# Build File Analysis Container from scratch using Ubuntu 20.04 # This provides full control over package selection and configuration FROM ubuntu:20.04 LABEL maintainer="tabledevil" LABEL description="File Analysis toolkit built from Ubuntu 20.04 base" USER root ARG DEBIAN_FRONTEND=noninteractive ENV TZ=Europe/Berlin # Install essential system utilities RUN apt-get update && apt-get install -y \ apt-transport-https \ build-essential \ ca-certificates \ curl \ git \ gnupg \ software-properties-common \ sudo \ tzdata \ wget \ && rm -rf /var/lib/apt/lists/* # Install Python and Node.js repositories RUN apt-get update && apt-get install -y \ python3 \ python3-pip \ python3-dev \ python3-setuptools \ python3-wheel \ python3-lxml \ npm \ && rm -rf /var/lib/apt/lists/* # Install Ruby RUN apt-get update && apt-get install -y \ ruby \ ruby-dev \ && rm -rf /var/lib/apt/lists/* # Install PowerShell RUN wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb \ && dpkg -i packages-microsoft-prod.deb \ && rm packages-microsoft-prod.deb \ && apt-get update \ && apt-get install -y powershell \ && rm -rf /var/lib/apt/lists/* # Install core analysis tools RUN apt-get update && apt-get install -y \ autoconf \ binutils \ binwalk \ busybox \ catdoc \ docx2txt \ exiftool \ fd-find \ file \ fish \ foremost \ fzf \ hexedit \ imagemagick \ jq \ libboost-python-dev \ libboost-thread-dev \ libjpeg-dev \ libreoffice \ libssl-dev \ libtool \ mc \ mpack \ osslsigncode \ p7zip-full \ pdftk \ pev \ pipx \ pkg-config \ ripgrep \ sqlite3 \ ssdeep \ tesseract-ocr \ unrtf \ unzip \ upx-ucl \ xxd \ yara \ zsh \ zsh-autosuggestions \ zsh-syntax-highlighting \ && rm -rf /var/lib/apt/lists/* # Configure pip ENV PYTHONDONTWRITEBYTECODE=1 ADD pip.conf /etc/pip.conf # Upgrade pip RUN python3 -m pip install --upgrade pip # Install PowerShell PSScriptAnalyzer module RUN pwsh -NoProfile -Command "Install-Module -Name PSScriptAnalyzer -Force" # Install Didier Stevens Suite (PDF analysis tools) RUN git clone https://github.com/DidierStevens/DidierStevensSuite /opt/didierstevenssuite \ && chmod +x /opt/didierstevenssuite/*py \ && ln -s /opt/didierstevenssuite/pdfid.py /usr/local/bin/pdfid.py \ && ln -s /opt/didierstevenssuite/pdf-parser.py /usr/local/bin/pdf-parser.py \ && ln -s /opt/didierstevenssuite/oledump.py /usr/local/bin/oledump.py \ && ln -s /opt/didierstevenssuite/rtfdump.py /usr/local/bin/rtfdump.py # Install Python analysis tools RUN python3 -m pip install --break-system-packages \ psutil \ oletools \ pefile \ python-magic \ pytz \ requests \ six # Install PDF tools via Ruby RUN gem install origami # Configure ImageMagick for PDF processing RUN sed -i '/PDF/s/"none"/"read|write"/' /etc/ImageMagick-6/policy.xml # Install PyPy for performance-critical tasks RUN wget -O- https://downloads.python.org/pypy/pypy2.7-v7.3.5-linux64.tar.bz2 | tar -C /opt/ -xvj \ && ln -s /opt/pypy2.7-v7.3.5-linux64/bin/pypy /usr/local/bin/pypy # Install pypy pip RUN pypy -m ensurepip && pypy -m pip install -U pip # Install Mandiant CAPA for malware analysis RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \ && chmod +x /usr/bin/capa # Install JavaScript sandbox RUN npm install box-js --global --production # Setup pipx environment ENV PIPX_HOME=/opt/pipx ENV PIPX_BIN_DIR=/usr/local/bin # Install tools via pipx for isolation RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \ && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps oletools RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr # Create remnux user (matching REMnux convention) RUN groupadd -g 1000 -r remnux && \ useradd -u 1000 -r -g remnux -d /home/remnux -s /bin/bash -c "REMnux User" remnux && \ mkdir -p /home/remnux && \ chown -R remnux:remnux /home/remnux # Create data directory RUN mkdir -p /data && chown remnux:remnux /data # Add documentation and help system ADD files/README /opt/README ADD files/command_help /opt/command_help ADD files/zshrc /etc/zsh/zshrc ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish # Add helper scripts ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh ADD scripts/find-tool /usr/local/bin/find-tool ADD scripts/fhelp /usr/local/bin/fhelp ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh ADD scripts/check-help-coverage.sh /usr/local/bin/check-help-coverage.sh # Create offline help system RUN chmod +x /usr/local/bin/create-offline-help-system.sh \ /usr/local/bin/find-tool \ /usr/local/bin/fhelp \ /usr/local/bin/import-remnux-cheatsheets.sh \ /usr/local/bin/convert-remnux-cheats.py \ /usr/local/bin/add-tool-cheats.sh \ /usr/local/bin/check-help-coverage.sh \ && /usr/local/bin/create-offline-help-system.sh \ && /usr/local/bin/add-tool-cheats.sh # Update bashrc with welcome message RUN echo 'cat /opt/README' >> /etc/bash.bashrc \ && echo 'echo ""' >> /etc/bash.bashrc \ && echo 'echo "📚 Help System:"' >> /etc/bash.bashrc \ && echo 'echo " fhelp - File analysis help"' >> /etc/bash.bashrc \ && echo 'echo " fhelp cheat - Command examples"' >> /etc/bash.bashrc \ && echo 'echo " fhelp tools pdf - Find PDF tools"' >> /etc/bash.bashrc \ && echo 'echo ""' >> /etc/bash.bashrc \ && echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \ && echo 'alias ?="fhelp"' >> /etc/bash.bashrc # Set environment USER remnux ENV LANG=en_US.UTF-8 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/didierstevenssuite:/opt/pypy2.7-v7.3.5-linux64/bin:/home/remnux/.local/bin WORKDIR /data CMD ["/bin/bash"]