Cyberchef cli #1043
Cyberchef cli #1043
Conversation
This fairly simple script leverages the Node API provided by CyberChef to allow performing operations on local filesystem objects without needing to copy them into and out of a browser window. It requires a recipe to be specified at runtime as a JSON file. Also includes a simple TCP server for use by other local processes. This server is hard-coded to use localhost in order to discourage production use of the script.
package.json
Outdated
| @@ -98,6 +101,7 @@ | |||
| "bson": "^4.0.3", | |||
| "chi-squared": "^1.1.0", | |||
| "codepage": "^1.14.0", | |||
| "commander": "^2.14.1", | |||
There was a problem hiding this comment.
I chose this version of commander because it's also the version pulled by codepage, in the hopes of minimizing impact of adding a dependency.
cli.js
Outdated
| (err) => { | ||
| console.error(err.message); | ||
| process.exitCode = 2; | ||
| }) | ||
| .catch((err) => { | ||
| console.error(err.message); | ||
| process.exitCode = 2; | ||
| }); |
There was a problem hiding this comment.
One quirk of Node I haven't yet been able to work out is why I need the failure handler on this then() call in addition to the catch() call.
There was a problem hiding this comment.
You don't need the failure handler on it, you can either use that or .catch().
|
Hi @Boolean263 Thanks a lot for this PR. I have never considered running chef in a cli and I didn't know about the I have cloned this and tried running it locally - I am having some issues running it. Here's what I did You've stuck with Otherwise, for listening for TCP requests, I feel like this overlaps a lot with the CyberChef-server project, which accepts recipes and input over TCP and returns the output. More generally, I think this CLI could benefit from living in its own repository. This would then allow you to wrap the CyberChef-server into it, if you were to use that. It would also allow you to use a more modern version of |
|
Hi @d98762625, thank you for considering my PR! If you like the idea of the script for CyberChef, then I'm okay with using a more recent version of commander (which apparently I was using anyway without realizing) if you folks are okay with adding one more dependency. I hadn't known about CyberChef-server when I added the TCP option. I threw that in there after noting the (relatively) long startup time of my script, both for the learning experience and as a way to amortize the startup time. If you like the script idea apart from that, I can remove the server option and look more closely at CyberChef-server. I feel like the script is too simple to merit its own repo, but of course that'll be my next option if you decline this PR. :) |
|
Can you also give a full example of how you would run this, with a recipe and some input? I'll spend some time thinking about whether we want to add the script to this repo or not. In the mean time, please also take a look at the repl that's already part of this repo, which you can run with npm run repl
chef> recipe = JSON.parse(fs.readFileSync('recipe.json'))
chef> chef.bake('some input', recipe)For context, the load time of this script is slow because we're using |
|
When you ask for a full example, are you looking for proper written documentation? The script itself has a help message, and it's intended to be straightforward: sh$ cyberchef -r recipe.json -o output_dir/ input_dir/*.binI hadn't known of the REPL either, but that's less convenient to me because it involves having to add programming to each iteration of my workflow, rather than doing so once with the script, and focusing on what I want to find after that. (Or, to put it another way, you can view the script as being a thin wrapper around the REPL.) CyberChef (specifically, the web-based version) is very popular where I work, but I'm more of a command-line type of person. I wrote the script because my workflow can involve hundreds or even thousands of files, and dragging them into and out of a browser interrupts my flow. It also seems a bit over-complicated to me to require the extra overhead of a web browser when all I need is the code you've written. |
|
If you're looking for speed, why not adapt this script to use a cyberchef-server instance running under docker - first time you run it it checks if the container and server are up, and if not then it starts it. Every time after that it just uses the already spawned docker instance. |
|
Yes I've seen the script help message. Maybe I'm misunderstanding, but when I run: I get and nothing in the out dir. It might be worth you doing a fresh clone / checkout of your branch to see if you can replicate these issues I'm having? |
|
@d98762625: Looking at the script, it shows the Running from a fresh checkout (and doing @mattnotmitt: I'll be looking into an approach like that, definitely. Like I told @d98762625, I hadn't known about the existence of CyberChef-server when I originally created the script. My next update will remove the TCP support for this reason. |
|
I forgot, I also ran |
* Remove TCP server feature; this area is better served by the CyberChef-server project * Increase required version of commander to one which provides `requiredOption()` * Print the error message that is captured when failing to parse the command line Also use `fs.readFileSync()` to read the recipe file.
|
Thank you for the extra information! This latest push uses that requirement. Building from scratch in a fresh checkout didn't let me reproduce the problem you had. This latest push should print (By the way @d98762625 , I've also dropped you a note on gmail.) |
|
In discussion with @d98762625, we decided this is probably better discussed as a ticket than as a PR, so see feature request #1046. The script in this PR could possibly still be included as an example program for using the Node API. |
|
Neat. Seems like a good discussion.
…On Sat, Jul 30, 2022, 11:28 David Perry ***@***.***> wrote:
Closed #1043 <#1043>.
—
Reply to this email directly, view it on GitHub
<#1043 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AO26RI5DCZ6MWSJUAWE4GGDVWVC2RANCNFSM4NNMB23Q>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
This fairly simple script leverages the Node API provided by CyberChef to allow performing operations on local filesystem objects without needing to copy them into and out of a browser window.
It requires a recipe to be specified at runtime as a JSON file.
Also includes a simple TCP server for use by other local processes. This server is hard-coded to use localhost in order to discourage production use of the script.
This is my first time programming in Node, but the presence of the Node API inspired me to try. CyberChef includes many tools that are frequently subjected to "reinventing the wheel," but it makes more sense to leverage the existing tools whenever possible.