Add FOR610 tool/workflow knowledge base and data pipeline

Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

data/generated/cheatsheets/rtfdump.py.cheat

@@ -0,0 +1,25 @@
+# rtfdump.py
+# Analyze RTF file structure, identify hex-encoded groups and embedded objects
+# FOR610 Labs: 3.5 | Sections: 3 | Author: Didier Stevens
+# Docs: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
+
+% rtf, document, didier-stevens
+
+# Basic usage
+rtfdump.py document.rtf
+
+# Select specific item
+rtfdump.py document.rtf -s 5 -H -d > extracted.bin
+
+
+# --- Recipes (multi-tool chains) ---
+
+# >> Extract Shellcode from RTF Document
+# Scan RTF structure — look for groups with lots of hex data
+rtfdump.py <document.rtf>
+# Extract the hex-heavy group as binary
+rtfdump.py <document.rtf> -s <group_num> -H -d > extracted.bin
+# Scan for shellcode patterns (even XOR-encoded)
+XORSearch -W -d 3 extracted.bin
+# Emulate shellcode at found offset
+scdbgc /f extracted.bin /foff <offset> /s -1