irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
docker_file_analysis/docs/HELP_SYSTEM_ENHANCED.md
Tobias Kessels b98aaee3e0 Major repository cleanup and enhancement 
- Reorganize documentation: moved old docs to docs/ directory
- Add comprehensive README.md with build options and usage guide
- Add detailed CONTRIBUTING.md with help content management guide
- Create Makefile for automated building and testing
- Add Dockerfile.scratch for building from Ubuntu 20.04 base
- Enhance all Dockerfiles with PowerShell + PSScriptAnalyzer
- Add modern shells: zsh (with plugins) and fish (with config)
- Add modern CLI tools: fd-find, ripgrep, fzf
- Create comprehensive help system with cheat/TLDR/fish completions
- Add helper scripts for help content management and coverage checking
- Fix Dockerfile.remnux script references
- Support three build variants: upstream (REMnux), scratch (Ubuntu), kali

Build options:
  - make build-upstream: Fast, uses REMnux upstream (recommended)
  - make build-scratch: Full control, builds from Ubuntu 20.04
  - make build-kali: Legacy Kali Linux base

Features:
  - PowerShell with PSScriptAnalyzer module
  - Modern shells (zsh, fish) with custom configurations
  - Enhanced help system (cheat sheets, TLDR pages, fish completions)
  - Help coverage checking and bulk import tools
  - Comprehensive documentation for users and contributors
2025-10-01 11:45:56 +02:00

5.8 KiB
Raw Permalink Blame History

Enhanced File Analysis Help System

🎯 Overview

This document describes the comprehensive improvements made to the container's help system, addressing all the issues you encountered and providing a robust, offline-capable help experience.

Problems Fixed

1. Navi Configuration Issues

  • Problem: invalid preview window layout: up:2:nohidden errors
  • Solution: Created proper navi configuration file at /root/.config/navi/config.yaml with correct fzf settings
  • Result: Navi now works without preview window errors

2. Inaccurate Tool Information

  • Problem: Tools listed that don't exist (evince, ioc_parser), unclear command names
  • Solution: Created curated tools database with only verified, available tools and their exact command names
  • Result: fhelp tools now shows accurate, actionable information

3. Missing Cheat Sheets

  • Problem: Limited or missing practical examples for PDF/malware analysis
  • Solution: Downloaded existing cheat sheets from popular repos and enhanced them with analysis-specific examples
  • Result: Comprehensive cheat sheets for analysis workflows with exact commands

4. TLDR Cache Issues

  • Problem: TLDR not finding analysis-specific tools
  • Solution: Created custom TLDR pages for pdfid.py, pdf-parser.py, peepdf, capa
  • Result: fhelp quick <tool> now works for specialized analysis tools

5. Command Clarity

  • Problem: Users couldn't find the exact command to run (e.g., confusion about ioc_parser)
  • Solution: All help now shows exact command syntax with practical examples
  • Result: Clear, copy-pasteable commands for all analysis scenarios

🛠️ Enhanced Components

1. Accurate Tools Database (/opt/remnux-docs/tools.db)

  • Only verified, available tools
  • Exact command names (not just descriptions)
  • Usage examples for each tool
  • Availability status indicators

2. Enhanced Cheat Sheets (/opt/cheatsheets/)

  • Downloads existing cheat sheets from cheat/cheatsheets repo
  • Adds analysis-specific examples on top
  • Covers PDF analysis workflow, malware analysis workflow
  • Security-focused examples (PDF flattening, password removal)

3. Interactive Navi Sheets (/opt/navi-cheats/)

  • Dynamic command completion with file discovery
  • Interactive parameter selection
  • Context-aware suggestions

4. Custom TLDR Pages (/root/.local/share/tldr/pages/common/)

  • Analysis-specific tools not in standard TLDR
  • Follows standard TLDR format
  • Quick reference examples

5. Unified fhelp Command

  • Single interface to all help systems
  • Clear command structure with examples
  • Workflow-based help (PDF, malware analysis)
  • Offline capability verification

📋 Usage Examples

Find Tools

fhelp tools pdf          # Find PDF analysis tools
fhelp tools malware      # Find malware analysis tools
fhelp tools --interactive # Interactive tool browser

Get Command Examples

fhelp cheat pdf          # PDF analysis workflow
fhelp cheat pdftk        # pdftk-specific examples  
fhelp quick tar          # Quick tar examples
fhelp examples           # Interactive example browser

Analysis Workflows

fhelp pdf               # Step-by-step PDF analysis
fhelp malware           # Step-by-step malware analysis

Verification

fhelp --offline         # Check all help systems work offline
fhelp --all             # Complete overview of capabilities

🎯 Key Improvements for File Analysis

PDF Security Analysis

  • Flattening: pdftk suspicious.pdf output safe.pdf flatten
  • Password Removal: qpdf --password=PASSWORD --decrypt encrypted.pdf decrypted.pdf
  • JavaScript Detection: strings document.pdf | grep -i "javascript"
  • Safe Preview: convert document.pdf[0] preview.png

Malware Analysis Workflow

  • Capability Detection: capa malware.exe
  • JavaScript Sandbox: box-js --output-dir=/tmp suspicious.js
  • Office Document Analysis: oledump.py document.doc
  • Binary Analysis: binwalk malware.bin

Data Analysis

  • Interactive Exploration: vd data.csv
  • URL Analysis: unfurl http://suspicious.com/path

🔧 Testing

Run comprehensive tests with:

./test-help-system.sh

This validates:

  • All help commands work correctly
  • Tool availability matches documentation
  • File structure is correct
  • Integration between help systems works

📦 Build Instructions

The enhanced help system is automatically included when building:

docker build -f Dockerfile.remnux -t tabledevil/file-analysis:enhanced .

🎉 Benefits

  1. No More Missing Tools: Only lists tools that actually exist with correct names
  2. Practical Examples: Real-world analysis commands, not just descriptions
  3. Workflow Guidance: Step-by-step analysis procedures
  4. Offline Capable: Works completely offline with comprehensive documentation
  5. Multiple Interfaces: Choose between fhelp, navi, cheat, tldr based on preference
  6. Security Focus: Emphasizes safe analysis practices (PDF flattening, sandboxing)

📱 Quick Reference Card

Command Purpose Example
fhelp Main help system fhelp tools pdf
fhelp cheat <tool> Tool examples fhelp cheat pdftk
fhelp pdf PDF workflow Shows step-by-step PDF analysis
fhelp malware Malware workflow Shows malware analysis steps
navi Interactive browser Browse all examples with fzf
find-tool <term> Tool search find-tool javascript
tldr <tool> Quick reference tldr tar
cheat <tool> Detailed examples cheat 7z

This enhanced system provides comprehensive, accurate, offline-capable help for file analysis workflows while leveraging existing community resources and adding specialized analysis examples.

Reference in New Issue View Git Blame Copy Permalink