Mirror
/
CyberChef
mirror of https://github.com/gchq/CyberChef.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into v10

This commit is contained in:
n1474335 2022-09-16 14:48:52 +01:00
parent 3893c22275 c2cf535f88
commit cd7156dc55
18 changed files with 2263 additions and 8890 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/master.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
- name: Set node version
uses: actions/setup-node@v1
with:
node-version: '17.x'
node-version: '18.x'
- name: Install
run: |

2
.github/workflows/pull_requests.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
- name: Set node version
uses: actions/setup-node@v1
with:
node-version: '17.x'
node-version: '18.x'
- name: Install
run: |

2
.github/workflows/releases.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
- name: Set node version
uses: actions/setup-node@v1
with:
node-version: '17.x'
node-version: '18.x'
- name: Install
run: |

2
.nvmrc
View File

@ -1 +1 @@
17
18

12
README.md
View File

@ -54,7 +54,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
- Whenever you modify the input or the recipe, CyberChef will automatically "bake" for you and produce the output immediately.
- This can be turned off and operated manually if it is affecting performance (if the input is very large, for instance).
- Automated encoding detection
- CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation which can make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data.
- CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation that make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data.
- Breakpoints
- You can set breakpoints on any operation in your recipe to pause execution before running it.
- You can also step through the recipe one operation at a time to see what the data looks like at each stage.
@ -66,7 +66,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
- Highlighting
- When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: [highlight the word 'question' in the input to see where it appears in the output][11]).
- Save to file and load from file
- You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however some operations may take a very long time to run over this much data.
- You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however, some operations may take a very long time to run over this much data.
- CyberChef is entirely client-side
- It should be noted that none of your recipe configuration or input (either text or files) is ever sent to the CyberChef web server - all processing is carried out within your browser, on your own computer.
- Due to this feature, CyberChef can be downloaded and run locally. You can use the link in the top left corner of the app to download a full copy of CyberChef and drop it into a virtual machine, share it with other people, or host it in a closed network.
@ -74,10 +74,10 @@ You can use as many operations as you like in simple or complex ways. Some examp
## Deep linking
By manipulation of CyberChef's URL hash, you can change the initial settings with which the page opens.
By manipulating CyberChef's URL hash, you can change the initial settings with which the page opens.
The format is `https://gchq.github.io/CyberChef/#recipe=Operation()&input=...`
Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`.
Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`.
## Browser support
@ -90,12 +90,12 @@ CyberChef is built to support
## Node.js support
CyberChef is built to fully support Node.js `v10` and partially supports `v12`. Named imports using a deep import specifier does not work in `v12`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki)
CyberChef is built to fully support Node.js `v16`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki)
## Contributing
Contributing a new operation to CyberChef is super easy! There is a quickstart script which will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
Contributing a new operation to CyberChef is super easy! The quickstart script will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the project [wiki pages](https://github.com/gchq/CyberChef/wiki).

10951
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
package.json
View File

@ -1,6 +1,6 @@
{
"name": "cyberchef",
"version": "9.46.0",
"version": "9.46.5",
"description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
"author": "n1474335 <n1474335@gmail.com>",
"homepage": "https://gchq.github.io/CyberChef",
@ -54,7 +54,7 @@
"babel-loader": "^8.2.5",
"babel-plugin-dynamic-import-node": "^2.3.3",
"babel-plugin-transform-builtin-extend": "1.1.2",
"chromedriver": "^101.0.0",
"chromedriver": "^103.0.0",
"cli-progress": "^3.11.1",
"colors": "^1.4.0",
"copy-webpack-plugin": "^11.0.0",
@ -82,7 +82,6 @@
"postcss-import": "^14.1.0",
"postcss-loader": "^7.0.0",
"prompt": "^1.3.0",
"sass-loader": "^13.0.0",
"sitemap": "^7.1.1",
"terser": "^5.14.0",
"webpack": "^5.73.0",
@ -128,7 +127,7 @@
"js-sha3": "^0.8.0",
"jsesc": "^3.0.2",
"json5": "^2.2.1",
"jsonpath": "^1.1.1",
"jsonpath-plus": "^7.2.0",
"jsonwebtoken": "^8.5.1",
"jsqr": "^1.4.0",
"jsrsasign": "^10.5.23",
@ -145,7 +144,6 @@
"ngeohash": "^0.6.3",
"node-forge": "^1.3.1",
"node-md6": "^0.1.0",
"node-sass": "^7.0.1",
"nodom": "^2.4.0",
"notepack.io": "^3.0.1",
"nwmatcher": "^1.4.4",
@ -161,7 +159,7 @@
"split.js": "^1.6.5",
"ssdeep.js": "0.0.3",
"stream-browserify": "^3.0.0",
"tesseract.js": "2.1.5",
"tesseract.js": "3.0.2",
"ua-parser-js": "^1.0.2",
"unorm": "^1.6.0",
"utf8": "^3.0.0",
@ -174,6 +172,7 @@
"scripts": {
"start": "npx grunt dev",
"build": "npx grunt prod",
"node": "npx grunt node",
"repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings src/node/repl.mjs",
"test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation tests/operations/index.mjs",
"testnodeconsumer": "npx grunt testnodeconsumer",

2
src/core/lib/Protobuf.mjs
View File

@ -184,7 +184,7 @@ class Protobuf {
bytes: String,
longs: Number,
enums: String,
defualts: true
defaults: true
});
const output = {};

33
src/core/operations/JPathExpression.mjs
View File

@ -4,7 +4,7 @@
* @license Apache-2.0
*/
import jpath from "jsonpath";
import {JSONPath} from "jsonpath-plus";
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
@ -27,14 +27,20 @@ class JPathExpression extends Operation {
this.outputType = "string";
this.args = [
{
"name": "Query",
"type": "string",
"value": ""
name: "Query",
type: "string",
value: ""
},
{
"name": "Result delimiter",
"type": "binaryShortString",
"value": "\\n"
name: "Result delimiter",
type: "binaryShortString",
value: "\\n"
},
{
name: "Prevent eval",
type: "boolean",
value: true,
description: "Evaluated expressions are disabled by default for security reasons"
}
];
}
@ -45,18 +51,21 @@ class JPathExpression extends Operation {
* @returns {string}
*/
run(input, args) {
const [query, delimiter] = args;
let results,
obj;
const [query, delimiter, preventEval] = args;
let results, jsonObj;
try {
obj = JSON.parse(input);
jsonObj = JSON.parse(input);
} catch (err) {
throw new OperationError(`Invalid input JSON: ${err.message}`);
}
try {
results = jpath.query(obj, query);
results = JSONPath({
path: query,
json: jsonObj,
preventEval: preventEval
});
} catch (err) {
throw new OperationError(`Invalid JPath expression: ${err.message}`);
}

7
src/core/operations/JSONToCSV.mjs
View File

@ -114,8 +114,11 @@ class JSONToCSV extends Operation {
* @returns {string}
*/
escapeCellContents(data, force=false) {
if (typeof data === "number") data = data.toString();
if (force && typeof data !== "string") data = JSON.stringify(data);
if (data !== "string") {
const isPrimitive = data == null || typeof data !== "object";
if (isPrimitive) data = `${data}`;
else if (force) data = JSON.stringify(data);
}
// Double quotes should be doubled up
data = data.replace(/"/g, '""');

8
src/core/operations/OpticalCharacterRecognition.mjs
View File

@ -12,10 +12,8 @@ import { isImage } from "../lib/FileType.mjs";
import { toBase64 } from "../lib/Base64.mjs";
import { isWorkerEnvironment } from "../Utils.mjs";
import Tesseract from "tesseract.js";
const { createWorker } = Tesseract;
import process from "process";
import { createWorker } from "tesseract.js";
/**
* Optical Character Recognition operation
@ -55,7 +53,7 @@ class OpticalCharacterRecognition extends Operation {
const type = isImage(input);
if (!type) {
throw new OperationError("Invalid File Type");
throw new OperationError("Unsupported file type (supported: jpg,png,pbm,bmp) or no file provided");
}
const assetDir = isWorkerEnvironment() ? `${self.docURL}/assets/` : `${process.cwd()}/src/core/vendor/`;
@ -74,7 +72,7 @@ class OpticalCharacterRecognition extends Operation {
}
});
await worker.load();
self.sendStatusMessage("Loading English language...");
self.sendStatusMessage(`Loading English language pack...`);
await worker.loadLanguage("eng");
self.sendStatusMessage("Intialising Tesseract API...");
await worker.initialize("eng");

2
src/web/stylesheets/index.js
View File

@ -10,7 +10,7 @@
import "highlight.js/styles/vs.css";
/* Frameworks */
import "./vendors/bootstrap.scss";
import "bootstrap-material-design/dist/css/bootstrap-material-design.css";
import "bootstrap-colorpicker/dist/css/bootstrap-colorpicker.css";
/* CyberChef styles */

25
src/web/stylesheets/utils/_overrides.css
View File

@ -82,7 +82,17 @@ a:focus {
border-color: var(--btn-success-hover-border-colour);
}
select.form-control:not([size]):not([multiple]), select.custom-file-control:not([size]):not([multiple]) {
select.form-control,
select.form-control:focus {
background-color: var(--primary-background-colour) !important;
}
select.form-control:focus {
transition: none !important;
}
select.form-control:not([size]):not([multiple]),
select.custom-file-control:not([size]):not([multiple]) {
height: unset !important;
}
@ -145,7 +155,8 @@ optgroup {
color: var(--primary-font-colour);
}
.table-bordered th, .table-bordered td {
.table-bordered th,
.table-bordered td {
border: 1px solid var(--table-border-colour);
}
@ -172,7 +183,9 @@ optgroup {
color: var(--subtext-font-colour);
}
.nav-tabs>li>a.nav-link.active, .nav-tabs>li>a.nav-link.active:focus, .nav-tabs>li>a.nav-link.active:hover {
.nav-tabs>li>a.nav-link.active,
.nav-tabs>li>a.nav-link.active:focus,
.nav-tabs>li>a.nav-link.active:hover {
background-color: var(--secondary-background-colour);
border-color: var(--secondary-border-colour);
border-bottom-color: transparent;
@ -183,7 +196,8 @@ optgroup {
border-color: var(--primary-border-colour);
}
.nav a.nav-link:focus, .nav a.nav-link:hover {
.nav a.nav-link:focus,
.nav a.nav-link:hover {
background-color: var(--secondary-border-colour);
}
@ -199,7 +213,8 @@ optgroup {
color: var(--primary-font-colour);
}
.dropdown-menu a:focus, .dropdown-menu a:hover {
.dropdown-menu a:focus,
.dropdown-menu a:hover {
background-color: var(--secondary-background-colour);
color: var(--primary-font-colour);
}

23
src/web/stylesheets/vendors/bootstrap.scss vendored
View File

@ -1,23 +0,0 @@
/**
* Bootstrap Material Design with overrides
*
* @author n1474335 [n1474335@gmail.com]
* @copyright Crown Copyright 2018
* @license Apache-2.0
*/
@import "~bootstrap-material-design/scss/variables/colors";
$theme-colors: (
primary: $blue-700,
success: $green,
info: $light-blue,
warning: $deep-orange,
danger: $red,
light: $grey-100,
dark: $grey-800
);
$bmd-form-line-height: 1.25;
@import "~bootstrap-material-design/scss/core";

35
tests/operations/tests/Code.mjs
View File

@ -185,11 +185,11 @@ TestRegister.addTests([
{
name: "JPath Expression: Empty expression",
input: JSON.stringify(JSON_TEST_DATA),
expectedOutput: "Invalid JPath expression: we need a path",
expectedOutput: "",
recipeConfig: [
{
"op": "JPath expression",
"args": ["", "\n"]
"args": ["", "\n", true]
}
],
},
@ -205,7 +205,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$.store.book[*].author", "\n"]
"args": ["$.store.book[*].author", "\n", true]
}
],
},
@ -223,7 +223,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..title", "\n"]
"args": ["$..title", "\n", true]
}
],
},
@ -238,7 +238,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$.store.*", "\n"]
"args": ["$.store.*", "\n", true]
}
],
},
@ -249,7 +249,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..book[-1:]", "\n"]
"args": ["$..book[-1:]", "\n", true]
}
],
},
@ -263,7 +263,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..book[:2]", "\n"]
"args": ["$..book[:2]", "\n", true]
}
],
},
@ -277,7 +277,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..book[?(@.isbn)]", "\n"]
"args": ["$..book[?(@.isbn)]", "\n", false]
}
],
},
@ -292,7 +292,7 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n"]
"args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n", false]
}
],
},
@ -306,10 +306,25 @@ TestRegister.addTests([
recipeConfig: [
{
"op": "JPath expression",
"args": ["$..book[?(@.price<10)]", "\n"]
"args": ["$..book[?(@.price<10)]", "\n", false]
}
],
},
{
name: "JPath Expression: Script-based expression",
input: "[{}]",
recipeConfig: [
{
"op": "JPath expression",
"args": [
"$..[?(({__proto__:[].constructor}).constructor(\"self.postMessage({action:'bakeComplete',data:{bakeId:1,dish:{type:1,value:''},duration:1,error:false,id:undefined,inputNum:2,progress:1,result:'<iframe/onload=debugger>',type: 'html'}});\")();)]",
"\n",
true
]
}
],
expectedOutput: "Invalid JPath expression: Eval [?(expr)] prevented in JSONPath expression."
},
{
name: "CSS selector",
input: '<div id="test">\n<p class="a">hello</p>\n<p>world</p>\n<p class="a">again</p>\n</div>',

11
tests/operations/tests/JSONtoCSV.mjs
View File

@ -46,6 +46,17 @@ TestRegister.addTests([
},
],
},
{
name: "JSON to CSV: boolean and null as values",
input: JSON.stringify({a: false, b: null, c: 3}),
expectedOutput: "a,b,c\r\nfalse,null,3\r\n",
recipeConfig: [
{
op: "JSON to CSV",
args: [",", "\\r\\n"]
},
],
},
{
name: "JSON to CSV: JSON as an array",
input: JSON.stringify([{a: 1, b: "2", c: 3}]),

12
tests/operations/tests/Protobuf.mjs
View File

@ -40,10 +40,10 @@ TestRegister.addTests([
"Apple": [
28
],
"Banana": "You",
"Carrot": [
"Me"
]
],
"Banana": "You"
}, null, 4),
recipeConfig: [
{
@ -72,10 +72,10 @@ TestRegister.addTests([
"Apple": [
28
],
"Banana": "You",
"Carrot": [
"Me"
]
],
"Banana": "You"
},
"Unknown Fields": {
"4": 43,
@ -111,10 +111,10 @@ TestRegister.addTests([
"Apple": [
28
],
"Banana": "You",
"Carrot": [
"Me"
],
"Banana": "You",
"Date": 43,
"Elderberry": {
"Fig": "abc123",
@ -154,10 +154,10 @@ TestRegister.addTests([
input: "0d1c0000001203596f751a024d65202b2a0a0a06616263313233120031ba32a96cc10200003801",
expectedOutput: JSON.stringify({
"Test": {
"Banana (string)": "You",
"Carrot (string)": [
"Me"
],
"Banana (string)": "You",
"Date (int32)": 43,
"Imbe (Options)": "Option1"
},

13
webpack.config.js
View File

@ -164,19 +164,6 @@ module.exports = {
"postcss-loader",
]
},
{
test: /\.scss$/,
use: [
{
loader: MiniCssExtractPlugin.loader,
options: {
publicPath: "../"
}
},
"css-loader",
"sass-loader",
]
},
{
test: /\.(ico|eot|ttf|woff|woff2)$/,
type: "asset/resource",