CyberChef
Are you a l33t h@x0r? Do you need the right tools at your fingertips to support your #masterhacker skillz? Look no further than CyberChef, lovingly baked for you by your friends at GHCQ1!
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
Here are some examples of fancy hax0r tricks you can do with CyberChef:
- Decode a Base64-encoded string
- Decrypt and disassemble shellcode
- Perform AES decryption, extracting the IV from the beginning of the cipher stream
- Automagically detect several layers of nested encoding
Here's a live demo!
CyberChef Requirements
Ingredients
Already deployed:
- Docker swarm cluster with persistent shared storage
- Traefik configured per design
- DNS entry for the hostname you intend to use (or a wildcard), pointed to your keepalived IP
Related:
- Traefik Forward Auth or Authelia to secure your Traefik-exposed services with an additional layer of authentication
Preparation
CyberChef Docker Swarm config
CyberChef doesn't require any persistent storage, or fancy configuration, so simply create a docker swarm config file in docker-compose syntax (v3), something like the example below:
Fast-track with premix! π
"Premix" is a git repository which includes necessary docker-compose and env files for all published recipes. This means that you can launch any recipe with just a git pull and a docker stack deploy π.
π Update: Premix now includes an ansible playbook, enabling you to deploy an entire stack + recipes, with a single ansible command! (more here)
version: "3.2" # https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
services:
cyberchef:
image: mpepping/cyberchef
deploy:
labels:
# traefik
- traefik.enable=true
- traefik.docker.network=traefik_public
# traefikv1
- traefik.frontend.rule=Host:cyberchef.example.com
- traefik.port=8000
# traefikv2
- "traefik.http.routers.cyberchef.rule=Host(`cyberchef.example.com`)"
- "traefik.http.routers.cyberchef.entrypoints=https"
- "traefik.http.services.cyberchef.loadbalancer.server.port=8000"
networks:
- traefik_public
networks:
traefik_public:
external: true
Serving
Cyber the Chef!
Launch your CyberChef stack by running docker stack deploy cyberchef -c <path -to-docker-compose.yml>, and then visit the URL you chose to begin the hackery!
Chef's notes π
-
Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence and information assurance to the government and armed forces of the United KingdomΒ β©
Tip your waiter (sponsor) π
Did you receive excellent service? Want to compliment the chef? (..and support development of current and future recipes!) Sponsor me on Github / Ko-Fi / Patreon, or see the contribute page for more (free or paid) ways to say thank you! π
Employ your chef (engage) π€
Is this too much of a geeky PITA? Do you just want results, stat? I do this for a living - I'm a full-time Kubernetes contractor, providing consulting and engineering expertise to businesses needing short-term, short-notice support in the cloud-native space, including AWS/Azure/GKE, Kubernetes, CI/CD and automation.
Learn more about working with me here.
Flirt with waiter (subscribe) π
Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the RSS feed, or leave your email address below, and we'll keep you updated.