WingNews logo WingNews GitHub [2]
top | item 20767183

CyberChef – Cyber Swiss Army Knife

394 points| onion2k | 6 years ago |gchq.github.io

59 comments

order
[+] octosphere|6 years ago|reply
It's funny looking at some of the contributors to this. Some of the accounts seem to be vague, single-duty accounts made for the express purpose of contributing code to CyberChef and nothing else. I admire their OPSEC

(From: https://github.com/gchq/CyberChef/graphs/contributors)

https://github.com/n1474335

https://github.com/j433866

https://github.com/d98762625

https://github.com/s2224834

https://github.com/GCHQ77703

[+] artemisbot|6 years ago|reply
I've been contributing on and off to the project since it went open source (#4 on that page), it's an interesting experience communicating with blank faces that you can't know or find anything about.

Unrelated: About a year in they sent me an award[0] for continued contributions, but there's a puzzle on it I'm yet to solve; if anyone runs across this I'd appreciate any input!

[0] https://twitter.com/mattnotmitt/status/1031456040385236992

[+] dmix|6 years ago|reply
One of them forked Mattermost. I wonder if GCHQ is using it internally instead of Slack since they can host it themselves?
[+] Fnoord|6 years ago|reply
Makes me wonder what GitHub can see (e-mail addresses, IP addresses). I also wonder if it is possible to use code analysis to figure out who these people are. Not that it is relevant for me, just curious...
[+] motohagiography|6 years ago|reply
So much fun!

At first glance, only feature requests I might have added when I did this sort of work would be in for audio spectrographs in the multimedia section. Useful for finding stego, embedded thumbnails, hidden channels etc, and a generalized malicious ZIP parser that deals with the myriad of nasties packers can use.

The demand to scale this capability within an agency like that makes it worth while to build tools like this, wonder whatother easter eggs are in there beyond alert msgs.

Brits, so cheeky.

[+] malwrar|6 years ago|reply
Wow I actually thought of building a tool similar to this for CTFs, specifically this feature:

https://github.com/gchq/CyberChef/wiki/Automatic-detection-o...

This is REALLY cool. Basically given an unknown string or file from something CTF-y you can run this tool on it to look for low-hanging fruit like it being e.g. base64 encoded.

[+] tptacek|6 years ago|reply
This is a really old reversing trick, for what it's worth; for instance, pulling gzips out of firmware images, or spotting zipped Java images. You can also often identify cryptography primitives from their ASN.1 OID strings. There are a bunch of tools that do stuff like this.
[+] integricho|6 years ago|reply
It reminds me of SnD Reverser Tool[1], although compared to this, SnD RT has a bit more constrained scope in what it does, but it's also a standalone exe of just ~150KB. such a shame it's no longer being developed...

[1] https://tuts4you.com/download/1923/

[+] weinzierl|6 years ago|reply
Cryptool is similar and I think older. At least I remember that I have used the desktop version in the 90s.

While I appreciate that they made a web version I think they scattered their efforts to create different versions too much so that the project suffered regarding features and quality.

[1] https://www.cryptool.org/en

[+] xwdv|6 years ago|reply
What’s the CLI version of this? It’s too cumbersome to click around in a GUI.
[+] ken|6 years ago|reply
It's fascinating to me (as someone who has written a similar system) that everybody, almost without exception, makes this leap.

If the problem is that clicking is too cumbersome, then add better keyboard support. That's the solution to the problem as stated. You don't need to throw out the whole UI for that, and there's lots of things a GUI can do that a CLI can't.

I haven't been able to determine if this is the common reaction because people simply assume a GUI can't have good keyboard support, or because they're making an excuse for some unstated other reason.

[+] ken|6 years ago|reply
This looks kind of neat (and not too dissimilar to my own software -- see bio), though I can't seem to make it work (or "Bake"?).

It also reminds me of OpenRefine, another very cool online data processing tool with a slightly different focus.

[+] kim031|6 years ago|reply
You need to drag specific operation(s) from Operations and drop them into Recipe. And then supply input(s) in Input tab. You can also check the Auto Bake icon in the bottom.
[+] anewguy9000|6 years ago|reply
nice!

so is any of the input feeding back to GCHQ?

[+] rtempaccount1|6 years ago|reply
shouldn't be it's purely client-side. And of course, if you don't trust them, just stick a proxy in-line and watch for traffic.
[+] rtempaccount1|6 years ago|reply
I use this a lot for basic things like base64 decoding. Of course, nothing you can't do with A.N. programming language, but handy for quick checks.
[+] lukifer|6 years ago|reply
This is just about the greatest thing ever, thanks for sharing.
[+] sdinsn|6 years ago|reply
Really nice, thanks for sharing
[+] yeahdef|6 years ago|reply
great site, been using it for years
[+] rglover|6 years ago|reply
This is awesome! Not sure if OP put this together, but thank you.
[+] floki999|6 years ago|reply
Why would anyone use a third-party web service to carry out cyber analysis? These tasks are easy enough to do/code.
[+] invokestatic|6 years ago|reply
I may be just naive, but I trust and regularly use both Cyberchef and NSA’s Ghidra. I think it’s very unlikely that these tools are backdoored (and Cyberchef runs completely in-browser).
[+] United857|6 years ago|reply
You can easily download the code and host your own instance.
[+] floki999|6 years ago|reply
Ok, fair enough, I appreciate the answers to my question - why on earth would I get docked 4 points for asking a question is a mystery though.. whoever you are.