irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
ef4253c9a03bb7ec84f8f1891e3525d58a35ae3e
docker_file_analysis/cheatsheets/malware-analysis.cheat
Tobias Kessels 6bfcfd7935 Add comprehensive offline help system with fuzzy search 
🎯 Enhanced Features:
- Integrated navi, cheat, tldr, and fzf for interactive help
- Custom cheat sheets for PDF analysis, malware analysis, and system utilities
- find-tool command for fuzzy searching through all REMnux tools
- Comprehensive help command with workflows and examples
- Complete offline documentation system

📚 Help System Components:
- help                    - Main help system
- help tools [term]       - Search for tools (fuzzy matching)
- help cheat <tool>       - Show command examples
- help examples           - Browse examples interactively (navi + fzf)
- help pdf/malware/forensics - Analysis workflows
- help --offline          - Verify offline capabilities

🛠️ Tools Added:
- navi: Interactive cheat sheet browser
- cheat: Command-line cheat sheets
- tldr: Quick command examples
- fzf: Fuzzy finder (already included)

All documentation works completely offline with local REMnux docs database
and custom cheat sheets for analysis workflows.
2025-09-30 13:01:03 +02:00

96 lines
2.2 KiB
Plaintext
Raw Blame History

# Malware Analysis Tools
# Commands for analyzing malicious files and samples
% malware, analysis, forensics
# Detect malware capabilities with CAPA
capa <malware_file>
# CAPA verbose output with rule details
capa -v <malware_file>
# CAPA output in JSON format
capa -j <malware_file>
# Analyze JavaScript in sandbox
box-js <javascript_file>
# Box-js with custom timeout (seconds)
box-js --timeout=<timeout> <javascript_file>
# Box-js with download simulation
box-js --download --output-dir=<output_dir> <javascript_file>
# Analyze Office document with oledump
oledump.py <office_file>
# Show VBA macros in Office document
oledump.py -v <office_file>
# Extract specific stream from Office document
oledump.py -s <stream_number> <office_file>
# Decode VBA macros automatically
oledump.py -v -s <stream_number> <office_file>
# Analyze RTF document
rtfdump.py <rtf_file>
# Show RTF objects
rtfdump.py -O <rtf_file>
# Analyze email message
emldump.py <email_file>
# Extract attachments from email
emldump.py -e <email_file>
# URL analysis with unfurl
unfurl_cli.py <suspicious_url>
# Unfurl with detailed output
unfurl_cli.py -d <suspicious_url>
# Extract metadata from files
exiftool <file>
# Remove metadata from file
exiftool -all= <file>
# Analyze data interactively
vd <data_file>
# Quick file type detection
file <unknown_file>
# String analysis of binary
strings <binary_file> | head -20
# Hex dump analysis
xxd <binary_file> | head -20
# Base64 decode and analyze
base64dump.py <file_with_base64>
# Search for base64 patterns
base64dump.py -s <search_term> <file>
# OCR text extraction from image
tesseract <image_file> <output_text>
$ malware_file: ls *.exe *.dll *.bin *.sample
$ javascript_file: ls *.js
$ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx
$ rtf_file: ls *.rtf
$ email_file: ls *.eml *.msg
$ suspicious_url: echo "https://suspicious-domain.com/path"
$ stream_number: echo "1 2 3 4 5"
$ timeout: echo "30 60 120"
$ output_dir: echo "./output"
$ data_file: ls *.csv *.json *.log
$ unknown_file: ls *
$ binary_file: ls *.exe *.dll *.bin
$ file_with_base64: ls *.txt *.log
$ search_term: echo "keyword"
$ image_file: ls *.png *.jpg *.jpeg *.tiff
$ output_text: echo "extracted_text"
Reference in New Issue View Git Blame Copy Permalink