[recipe] cyberchef

Fixes #146
2025-12-13 09:46:23 +00:00 · 2021-01-19 20:35:06 +13:00
parent f62b615ade
commit 85ffb9d91e
10 changed files with 80 additions and 1 deletions
--- a/_snippets/premix-cta.md
+++ b/_snippets/premix-cta.md
@@ -1,4 +1,4 @@
-!!! tip inline end
+!!! tip
    I automatically and **instantly** share (_with my [sponsors](https://github.com/sponsors/funkypenguin)_) a private "[_premix_](https://geek-cookbook.funkypenguin.co.nz/premix/)" git repository, which includes necessary docker-compose and env files for all published recipes. This means that sponsors can launch any recipe with just a `git pull` and a `docker stack deploy` 👍. 

    🚀 **Update**: Premix now includes an ansible playbook, so that sponsors can deploy an entire stack + recipes, with a single ansible command! (*more [here](https://geek-cookbook.funkypenguin.co.nz/premix/ansible/operation/)*)
--- a/manuscript/CHANGELOG.md
+++ b/manuscript/CHANGELOG.md
@@ -8,6 +8,7 @@ hide:

 Recipe                             | Description                                                                         | Date
 -----------------------------------|-------------------------------------------------------------------------------------|--------------
+[CyberChef](/recipes/cyberchef/) | A web-based collection of useful tools for INFOSEC work, by the [GCHQ](https://en.wikipedia.org/wiki/GCHQ) | _19 Jan 2021_
 [Linx](/recipes/linx/)             | Quickly and securely share media/files with optional password-protection and expiry | _13 Jan 2021_
 [Komga](/recipes/komga/)           | Beautiful interface to manage and enjoy your comics / graphic novels                | _5 Jan 2021_
 [Photoprism](/recipes/photoprism/) | Self-hosted photo-management app incorporating automated tagging using Tensorflow   | _6 Aug 2020_
--- a/manuscript/images/common_observatory.png
+++ b/manuscript/images/common_observatory.png
--- a/manuscript/images/cryptominer.png
+++ b/manuscript/images/cryptominer.png
--- a/manuscript/images/cryptominer_alarm.png
+++ b/manuscript/images/cryptominer_alarm.png
--- a/manuscript/images/cryptominer_grafana.png
+++ b/manuscript/images/cryptominer_grafana.png
--- a/manuscript/images/cryptonote-mining-pool.png
+++ b/manuscript/images/cryptonote-mining-pool.png
--- a/manuscript/images/cyberchef.png
+++ b/manuscript/images/cyberchef.png
--- a/manuscript/recipes/cyberchef.md
+++ b/manuscript/recipes/cyberchef.md
@@ -0,0 +1,77 @@
+# CyberChef
+
+Are you a l33t h@x0r? Do you need the right tools at your fingertips to support your [#masterhacker](https://reddit.com/r/masterhacker) skillz? Look no further than CyberChef, lovingly baked for you by your friends at GHCQ[^1]!
+
+[^1]: [Government Communications Headquarters](https://en.wikipedia.org/wiki/GCHQ), commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom
+
+![CyberChef Screenshot](../images/cyberchef.png)
+
+[CyberChef](https://github.com/gchq/CyberChef) is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
+
+Here are some examples of fancy hax0r tricks you can do with CyberChef:
+
+ - [Decode a Base64-encoded string][2]
+ - [Decrypt and disassemble shellcode][6]
+ - [Perform AES decryption, extracting the IV from the beginning of the cipher stream][10]
+ - [Automagically detect several layers of nested encoding][12]
+
+Here's a [live demo](https://gchq.github.io/CyberChef)!
+
+## Ingredients
+
+!!! summary "Ingredients"
+    Already deployed:
+
+    * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+    * [X] [Traefik](/ha-docker-swarm/traefik) configured per design
+    * [X] DNS entry for the hostname you intend to use (*or a wildcard*), pointed to your [keepalived](/ha-docker-swarm/keepalived/) IP
+
+
+## Preparation
+
+### Setup Docker Swarm
+
+CyberChef doesn't require any persistent storage, or fancy configuration, so simply create a docker swarm config file in docker-compose syntax (v3), something like this:
+
+--8<-- "premix-cta.md"
+
+```
+version: "3.2" # https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
+
+services:
+  cyberchef:
+    image: mpepping/cyberchef
+    deploy:
+      labels:
+        # traefik
+        - traefik.enable=true
+        - traefik.docker.network=traefik_public
+
+        # traefikv1
+        - traefik.frontend.rule=Host:cyberchef.example.com
+        - traefik.port=8000     
+
+        # traefikv2
+        - "traefik.http.routers.cyberchef.rule=Host(`cyberchef.example.com`)"
+        - "traefik.http.routers.cyberchef.entrypoints=https"
+        - "traefik.http.services.cyberchef.loadbalancer.server.port=8000"           
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
+```
+
+## Serving
+
+### Cyber the Chef!
+
+Launch the Linx stack by running ```docker stack deploy cyberchef -c <path -to-docker-compose.yml>```
+
+--8<-- "recipe-footer.md"
+
+  [2]: https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)&input=VTI4Z2JHOXVaeUJoYm1RZ2RHaGhibXR6SUdadmNpQmhiR3dnZEdobElHWnBjMmd1
+  [6]: https://gchq.github.io/CyberChef/#recipe=RC4(%7B'option':'UTF8','string':'secret'%7D,'Hex','Hex')Disassemble_x86('64','Full%20x86%20architecture',16,0,true,true)&input=MjFkZGQyNTQwMTYwZWU2NWZlMDc3NzEwM2YyYTM5ZmJlNWJjYjZhYTBhYWJkNDE0ZjkwYzZjYWY1MzEyNzU0YWY3NzRiNzZiM2JiY2QxOTNjYjNkZGZkYmM1YTI2NTMzYTY4NmI1OWI4ZmVkNGQzODBkNDc0NDIwMWFlYzIwNDA1MDcxMzhlMmZlMmIzOTUwNDQ2ZGIzMWQyYmM2MjliZTRkM2YyZWIwMDQzYzI5M2Q3YTVkMjk2MmMwMGZlNmRhMzAwNzJkOGM1YTZiNGZlN2Q4NTlhMDQwZWVhZjI5OTczMzYzMDJmNWEwZWMxOQ
+  [10]: https://gchq.github.io/CyberChef/#recipe=Register('(.%7B32%7D)',true,false)Drop_bytes(0,32,false)AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D)&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg
+  [12]: https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false)&input=V1VhZ3dzaWFlNm1QOGdOdENDTFVGcENwQ0IyNlJtQkRvREQ4UGFjZEFtekF6QlZqa0syUXN0RlhhS2hwQzZpVVM3UkhxWHJKdEZpc29SU2dvSjR3aGptMWFybTg2NHFhTnE0UmNmVW1MSHJjc0FhWmM1VFhDWWlmTmRnUzgzZ0RlZWpHWDQ2Z2FpTXl1QlY2RXNrSHQxc2NnSjg4eDJ0TlNvdFFEd2JHWTFtbUNvYjJBUkdGdkNLWU5xaU45aXBNcTFaVTFtZ2tkYk51R2NiNzZhUnRZV2hDR1VjOGc5M1VKdWRoYjhodHNoZVpud1RwZ3FoeDgzU1ZKU1pYTVhVakpUMnptcEM3dVhXdHVtcW9rYmRTaTg4WXRrV0RBYzFUb291aDJvSDRENGRkbU5LSldVRHBNd21uZ1VtSzE0eHdtb21jY1BRRTloTTE3MkFQblNxd3hkS1ExNzJSa2NBc3lzbm1qNWdHdFJtVk5OaDJzMzU5d3I2bVMyUVJQ
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -93,6 +93,7 @@ nav:
        - Bookstack: recipes/bookstack.md
        - Calibre-Web: recipes/calibre-web.md
        - Collabora Online: recipes/collabora-online.md
+        - CyberChef: recipes/cyberchef.md
        - Duplicati: recipes/duplicati.md
        - ElkarBackup: recipes/elkarbackup.md
        - Ghost: recipes/ghost.md