, descriptions, categories, and usage hints (5 fields now)
local matches=$(awk -F'|' -v term="$search_term" '
/^[^#]/ && (tolower($1) ~ tolower(term) || tolower($2) ~ tolower(term) || tolower($3) ~ tolower(term) || tolower($4) ~ tolower(term)) {
print $0
@@ -82,17 +82,17 @@ search_tools() {
fi
local count=0
echo "$matches" | while IFS='|' read -r name description category usage; do
echo "$matches" | while IFS='|' read -r name description category usage available; do
count=$((count + 1))
echo -e "${GREEN}🔧 $name${NC}"
echo -e " ${BLUE}Description:${NC} $description"
echo -e " ${BLUE}Category:${NC} $category"
echo -e " Description: $description"
echo -e " Category: $category"
if [[ -n "$usage" && "$usage" != " " ]]; then
echo -e " ${BLUE}Usage:${NC} $usage"
echo -e " Usage: $usage"
fi
# Check if tool exists on system
if command -v "$name" >/dev/null 2>&1; then
# Use availability status from database instead of checking command
if [[ "$available" == "✓" ]]; then
echo -e " ${GREEN}✓ Available${NC}"
else
echo -e " ${YELLOW}⚠ Check path or alternative name${NC}"

45
scripts/import-remnux-cheatsheets.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# import-remnux-cheatsheets.sh
# Wrapper to import a consolidated markdown cheatsheet (remnux-tldr-cheatsheet.md)
# and generate missing cheat sheets (/opt/cheatsheets/personal/<tool>) and
# tldr pages (/home/remnux/.local/share/tldr/pages/common/<tool>.md) inside the container.
#
# Usage (inside container):
# import-remnux-cheatsheets.sh /data/remnux-tldr-cheatsheet.md
# Or from host:
# docker run --rm -v "$(pwd):/data" tabledevil/file-analysis:streamlined \
# bash -lc "/usr/local/bin/import-remnux-cheatsheets.sh /data/remnux-tldr-cheatsheet.md && fhelp examples"
set -euo pipefail
SCRIPT_DIR="/usr/local/bin"
CONVERTER="$SCRIPT_DIR/convert-remnux-cheats.py"
if [[ $# -lt 1 ]]; then
echo "Usage: $0 <path-to-remnux-tldr-cheatsheet.md> [--dry-run]" >&2
exit 2
fi
INPUT_MD="$1"; shift || true
EXTRA_ARGS=("$@")
if [[ ! -f "$INPUT_MD" ]]; then
echo "Input file not found: $INPUT_MD" >&2
exit 2
fi
# Ensure directories exist
mkdir -p /opt/cheatsheets/personal
mkdir -p /home/remnux/.local/share/tldr/pages/common
# Run the converter
python3 "$CONVERTER" --in "$INPUT_MD" \
--cheat-dir /opt/cheatsheets/personal \
--tldr-dir /home/remnux/.local/share/tldr/pages/common \
--only-missing "${EXTRA_ARGS[@]}"
# Fix ownership for remnux user
chown -R remnux:remnux /opt/cheatsheets /home/remnux/.local/share/tldr || true
echo "✅ Import complete. Try: fhelp examples"