Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/realorangeone/docker-cyberchef

A containerized deployment of CyberChef, with additional protections
https://github.com/realorangeone/docker-cyberchef

cyberchef data-analysis data-manipulation docker encoding

Last synced: 20 days ago
JSON representation

A containerized deployment of CyberChef, with additional protections

Host: GitHub
URL: https://github.com/realorangeone/docker-cyberchef
Owner: RealOrangeOne
License: mit
Created: 2023-03-06T20:13:01.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2024-04-24T17:36:31.000Z (9 months ago)
Last Synced: 2024-05-01T21:43:46.367Z (8 months ago)
Topics: cyberchef, data-analysis, data-manipulation, docker, encoding
Language: Dockerfile
Homepage:
Size: 34.2 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Docker CyberChef

[![CI](https://github.com/RealOrangeOne/docker-website-server/actions/workflows/ci.yml/badge.svg)](https://github.com/RealOrangeOne/docker-website-server/actions/workflows/ci.yml)

A containerized deployment of [CyberChef](https://github.com/gchq/cyberchef), with additional protections.

## Usage

```yml
version: "2.3"

services:
web:
image: theorangeone/cyberchef:latest
ports:
- "80:80"
```

## Protections

CyberChef is a project from the UK's [Government Communications Headquarters (GCHQ)](https://www.gchq.gov.uk/). Whilst the project itself is great, given the nature of the data put into it, I don't quite trust GCHQ, regardless of the fact it's an open-source project. I want to be sure (or as sure as I can be) the data I give to CyberChef goes no further than my browser

For that reason, this container has a few additional protections to help secure it and any data entered into it:

- Add a `Content-Security-Policy` to prevent the browser from communicating with any other sites
- Add a `Permissions-Policy` to prevent access to more "interesting" browser features
- Just `nginx` on the server - no additional complexities
- Prevent embedding in an `iframe`
- Don't send `Referer` header when navigating to related links
- Don't cache files, always revalidate from the server
- Prevent search engines from indexing content on the page
- Clear all site data when closing the page

## Customization

This image supports some customizations:

- `$PUID`: Set the user nginx runs as (default `1000`)