コンテンツにスキップ
1337skills 1337skills - チートシート

CyberChefチートシート

``` # Official hosted version https://gchq.github.io/CyberChef/

Alternative mirrors

https://cyberchef.org/ https://icyberchef.com/

```bash
# Pull official Docker image
docker pull mpepping/cyberchef

# Run CyberChef locally
docker run -d -p 8080:8080 mpepping/cyberchef

# Access at http://localhost:8080
```**Webアプリケーション**

**オンラインアクセス:**
- ブラウザで[https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)にアクセス
- インターネット接続が必要
- 追加のインストール不要
```bash
# Clone repository
git clone https://github.com/gchq/CyberChef.git
cd CyberChef

# Install dependencies
npm install

# Build application
npm run build

# Start development server
npm start

# Access at http://localhost:8080
```**Dockerインストール:**
- `docker pull mpepping/cyberchef`
- `docker run -p 8000:80 mpepping/cyberchef`
- ブラウザで`http://localhost:8000`にアクセス
```bash
# Download pre-built releases
wget https://github.com/gchq/CyberChef/releases/download/v9.55.0/CyberChef_v9.55.0.zip

# Extract and run
unzip CyberChef_v9.55.0.zip
cd CyberChef_v9.55.0
python3 -m http.server 8080
```**Node.js インストール:**
- `git clone https://github.com/gchq/CyberChef.git`
- `cd CyberChef`
- `npm install`
- `npm start`
- ブラウザで`http://localhost:8080`にアクセス

Operation: To Base64 Input: Hello World Output: SGVsbG8gV29ybGQ=

With custom alphabet

Operation: To Base64 Alphabet: Custom Input: sensitive data

- GitHubリリースページから最新バージョンをダウンロード
- プラットフォーム(Windows、macOS、Linux)に対応
- インストール不要の実行可能ファイル

Operation: From Base64 Input: SGVsbG8gV29ybGQ= Output: Hello World

Handle invalid characters

Operation: From Base64 Remove non-alphabet chars: true

- テキストをBase64文字列に変換
- 入力データを圧縮
- URLやXMLで安全に送信可能

Base32 encoding

Operation: To Base32 Input: Hello World Output: JBSWY3DPEBLW64TMMQ======

Base58 encoding (Bitcoin)

Operation: To Base58 Input: Hello World Output: JxF12TrwUP45BMd

Base85 encoding

Operation: To Base85 Input: Hello World Output: 87cURD]j7BEbo80

- Base64文字列を元のデータに戻す
- エンコードされたテキストを復元
- 文字化けを防ぐ

Operation: URL Encode Input: hello world!@#$% Output: hello%20world%21%40%23%24%25

Encode all characters

Operation: URL Encode Encode all chars: true

- URL Safe Base64
- RFC 4648準拠
- カスタム文字セット

Operation: URL Decode Input: hello%20world%21%40%23%24%25 Output: hello world!@#$%

- 特殊文字をパーセントエンコーディングに変換
- URLで安全に送信
- 予約文字をエスケープ

Operation: To HTML Entity Input: Output: <script>alert(‘XSS’)</script>

Named entities only

Operation: To HTML Entity Named entities: true

- パーセントエンコーディングを元の文字に戻す
- エンコードされたURLを復元
- 読みやすい形式に変換

Operation: From HTML Entity Input: <script>alert(‘XSS’)</script> Output: 

- 特殊文字を安全なHTML表現に変換
- XSS攻撃を防止
- `<` → `&lt;`、`>` → `&gt;`など

Operation: AES Encrypt Mode: CBC Key: 16-byte key here IV: 16-byte IV here Input: Secret message Output: Encrypted data

Different modes

Mode: ECB, CBC, CFB, OFB, GCM Key format: Hex, UTF8, Latin1, Base64

- HTMLエンティティを元の文字に戻す
- エンコードされたテキストを復元
- `&lt;` → `<`、`&gt;` → `>`など

Operation: AES Decrypt Mode: CBC Key: 16-byte key here IV: 16-byte IV here Input: Encrypted data Output: Secret message

- 対称鍵暗号方式
- 128/192/256ビット鍵長
- ECB、CBC、CTRモード対応

Operation: DES Encrypt Mode: CBC Key: 8-byte key IV: 8-byte IV Input: Data to encrypt

Operation: Triple DES Encrypt Mode: CBC Key: 24-byte key IV: 8-byte IV

- 暗号化されたデータを元に戻す
- 秘密鍵が必要
- 複数暗号モードをサポート

MD5 Hash

Operation: MD5 Input: Hello World Output: b10a8db164e0754105b7a99be72e3fe5

SHA-1 Hash

Operation: SHA1 Input: Hello World Output: 0a4d55a8d778e5022fab701977c5d840bbc486d0

SHA-256 Hash

Operation: SHA2 Size: 256 Input: Hello World Output: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

- 古典的な対称鍵暗号
- 56ビット(DES)、112/168ビット(3DES)
- 現在は非推奨

Operation: HMAC Hash function: SHA256 Key: secret-key Input: message to authenticate Output: HMAC value

- MD5
- SHA-1
- SHA-256
- SHA-3

Operation: Analyse hash Input: 5d41402abc4b2a76b9719d911017c592 Output: Possible hash types: MD5, NTLM

Hash identifier

Operation: Hash identifier Input: $2b$12$… Output: bcrypt hash detected

- メッセージ認証コード
- 秘密鍵を使用
- データの完全性を検証

Generate wordlist

Operation: Generate wordlist Type: Bruteforce Charset: abcdefghijklmnopqrstuvwxyz Min length: 4 Max length: 8

Compare with hash

Operation: Compare hashes Hash type: MD5 Target hash: 5d41402abc4b2a76b9719d911017c592

- ハッシュ値の特性を調査
- パターン認識
- 脆弱性検出

Operation: Frequency distribution Input: ATTACKATDAWN Output: Character frequency chart

Letter frequency analysis

Operation: Chi squared Input: Encrypted text Output: Chi-squared values for different shifts

Operation: Entropy Input: Random data vs compressed data Output: Entropy value (0-8 bits)

Detect compression/encryption

High entropy (>7): Likely encrypted/compressed Low entropy (“<4): Likely plain text

Operation: Strings Min length: 4 Input: Binary file data Output: Printable strings

Extract specific patterns

Operation: Regular expression Pattern: [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+.[a-zA-Z]\{2,\} Input: Text with email addresses


   **Hex操作:**

Operation: To Hex Delimiter: Space Input: Hello World Output: 48 65 6c 6c 6f 20 57 6f 72 6c 64

Operation: From Hex Delimiter: Auto Input: 48656c6c6f20576f726c64 Output: Hello World

Operation: To Binary Delimiter: Space Input: Hello Output: 01001000 01100101 01101100 01101100 01101111

XOR operations

Operation: XOR Key: secret Key format: UTF8 Input: Data to XOR

Operation: File type Input: File header bytes Output: Detected file type

Extract file signatures

Operation: Extract file paths Input: Binary data Output: Embedded file paths

Detect embedded files

Operation: Binwalk Input: Firmware or binary file Output: Embedded file locations


   ### ネットワーク分析

   **IPアドレス操作:**

Operation: Parse IP range Input: 192.168.1.0/24 Output: List of IP addresses

GeoIP lookup

Operation: GeoIP lookup Input: 8.8.8.8 Output: Location information

DNS operations

Operation: DNS over HTTPS Query type: A Domain: example.com

Operation: URL decode Input: Encoded URL Output: Decoded URL

Parse URL components

Operation: Parse URI Input: https://example.com:8080/path?param=value Output: Protocol, host, port, path, query

Defang URLs

Operation: Defang URL Input: http://malicious-site.com Output: hxxp://malicious-site[.]com


   **ログ解析:**

Operation: Parse log file Format: Apache Common Log Input: 127.0.0.1 - - [10/Oct/2000:13:55:36 -0700] “GET /apache_pb.gif HTTP/1.0” 200 2326

Extract timestamps

Operation: Extract dates Input: Log entries with various date formats Output: Standardized timestamps

Parse Windows Event Logs

Operation: Parse Windows Event Log Input: XML event log data Output: Structured event information

Operation: Sort Sort by: Timestamp Input: Multiple log entries Output: Chronologically sorted events

Time zone conversion

Operation: Change datetime format Input format: DD/MM/YYYY HH:mm:ss Output format: ISO 8601 Timezone: UTC


    **画像ステガノグラフィ:**

Operation: Extract LSB Input: Image file Bit plane: 0 (LSB) Output: Hidden data

Extract EXIF data

Operation: Extract EXIF Input: JPEG image Output: Metadata information

Image analysis

Operation: View Bit Plane Bit: 0 Input: Suspicious image Output: LSB visualization

Operation: Detect hidden text Method: Zero-width characters Input: Text with hidden content Output: Extracted hidden message

Whitespace steganography

Operation: Whitespace Action: Decode Input: Text with hidden whitespace patterns


    ### 古典的暗号

    **シーザー暗号:**

Operation: ROT13 Input: HELLO WORLD Output: URYYB JBEYQ

Variable rotation

Operation: Caesar cipher Amount: 7 Direction: Encrypt Input: ATTACK AT DAWN Output: HAAHJR HA KHDV

Operation: Substitution cipher Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext alphabet: ZYXWVUTSRQPONMLKJIHGFEDCBA Input: HELLO Output: SVOOL

Atbash cipher

Operation: Atbash cipher Input: HELLO WORLD Output: SVOOL DLIOW

Operation: Vigenère encode Key: SECRET Input: HELLO WORLD Output: ZINCS AIDVN

Vigenère decode

Operation: Vigenère decode Key: SECRET Input: ZINCS AIDVN Output: HELLO WORLD


    **頻度分析:**

Operation: Frequency distribution Show percentages: true Input: Encrypted text Output: Character frequency analysis

Index of Coincidence

Operation: Index of Coincidence Input: Ciphertext Output: IC value (indicates monoalphabetic vs polyalphabetic)

Operation: Kasiski examination Input: Vigenère ciphertext Output: Probable key lengths

Brute force Caesar

Operation: ROT13 brute force Input: Encrypted text Output: All possible rotations


    ### レシピ作成

    **レシピの保存:**

Create reusable recipes

  1. Build operation chain
  2. Click “Save recipe”
  3. Name and describe recipe
  4. Share recipe link

Example: Malware deobfuscation recipe

Operations:

  1. From Base64
  2. Gunzip
  3. From Hex
  4. AES Decrypt (key: known_key)

Share via URL

Recipe URL contains encoded operations Example: https://gchq.github.io/CyberChef/#recipe=To_Base64(‘A-Za-z0-9%2B/%3D’)

Export/Import recipes

File format: JSON Contains: Operations, parameters, input/output


    **複数の入力:**

Process multiple files

  1. Upload multiple files
  2. Apply recipe to all
  3. Download results as ZIP

Batch text processing

Input: Multiple lines of data Recipe: Applied to each line Output: Processed results


Would you like me to proceed with translating actual text content?```javascript
// CyberChef API usage (Node.js)
const chef = require("cyberchef");

// Create recipe
const recipe = new chef.Recipe(
    new chef.operations.ToBase64(),
    new chef.operations.MD5()
);

// Process data
const result = chef.bake("Hello World", recipe);
console.log(result.toString());
```## 高度な技術

Operation: Magic Input: Unknown encoded data Output: Automatically detected and decoded

Intensive mode

Intensive: true Extensive language support: true Depth: 3 (number of operations to try)

Operation: Fork Split on: \n (newline) Merge: true Input: Multiple lines of data Recipe: Applied to each line separately Output: Combined results

Operation: Scatter chart X values: Column 1 Y values: Column 2 Input: CSV data Output: Interactive scatter plot

Hex dump visualization

Operation: To Hexdump Width: 16 Upper case: true Include ASCII: true

Operation: Generate network diagram Input: Network connection logs Output: Visual network topology

Timeline visualization

Operation: Timeline Date field: timestamp Event field: event_type Input: Log data with timestamps

```bash
# Use CyberChef for data preprocessing
# Example: Decode base64 logs before indexing

# Splunk search command
|eval decoded_data = base64decode(encoded_field)
|eval hash_value = md5(decoded_data)

# CyberChef recipe equivalent:
# 1. From Base64
# 2. MD5
```### SIEMインテグレーション
```json
\\\{
  "processors": [
    \\\{
      "script": \\\{
        "source": "ctx.decoded = Base64.getDecoder().decode(ctx.encoded_field)"
      \\\}
    \\\}
  ]
\\\}
```**ELK Stackインテグレーション:**

Extract indicators from reports

Recipe:

  1. Regular expression (IP addresses)
  2. Regular expression (Domain names)
  3. Regular expression (File hashes)
  4. Defang URLs
  5. Format as CSV

Input: Threat intelligence report Output: Structured IOC list

Deobfuscate malware samples

Recipe:

  1. From Base64
  2. Gunzip
  3. From Hex
  4. XOR (key: 0x42)
  5. Extract strings
  6. Regular expression (URLs/IPs)

Input: Obfuscated malware Output: Deobfuscated code with IOCs

Multi-layer encoding

Recipe:

  1. From Base64
  2. URL Decode
  3. From Hex
  4. ROT13
  5. Atbash cipher

Steganography analysis

Recipe:

  1. Extract LSB
  2. From Binary
  3. Gunzip
  4. From Base64

Cryptanalysis chain

Recipe:

  1. Frequency distribution
  2. Index of Coincidence
  3. Kasiski examination
  4. Vigenère decode (guessed key)

Large file processing

  • Use “Drop bytes” to reduce size
  • Process in chunks using “Split”
  • Disable auto-bake for large operations

Memory issues

  • Clear input/output regularly
  • Use streaming operations when available
  • Restart browser if memory usage high

Character encoding problems

  • Check input encoding (UTF-8, Latin1, etc.)
  • Use “Detect encoding” operation
  • Convert between encodings as needed

Binary data handling

  • Use hex input for binary data
  • Check byte order (little/big endian)
  • Verify file headers and signatures

Debug failed recipes

  • Check each operation individually
  • Verify input format matches expected
  • Use “To Hex” to inspect intermediate results
  • Check operation parameters

Error messages

  • “Invalid input”: Check data format
  • “Key length”: Verify encryption key size
  • “Parse error”: Check syntax for regex/JSON

Start simple

  1. Test each operation individually
  2. Build recipe step by step
  3. Verify intermediate outputs
  4. Document recipe purpose

Error handling

  • Use “Drop bytes” to handle extra data
  • Add “Try” operations for uncertain steps
  • Include fallback operations

Sensitive data handling

  • Use local installation for sensitive data
  • Clear browser cache after use
  • Avoid cloud-hosted instances for secrets
  • Use HTTPS for web access

Data validation

  • Verify output makes sense
  • Cross-check with other tools
  • Test with known good data
  • Document assumptions and limitations

この包括的なCyberChefチートシートは、効果的なセキュリティ分析と調査のためのデータ変換、暗号解析、フォレンジック、自動化技術をカバーしています。