FROM remnux/remnux-distro:latest
LABEL maintainer="tabledevil"

USER root
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin

# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \
    busybox \
    catdoc \
    docx2txt \
    mc \
    pipx \
    unrtf \
    && rm -rf /var/lib/apt/lists/*

# Configure pip  
ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf

# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
    && chmod +x /usr/bin/capa

# Install JavaScript sandbox
RUN npm install box-js --global --production

# Install unfurl & dependencies via pipx (for URL analysis)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup

# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata

# Create data directory and set permissions
RUN mkdir -p /data \
    && chown remnux:remnux /data

# Add German documentation files
ADD files/README /opt/README
ADD files/command_help /opt/command_help
RUN echo 'cat /opt/README' >> /etc/bash.bashrc

# Switch to remnux user (REMnux default user)
USER remnux
ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data

CMD ["/bin/bash"]