irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add markdown wiki with 473 pages and zk browser

Browse Source 
Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
tobias
2026-03-28 19:50:36 +01:00
parent b13db23a5e
commit e62a14dafc
478 changed files with 7683 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/generated/wiki/workflows/java-analysis-workflow.md
+57
View File
@@ -0,0 +1,57 @@
# Java Malware Analysis
> Analyze malicious Java archives (JAR), applets, and compiled classes. Covers decompilation and code analysis.
## Steps
### Step 1: Archive Inspection
**Tools:** [[tools/unzip|unzip]], [[tools/file|file]]
Extract JAR contents: unzip <file.jar> -d output/. Examine META-INF/MANIFEST.MF for Main-Class entry point. List all .class files.
```bash
unzip -P infected sample.zip
file specimen.exe
```
### Step 2: Decompilation
**Tools:** [[tools/cfr|cfr]], [[tools/jd-gui|jd-gui]]
Decompile with CFR: cfr <file.jar> --outputdir output/. Or use JD-GUI for visual browsing. CFR handles modern Java (lambdas, try-with-resources) better.
```bash
cfr <file.jar> --outputdir output/
jd-gui <file.jar>
```
### Step 3: Multi-Decompiler Comparison
**Tools:** [[tools/cfr|cfr]], [[tools/procyon|procyon]]
If one decompiler fails on a class: try Procyon. Compare outputs. Some obfuscators break specific decompilers while others handle them fine.
```bash
cfr <file.jar> --outputdir output/
```
### Step 4: Code Analysis
**Tools:** [[tools/visual-studio-code|visual-studio-code]]
Review decompiled source. Search for: Runtime.exec() (command execution), URLConnection (network), Cipher (crypto), File I/O operations, reflection (Class.forName).
```bash
code filename.js
```
### Step 5: Resource Extraction
**Tools:** [[tools/strings|strings]]
Extract embedded resources and strings. Check for: encoded payloads in resources, config files, embedded binaries. Base64-encoded content is common.
```bash
strings binary.exe
```
### Step 6: Document Findings
Record: entry point class, malicious methods, URLs/IPs, downloaded payloads, commands executed, Java version requirements.
#java #jar #decompilation #cfr #jd-gui #workflow