docker_file_analysis/Dockerfile.remnux

FROM remnux/remnux-distro:latest
LABEL maintainer="tabledevil"

USER root
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin

# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \
    busybox \
    catdoc \
    docx2txt \
    fzf \
    mc \
    pipx \
    unrtf \
    && rm -rf /var/lib/apt/lists/*

# Configure pip  
ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf

# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
    && chmod +x /usr/bin/capa

# Install JavaScript sandbox
RUN npm install box-js --global --production

# Install unfurl & dependencies via pipx (for URL analysis)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup

# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata

# Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr

# Install navi for interactive cheat sheets
RUN wget https://github.com/denisidoro/navi/releases/download/v2.23.0/navi-v2.23.0-x86_64-unknown-linux-musl.tar.gz -O /tmp/navi.tar.gz \
    && tar -xzf /tmp/navi.tar.gz -C /usr/local/bin \
    && chmod +x /usr/local/bin/navi \
    && rm /tmp/navi.tar.gz

# Create data directory and set permissions
RUN mkdir -p /data \
    && chown remnux:remnux /data

# Add documentation and search tools
ADD files/README /opt/README
ADD files/command_help /opt/command_help
ADD scripts/download-docs.sh /usr/local/bin/download-docs.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/help /usr/local/bin/help
ADD cheatsheets/ /opt/cheatsheets/

# Download REMnux documentation and create searchable database
RUN chmod +x /usr/local/bin/download-docs.sh /usr/local/bin/find-tool /usr/local/bin/help \
    && /usr/local/bin/download-docs.sh

# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
    && echo 'echo ""' >> /etc/bash.bashrc \
    && echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
    && echo 'echo "  help                    - Complete help system"' >> /etc/bash.bashrc \
    && echo 'echo "  help tools pdf          - Find PDF analysis tools"' >> /etc/bash.bashrc \
    && echo 'echo "  help cheat pdfid.py     - Show command examples"' >> /etc/bash.bashrc \
    && echo 'echo "  help examples           - Browse all examples (navi)"' >> /etc/bash.bashrc \
    && echo 'echo "  help pdf                - PDF analysis workflow"' >> /etc/bash.bashrc \
    && echo 'echo ""' >> /etc/bash.bashrc

# Switch to remnux user (REMnux default user)
USER remnux
ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data

CMD ["/bin/bash"]