docker_file_analysis/Dockerfile.remnux

FROM remnux/remnux-distro:latest
LABEL maintainer="tabledevil"

USER root
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin

# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \
    busybox \
    catdoc \
    docx2txt \
    fd-find \
    fish \
    fzf \
    mc \
    pipx \
    ripgrep \
    unrtf \
    zsh \
    zsh-autosuggestions \
    zsh-syntax-highlighting \
    && rm -rf /var/lib/apt/lists/*

# Configure pip  
ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf

# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
    && chmod +x /usr/bin/capa

# Install JavaScript sandbox
RUN npm install box-js --global --production

# Install unfurl & dependencies via pipx (for URL analysis)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup

# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata

# Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr

# Removed navi - focus on tldr and cheat for reliable help system

# Create data directory and set permissions
RUN mkdir -p /data \
    && chown remnux:remnux /data

# Add documentation and streamlined help system
ADD files/README /opt/README
ADD files/command_help /opt/command_help
ADD files/zshrc /etc/zsh/zshrc
ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish
ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/fhelp /usr/local/bin/fhelp
ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh
ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py
ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh

# Create streamlined offline help system (tldr + cheat)
RUN chmod +x /usr/local/bin/create-offline-help-system.sh /usr/local/bin/find-tool /usr/local/bin/fhelp /usr/local/bin/import-remnux-cheatsheets.sh \
    && chmod +x /usr/local/bin/convert-remnux-cheats.py /usr/local/bin/add-tool-cheats.sh \
    && /usr/local/bin/create-offline-help-system.sh \
    && /usr/local/bin/add-tool-cheats.sh

# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
    && echo 'echo ""' >> /etc/bash.bashrc \
    && echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
    && echo 'echo "  fhelp                   - Complete file analysis help"' >> /etc/bash.bashrc \
    && echo 'echo "  fhelp tools pdf         - Find PDF analysis tools"' >> /etc/bash.bashrc \
    && echo 'echo "  fhelp cheat pdfid.py    - Show command examples"' >> /etc/bash.bashrc \
    && echo 'echo "  fhelp examples          - Browse all examples"' >> /etc/bash.bashrc \
    && echo 'echo "  fhelp pdf               - PDF analysis workflow"' >> /etc/bash.bashrc \
    && echo 'echo ""' >> /etc/bash.bashrc \
    && echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \
    && echo 'alias ?="fhelp"' >> /etc/bash.bashrc

# Switch to remnux user (REMnux default user)
USER remnux
ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data

CMD ["/bin/bash"]