irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Restructure Dockerfiles and add Oh My Zsh support

Browse Source 
Major changes:
- Dockerfile now builds the REMnux-based image (was Dockerfile.remnux)
- Removed redundant Dockerfile.remnux
- Dockerfile.scratch builds from Ubuntu 20.04 (from scratch variant)
- Updated Makefile to reflect new structure:
  - 'make build' for REMnux-based (default)
  - 'make build-scratch' for Ubuntu-based
  - Removed kali references
  - Simplified targets and naming

Zsh improvements:
- Added Oh My Zsh auto-installation on first run
- Pre-install Oh My Zsh in Docker images for remnux user
- Custom prompt with 🔍 indicator for analysis work
- Fallback to minimal config for system users
- Includes plugins: git, docker, command-not-found, colored-man-pages
- Welcome message shows only once per session
- No more first-time configuration prompts

Shell experience:
- bash (default) - traditional, reliable
- zsh - now with Oh My Zsh, custom theme, plugins
- fish - friendly interactive shell

All shells include help aliases and analysis shortcuts.
This commit is contained in:
Tobias Kessels
2025-10-01 13:22:54 +02:00
parent b98aaee3e0
commit ef4253c9a0
5 changed files with 265 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
Dockerfile
View File

@@ -1,134 +1,88 @@
FROM kalilinux/kali-rolling FROM remnux/remnux-distro:latest
LABEL maintainer="tabledevil" LABEL maintainer="tabledevil"
USER root USER root
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin ENV TZ=Europe/Berlin
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
autoconf \
busybox \ busybox \
catdoc \ catdoc \
docx2txt \ docx2txt \
exiftool \
fd-find \ fd-find \
fish \ fish \
git \ fzf \
imagemagick \
libboost-python-dev \
libboost-thread-dev \
libjpeg-dev \
libreoffice \
libssl-dev \
libtool \
mc \ mc \
mpack \
npm \
osslsigncode \
p7zip-full \
pdftk \
pev \
pkg-config \
pipx \ pipx \
powershell \
python3 \
python3-lxml \
python3-pip \
ripgrep \ ripgrep \
ruby \
unrtf \ unrtf \
unzip \
wget \
zsh \ zsh \
zsh-autosuggestions \ zsh-autosuggestions \
zsh-syntax-highlighting \ zsh-syntax-highlighting \
; \ && rm -rf /var/lib/apt/lists/*
rm -rf /var/lib/apt/lists/*
# Configure PIP´y # Configure pip
ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf ADD pip.conf /etc/pip.conf
# OLETOOLS & DIDIERSTEVENS # Install unfurl & dependencies via pipx (for URL analysis)
RUN git clone https://github.com/DidierStevens/DidierStevensSuite /opt/didierstevenssuite RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
RUN chmod +x /opt/didierstevenssuite/*py && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup
RUN python3 -m pip install --break-system-packages --upgrade pip ; true
RUN python3 -m pip install --break-system-packages psutil oletools ; true
# PDF # Install visidata via pipx (for data exploration)
RUN gem install origami RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata
RUN sed -i '/PDF/s/"none"/"read|write"/' /etc/ImageMagick-6/policy.xml # Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
# PowerShell: Install PSScriptAnalyzer module # Removed navi - focus on tldr and cheat for reliable help system
RUN pwsh -NoProfile -Command "Install-Module -Name PSScriptAnalyzer -Force"
ENV PATH="${PATH}:/opt/didierstevenssuite/:/opt/pypy2.7-v7.3.5-linux64/bin" # Create data directory and set permissions
RUN mkdir -p /data \
&& chown remnux:remnux /data
# Add documentation and streamlined help system
ADD files/README /opt/README ADD files/README /opt/README
ADD files/command_help /opt/command_help ADD files/command_help /opt/command_help
RUN echo 'cat /opt/README' >> /etc/bash.bashrc
# Add shell configurations
ADD files/zshrc /etc/zsh/zshrc ADD files/zshrc /etc/zsh/zshrc
ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish
ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/fhelp /usr/local/bin/fhelp
ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh
ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py
ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh
# Add helper scripts for cheat sheet management # Create streamlined offline help system (tldr + cheat)
ADD scripts/add-tool-cheats.sh /tmp/add-tool-cheats.sh RUN chmod +x /usr/local/bin/create-offline-help-system.sh /usr/local/bin/find-tool /usr/local/bin/fhelp /usr/local/bin/import-remnux-cheatsheets.sh \
RUN chmod +x /tmp/add-tool-cheats.sh && /tmp/add-tool-cheats.sh && rm /tmp/add-tool-cheats.sh && chmod +x /usr/local/bin/convert-remnux-cheats.py /usr/local/bin/add-tool-cheats.sh \
&& /usr/local/bin/create-offline-help-system.sh \
&& /usr/local/bin/add-tool-cheats.sh
# Install Oh My Zsh for remnux user
RUN su - remnux -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended' || true
### VIPERMONKEY # Update bashrc with welcome message and comprehensive help info
## install pypy RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
RUN wget -O- https://downloads.python.org/pypy/pypy2.7-v7.3.5-linux64.tar.bz2 | tar -C /opt/ -xvj && echo 'echo ""' >> /etc/bash.bashrc \
RUN ln -s $(which pypy) /usr/local/bin/python && echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
## install and upgrade pip && echo 'echo " fhelp - Complete file analysis help"' >> /etc/bash.bashrc \
RUN pypy -m ensurepip && echo 'echo " fhelp tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \
RUN pypy -m pip install -U pip && echo 'echo " fhelp cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \
#RUN pypy -m pip install -U peepdf && echo 'echo " fhelp examples - Browse all examples"' >> /etc/bash.bashrc \
#RUN pypy -m pip install -U https://github.com/decalage2/ViperMonkey/archive/master.zip && echo 'echo " fhelp pdf - PDF analysis workflow"' >> /etc/bash.bashrc \
#RUN ln -s /opt/pypy2.7-v7.3.5-linux64/site-packages/vipermonkey/vmonkey.py /usr/local/bin/vmonkey && echo 'echo ""' >> /etc/bash.bashrc \
#RUN chmod +x /usr/local/bin/vmonkey && echo 'echo " Shells: bash (default), zsh (with Oh My Zsh), fish"' >> /etc/bash.bashrc \
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - && echo 'echo ""' >> /etc/bash.bashrc \
RUN chmod +x /usr/bin/capa && echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \
&& echo 'alias ?="fhelp"' >> /etc/bash.bashrc
### JS Sandbox # Switch to remnux user (REMnux default user)
RUN npm install box-js --global --production USER remnux
ENV LANG=en_US.UTF-8
### Update flask ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
RUN pip uninstall -y --break-system-packages flask-restx && pip install --break-system-packages flask-restx
### LATER TODO
#RUN git clone https://github.com/buffer/pyv8.git ; cd pyv8 ; python setup.py build && python setup.py install && cd .. && rm -rf pyv8
#RUN git clone https://github.com/buffer/libemu.git ; cd libemu ; autoreconf -v -i && ./configure --prefix=/opt/libemu && make install && cd .. && rm -rf libemu2
### Create User
RUN groupadd -g 1000 -r user && \
useradd -u 1000 -r -g user -d /home/user -s /sbin/nologin -c "Nonroot User" user && \
mkdir /home/user && \
cp /root/.bashrc /home/user/ && \
chown -R user:user /home/user
### Create nonroot
RUN groupadd -g 1001 -r nonroot && \
useradd -u 1001 -r -g nonroot -d /home/nonroot -s /sbin/nologin -c "Nonroot User" nonroot && \
mkdir /home/nonroot && \
cp /root/.bashrc /home/nonroot/ && \
chown -R nonroot:nonroot /home/nonroot
### Set UP Environment
USER nonroot
ENV LANG de_DE.UTF-8
ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/didierstevenssuite/:/opt/pypy2.7-v7.3.5-linux64/bin:/home/nonroot/.local/bin
WORKDIR /data WORKDIR /data
### Install unfurl & dependencies CMD ["/bin/bash"]
RUN pipx install --include-deps dfir-unfurl
RUN pipx inject dfir-unfurl requests six maclookup
### Install visidata
RUN pipx install --include-deps visidata
### Install oletools
RUN pipx install --include-deps oletools
CMD /bin/bash

90
Dockerfile.remnux
View File

@@ -1,90 +0,0 @@
FROM remnux/remnux-distro:latest
LABEL maintainer="tabledevil"
USER root
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin
# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \
busybox \
catdoc \
docx2txt \
fd-find \
fish \
fzf \
mc \
pipx \
ripgrep \
unrtf \
zsh \
zsh-autosuggestions \
zsh-syntax-highlighting \
&& rm -rf /var/lib/apt/lists/*
# Configure pip
ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf
# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
&& chmod +x /usr/bin/capa
# Install JavaScript sandbox
RUN npm install box-js --global --production
# Install unfurl & dependencies via pipx (for URL analysis)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup
# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata
# Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
# Removed navi - focus on tldr and cheat for reliable help system
# Create data directory and set permissions
RUN mkdir -p /data \
&& chown remnux:remnux /data
# Add documentation and streamlined help system
ADD files/README /opt/README
ADD files/command_help /opt/command_help
ADD files/zshrc /etc/zsh/zshrc
ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish
ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/fhelp /usr/local/bin/fhelp
ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh
ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py
ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh
# Create streamlined offline help system (tldr + cheat)
RUN chmod +x /usr/local/bin/create-offline-help-system.sh /usr/local/bin/find-tool /usr/local/bin/fhelp /usr/local/bin/import-remnux-cheatsheets.sh \
&& chmod +x /usr/local/bin/convert-remnux-cheats.py /usr/local/bin/add-tool-cheats.sh \
&& /usr/local/bin/create-offline-help-system.sh \
&& /usr/local/bin/add-tool-cheats.sh
# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp - Complete file analysis help"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp examples - Browse all examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp pdf - PDF analysis workflow"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \
&& echo 'alias ?="fhelp"' >> /etc/bash.bashrc
# Switch to remnux user (REMnux default user)
USER remnux
ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data
CMD ["/bin/bash"]

201
Dockerfile.scratch
View File

@@ -1,93 +1,45 @@
# Build File Analysis Container from scratch using Ubuntu 20.04
# This provides full control over package selection and configuration
FROM ubuntu:20.04 FROM ubuntu:20.04
ARG CAST_VER=0.16.22
USER root
WORKDIR /tmp
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y wget gnupg git && \
wget https://github.com/ekristen/cast/releases/download/v${CAST_VER}/cast-v${CAST_VER}-linux-amd64.deb && \
dpkg -i /tmp/cast-v${CAST_VER}-linux-amd64.deb && \
cast install --mode cloud --user remnux remnux && \
rm -rf /root/.cache/* && \
unset DEBIAN_FRONTEND && \
rm /tmp/cast-v${CAST_VER}-linux-amd64.deb
ENV TERM=linux
WORKDIR /home/remnux
RUN mkdir /var/run/sshd
LABEL maintainer="tabledevil" LABEL maintainer="tabledevil"
LABEL description="File Analysis toolkit built from Ubuntu 20.04 base"
USER root USER root
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin ENV TZ=Europe/Berlin
# Install essential system utilities # Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
apt-transport-https \
build-essential \
ca-certificates \
curl \
git \
gnupg \
software-properties-common \
sudo \
tzdata \
wget \
&& rm -rf /var/lib/apt/lists/*
# Install Python and Node.js repositories
RUN apt-get update && apt-get install -y \
python3 \
python3-pip \
python3-dev \
python3-setuptools \
python3-wheel \
python3-lxml \
npm \
&& rm -rf /var/lib/apt/lists/*
# Install Ruby
RUN apt-get update && apt-get install -y \
ruby \
ruby-dev \
&& rm -rf /var/lib/apt/lists/*
# Install PowerShell
RUN wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb \
&& dpkg -i packages-microsoft-prod.deb \
&& rm packages-microsoft-prod.deb \
&& apt-get update \
&& apt-get install -y powershell \
&& rm -rf /var/lib/apt/lists/*
# Install core analysis tools
RUN apt-get update && apt-get install -y \
autoconf \
binutils \
binwalk \
busybox \ busybox \
catdoc \ catdoc \
docx2txt \ docx2txt \
exiftool \
fd-find \ fd-find \
file \
fish \ fish \
foremost \
fzf \ fzf \
hexedit \
imagemagick \
jq \
libboost-python-dev \
libboost-thread-dev \
libjpeg-dev \
libreoffice \
libssl-dev \
libtool \
mc \ mc \
mpack \
osslsigncode \
p7zip-full \
pdftk \
pev \
pipx \ pipx \
pkg-config \
ripgrep \ ripgrep \
sqlite3 \
ssdeep \
tesseract-ocr \
unrtf \ unrtf \
unzip \
upx-ucl \
xxd \
yara \
zsh \ zsh \
zsh-autosuggestions \ zsh-autosuggestions \
zsh-syntax-highlighting \ zsh-syntax-highlighting \
@@ -97,116 +49,63 @@ RUN apt-get update && apt-get install -y \
ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf ADD pip.conf /etc/pip.conf
# Upgrade pip # Install unfurl & dependencies via pipx (for URL analysis)
RUN python3 -m pip install --upgrade pip
# Install PowerShell PSScriptAnalyzer module
RUN pwsh -NoProfile -Command "Install-Module -Name PSScriptAnalyzer -Force"
# Install Didier Stevens Suite (PDF analysis tools)
RUN git clone https://github.com/DidierStevens/DidierStevensSuite /opt/didierstevenssuite \
&& chmod +x /opt/didierstevenssuite/*py \
&& ln -s /opt/didierstevenssuite/pdfid.py /usr/local/bin/pdfid.py \
&& ln -s /opt/didierstevenssuite/pdf-parser.py /usr/local/bin/pdf-parser.py \
&& ln -s /opt/didierstevenssuite/oledump.py /usr/local/bin/oledump.py \
&& ln -s /opt/didierstevenssuite/rtfdump.py /usr/local/bin/rtfdump.py
# Install Python analysis tools
RUN python3 -m pip install --break-system-packages \
psutil \
oletools \
pefile \
python-magic \
pytz \
requests \
six
# Install PDF tools via Ruby
RUN gem install origami
# Configure ImageMagick for PDF processing
RUN sed -i '/PDF/s/"none"/"read|write"/' /etc/ImageMagick-6/policy.xml
# Install PyPy for performance-critical tasks
RUN wget -O- https://downloads.python.org/pypy/pypy2.7-v7.3.5-linux64.tar.bz2 | tar -C /opt/ -xvj \
&& ln -s /opt/pypy2.7-v7.3.5-linux64/bin/pypy /usr/local/bin/pypy
# Install pypy pip
RUN pypy -m ensurepip && pypy -m pip install -U pip
# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
&& chmod +x /usr/bin/capa
# Install JavaScript sandbox
RUN npm install box-js --global --production
# Setup pipx environment
ENV PIPX_HOME=/opt/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
# Install tools via pipx for isolation
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \ RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup
# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps oletools # Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat # Removed navi - focus on tldr and cheat for reliable help system
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr # Create data directory and set permissions
RUN mkdir -p /data \
&& chown remnux:remnux /data
# Create remnux user (matching REMnux convention) # Add documentation and streamlined help system
RUN groupadd -g 1000 -r remnux && \
useradd -u 1000 -r -g remnux -d /home/remnux -s /bin/bash -c "REMnux User" remnux && \
mkdir -p /home/remnux && \
chown -R remnux:remnux /home/remnux
# Create data directory
RUN mkdir -p /data && chown remnux:remnux /data
# Add documentation and help system
ADD files/README /opt/README ADD files/README /opt/README
ADD files/command_help /opt/command_help ADD files/command_help /opt/command_help
ADD files/zshrc /etc/zsh/zshrc ADD files/zshrc /etc/zsh/zshrc
ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish
# Add helper scripts
ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh
ADD scripts/find-tool /usr/local/bin/find-tool ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/fhelp /usr/local/bin/fhelp ADD scripts/fhelp /usr/local/bin/fhelp
ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh
ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py
ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh
ADD scripts/check-help-coverage.sh /usr/local/bin/check-help-coverage.sh
# Create offline help system # Create streamlined offline help system (tldr + cheat)
RUN chmod +x /usr/local/bin/create-offline-help-system.sh \ RUN chmod +x /usr/local/bin/create-offline-help-system.sh /usr/local/bin/find-tool /usr/local/bin/fhelp /usr/local/bin/import-remnux-cheatsheets.sh \
/usr/local/bin/find-tool \ && chmod +x /usr/local/bin/convert-remnux-cheats.py /usr/local/bin/add-tool-cheats.sh \
/usr/local/bin/fhelp \
/usr/local/bin/import-remnux-cheatsheets.sh \
/usr/local/bin/convert-remnux-cheats.py \
/usr/local/bin/add-tool-cheats.sh \
/usr/local/bin/check-help-coverage.sh \
&& /usr/local/bin/create-offline-help-system.sh \ && /usr/local/bin/create-offline-help-system.sh \
&& /usr/local/bin/add-tool-cheats.sh && /usr/local/bin/add-tool-cheats.sh
# Update bashrc with welcome message # Install Oh My Zsh for remnux user
RUN su - remnux -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended' || true
# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \ RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \ && echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo "📚 Help System:"' >> /etc/bash.bashrc \ && echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp - File analysis help"' >> /etc/bash.bashrc \ && echo 'echo " fhelp - Complete file analysis help"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp cheat <tool> - Command examples"' >> /etc/bash.bashrc \ && echo 'echo " fhelp tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp tools pdf - Find PDF tools"' >> /etc/bash.bashrc \ && echo 'echo " fhelp cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp examples - Browse all examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp pdf - PDF analysis workflow"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo " Shells: bash (default), zsh (with Oh My Zsh), fish"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \ && echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \ && echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \
&& echo 'alias ?="fhelp"' >> /etc/bash.bashrc && echo 'alias ?="fhelp"' >> /etc/bash.bashrc
# Set environment # Switch to remnux user (REMnux default user)
USER remnux USER remnux
ENV LANG=en_US.UTF-8 ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/didierstevenssuite:/opt/pypy2.7-v7.3.5-linux64/bin:/home/remnux/.local/bin ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data WORKDIR /data
CMD ["/bin/bash"] CMD ["/bin/bash"]

61
Makefile
View File

@@ -5,88 +5,75 @@ help:
@echo "File Analysis Container - Build System" @echo "File Analysis Container - Build System"
@echo "" @echo ""
@echo "Available targets:" @echo "Available targets:"
@echo " build-upstream Build from REMnux upstream image (recommended)" @echo " build Build from REMnux upstream image (recommended, default)"
@echo " build-scratch Build from Ubuntu 20.04 base (full control)" @echo " build-scratch Build from Ubuntu 20.04 base (full control)"
@echo " build-kali Build from Kali Linux base (legacy)"
@echo " build-all Build all variants" @echo " build-all Build all variants"
@echo " test Run tests on all builds" @echo " test Run tests on all builds"
@echo " test-upstream Test upstream build" @echo " test-remnux Test REMnux build"
@echo " test-scratch Test scratch build" @echo " test-scratch Test scratch build"
@echo " test-kali Test Kali build"
@echo " push Push images to Docker Hub" @echo " push Push images to Docker Hub"
@echo " clean Remove all built images" @echo " clean Remove all built images"
@echo " shell Interactive shell (REMnux build)"
@echo " shell-scratch Interactive shell (scratch build)"
@echo " coverage Check help coverage"
@echo "" @echo ""
# Build targets # Build targets
build-upstream: build:
@echo "Building REMnux upstream variant..." @echo "Building REMnux-based file analysis container..."
docker build -f Dockerfile.remnux -t tabledevil/file-analysis:remnux . docker build -t tabledevil/file-analysis:latest .
@echo "✓ Build complete: tabledevil/file-analysis:remnux" docker tag tabledevil/file-analysis:latest tabledevil/file-analysis:remnux
@echo "✓ Build complete: tabledevil/file-analysis:latest"
build-scratch: build-scratch:
@echo "Building from scratch (Ubuntu 20.04 base)..." @echo "Building from scratch (Ubuntu 20.04 base)..."
docker build -f Dockerfile.scratch -t tabledevil/file-analysis:scratch . docker build -f Dockerfile.scratch -t tabledevil/file-analysis:scratch .
@echo "✓ Build complete: tabledevil/file-analysis:scratch" @echo "✓ Build complete: tabledevil/file-analysis:scratch"
build-kali: build-all: build build-scratch
@echo "Building Kali Linux variant..."
docker build -f Dockerfile -t tabledevil/file-analysis:kali .
@echo "✓ Build complete: tabledevil/file-analysis:kali"
build-all: build-upstream build-scratch build-kali
@echo "✓ All variants built successfully" @echo "✓ All variants built successfully"
# Test targets # Test targets
test: test-upstream test-scratch test-kali test: test-remnux test-scratch
@echo "✓ All tests passed" @echo "✓ All tests passed"
test-upstream: test-remnux:
@echo "Testing REMnux upstream build..." @echo "Testing REMnux build..."
@docker run --rm tabledevil/file-analysis:remnux bash -c "which fhelp && fhelp cheat pdfid" @docker run --rm tabledevil/file-analysis:latest bash -c "which fhelp && fhelp cheat pdfid"
@docker run --rm tabledevil/file-analysis:remnux bash -c "which pdfid.py && which capa && which visidata" @docker run --rm tabledevil/file-analysis:latest bash -c "which pdfid.py && which capa && which visidata"
@echo "✓ Upstream build tests passed" @docker run --rm tabledevil/file-analysis:latest bash -c "zsh --version && fish --version"
@echo "✓ REMnux build tests passed"
test-scratch: test-scratch:
@echo "Testing scratch build..." @echo "Testing scratch build..."
@docker run --rm tabledevil/file-analysis:scratch bash -c "which fhelp && fhelp cheat pdfid" @docker run --rm tabledevil/file-analysis:scratch bash -c "which fhelp && fhelp cheat pdfid"
@docker run --rm tabledevil/file-analysis:scratch bash -c "which pdfid.py && which capa" @docker run --rm tabledevil/file-analysis:scratch bash -c "which pdfid.py && which capa && which pwsh"
@docker run --rm tabledevil/file-analysis:scratch bash -c "zsh --version && fish --version"
@echo "✓ Scratch build tests passed" @echo "✓ Scratch build tests passed"
test-kali:
@echo "Testing Kali build..."
@docker run --rm tabledevil/file-analysis:kali bash -c "which pdfid.py && which capa"
@docker run --rm tabledevil/file-analysis:kali bash -c "which pwsh"
@echo "✓ Kali build tests passed"
# Docker Hub push # Docker Hub push
push: push:
@echo "Pushing images to Docker Hub..." @echo "Pushing images to Docker Hub..."
docker push tabledevil/file-analysis:latest
docker push tabledevil/file-analysis:remnux docker push tabledevil/file-analysis:remnux
docker push tabledevil/file-analysis:scratch docker push tabledevil/file-analysis:scratch
docker push tabledevil/file-analysis:kali
docker tag tabledevil/file-analysis:remnux tabledevil/file-analysis:latest
docker push tabledevil/file-analysis:latest
@echo "✓ Images pushed successfully" @echo "✓ Images pushed successfully"
# Clean up # Clean up
clean: clean:
@echo "Removing built images..." @echo "Removing built images..."
-docker rmi tabledevil/file-analysis:latest
-docker rmi tabledevil/file-analysis:remnux -docker rmi tabledevil/file-analysis:remnux
-docker rmi tabledevil/file-analysis:scratch -docker rmi tabledevil/file-analysis:scratch
-docker rmi tabledevil/file-analysis:kali
-docker rmi tabledevil/file-analysis:latest
@echo "✓ Cleanup complete" @echo "✓ Cleanup complete"
# Interactive shells for testing # Interactive shells for testing
shell-upstream: shell:
docker run -it --rm -v "$$(pwd):/data" tabledevil/file-analysis:remnux docker run -it --rm -v "$$(pwd):/data" tabledevil/file-analysis:latest
shell-scratch: shell-scratch:
docker run -it --rm -v "$$(pwd):/data" tabledevil/file-analysis:scratch docker run -it --rm -v "$$(pwd):/data" tabledevil/file-analysis:scratch
shell-kali:
docker run -it --rm -v "$$(pwd):/data" tabledevil/file-analysis:kali
# Run help coverage check # Run help coverage check
coverage: coverage:
@echo "Checking help coverage..." @echo "Checking help coverage..."

141
files/zshrc
View File

@@ -1,39 +1,148 @@
# REMnux File Analysis Container - ZSH Configuration # File Analysis Container - ZSH Configuration with Oh My Zsh
# History # Skip interactive first-time setup
HISTFILE=~/.zsh_history ZSH_DISABLE_COMPFIX=true
# If running as root or system user without home, create minimal config
if [[ ! -d "$HOME" ]] || [[ ! -w "$HOME" ]]; then
# Minimal non-OMZ setup for system users
HISTFILE=/tmp/.zsh_history_$$
HISTSIZE=10000 HISTSIZE=10000
SAVEHIST=10000 SAVEHIST=10000
setopt SHARE_HISTORY HIST_IGNORE_ALL_DUPS HIST_FIND_NO_DUPS HIST_REDUCE_BLANKS
autoload -Uz compinit && compinit -d /tmp/.zcompdump_$$
autoload -U colors && colors
PROMPT='%F{red}[🔍]%f %F{cyan}%~%f $ '
# Load plugins if available
[[ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]] && \
source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
[[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] && \
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
else
# Oh My Zsh setup for regular users
export ZSH="$HOME/.oh-my-zsh"
# Install Oh My Zsh if not present
if [[ ! -d "$ZSH" ]]; then
echo "Installing Oh My Zsh..."
RUNZSH=no CHSH=no sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" || {
# Fallback if curl fails
RUNZSH=no CHSH=no sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" 2>/dev/null
}
fi
# Oh My Zsh theme - using agnoster-like theme for security work
ZSH_THEME="robbyrussell"
# Custom theme for file analysis work
if [[ -d "$ZSH" ]]; then
# Plugins to load
plugins=(git docker command-not-found colored-man-pages)
# Load Oh My Zsh
source $ZSH/oh-my-zsh.sh 2>/dev/null || true
# Custom prompt with analysis indicator
PROMPT='%F{red}🔍%f %F{cyan}%~%f $(git_prompt_info)%# '
RPROMPT='%F{yellow}%*%f'
else
# Fallback if OMZ installation failed
autoload -U colors && colors
PROMPT='%F{red}[🔍]%f %F{cyan}%~%f $ '
fi
fi
# History configuration
HISTFILE=${HISTFILE:-~/.zsh_history}
HISTSIZE=10000
SAVEHIST=10000
setopt SHARE_HISTORY
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_FIND_NO_DUPS
setopt HIST_REDUCE_BLANKS
setopt HIST_VERIFY
# Navigation # Navigation
setopt AUTO_CD AUTO_PUSHD PUSHD_IGNORE_DUPS PUSHD_SILENT setopt AUTO_CD
setopt AUTO_PUSHD
setopt PUSHD_IGNORE_DUPS
setopt PUSHD_SILENT
# Completion # Completion
autoload -Uz compinit && compinit autoload -Uz compinit
if [[ -w "$HOME" ]]; then
compinit
else
compinit -d /tmp/.zcompdump_$$
fi
zstyle ':completion:*' menu select zstyle ':completion:*' menu select
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}'
setopt COMPLETE_IN_WORD AUTO_MENU setopt COMPLETE_IN_WORD
setopt AUTO_MENU
# Load plugins # Load system plugins if available
[[ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]] && \ [[ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]] && \
source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
[[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] && \ [[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] && \
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
# Prompt # Aliases for file analysis
autoload -U colors && colors
PROMPT='%F{cyan}remnux%f@%F{blue}%m%f:%F{yellow}%~%f%# '
RPROMPT='%F{green}[%D{%H:%M:%S}]%f'
# Aliases
alias ls='ls --color=auto' alias ls='ls --color=auto'
alias ll='ls -lah' alias ll='ls -lah'
alias la='ls -A'
alias l='ls -CF'
alias grep='grep --color=auto' alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
# Tool aliases
alias fd='fdfind' alias fd='fdfind'
alias rg='rg --color=auto' alias rg='rg --color=auto'
alias analyse='fhelp' alias analyse='fhelp'
alias ?='fhelp' alias ?='fhelp'
alias help='fhelp'
# Welcome # Quick navigation
[[ -f /opt/README ]] && cat /opt/README && echo "" && echo "🐚 Shell: zsh | Type 'fhelp' for help" && echo "" alias ..='cd ..'
alias ...='cd ../..'
alias ....='cd ../../..'
# Analysis shortcuts
alias pdfinfo='pdfid.py'
alias pdfparse='pdf-parser.py'
alias scanpdf='pdf-parser.py'
# Git aliases (if git plugin not loaded)
if ! type git &>/dev/null || ! alias gs &>/dev/null; then
alias gs='git status'
alias ga='git add'
alias gc='git commit'
alias gp='git push'
alias gl='git log --oneline'
fi
# Environment
export EDITOR=vim
export VISUAL=vim
# Welcome message (only on interactive shells)
if [[ -o interactive ]] && [[ -f /opt/README ]]; then
# Only show welcome once per session
if [[ -z "$_WELCOME_SHOWN" ]]; then
echo ""
echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m"
echo "\033[1;31m File Analysis Container\033[0m \033[1;33m(zsh with Oh My Zsh)\033[0m"
echo "\033[1;36m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\033[0m"
echo ""
echo " \033[1;32mfhelp\033[0m or \033[1;32m?\033[0m - Help system"
echo " \033[1;32mfhelp cheat <tool>\033[0m - Quick examples"
echo " \033[1;32mfhelp tools pdf\033[0m - Find PDF tools"
echo ""
echo " Shells: \033[0;36mbash\033[0m (default), \033[0;36mzsh\033[0m (current), \033[0;36mfish\033[0m"
echo ""
export _WELCOME_SHOWN=1
fi
fi