Introducing CyberFork - The community fork of CyberChef
CyberChef is dying.
The last release was 5 months ago. There are over 100 pull requests and 300 GitHub issues.
The most upvoted pull request is 4 years old, and it has no feedback or comments on why it isn't accecpted.
A simple Docker image pull request is 3 years old, again, no feedback or acknowledgment.
This pull request transforms the application into a responsive UI. It changes over 66 files. The author spent 4 months on it. It's not merged. But more annoyingly, they didn't even get a "thank you".
Even other people think the project is dead.
π€ Why is Cyberchef dead? (Click to expand if you want)
I believe it's a conflict of interests. Likely due to the fact that Cyberchef is by GCHQ, they need to analyse the code coming in before accecpting it. They likely do not have time to do this while saving the world, so they don't.
Because Cyberchef is made by passionate people (big up n1474335) they want to continue the open source product.
This likely creates 2 products, an internal one with little updates and an external one with a lot of updates that they can't use internally without extensive security analysis.
The maintainers cannot really work on the open source side, because what is the point? They can't use it internally. They can't quit their job and go full time either. The IP is not owned by them, and the rulebooks of spy organisations are a little different to that of Apples or Googles.
To add fuel to the fire there is also a risk they take a pull request with malicious code, or even a pull request from a country that the UK does not like. Not a good luck for GCHQ.
The work done by n1474335 and GCHQ is fantastic, and I am sure it hurts them to try balancing an open source product like Cyberchef with their super secretive spy life and their super secretive employer.
This fork is more "look at how great Cyberchef can become with open source contributions" rather than a "we hate GCHQ" Hashicorp-style fork.
So, we have taken it upon ourselves to fork Cyberchef and serve the open source community.
Who are we?
Hi, my name's Autumn. You may know me as Bee (my hacker name, as they say).
I am likely most known for my open source work (see my inventions below):
and as well as....
- One of the original members of TryHackMe
- This blog has been on Hackernews a few times π
- I ran a popular punk rock Tumblr blog back in the day, but unlikely anyone knows me from that...
I couldn't do any of my open source alone, of course. Over the years I've made friends with some very nice people who always contribute, and are always down to building the next greatest cybertool.
After speaking with them, attending Blackhat Europe, and seeing what what we think should be built next, we decided a fork would be better.
This makes sense for us. Some of our tools are direct competitors to Cyberchef.
- Ciphey (now Ares) is a competitor to Cyberchef magic.
- Name-that-hash is a competitor to Cyberchef's "identify hash".
We even have tools which would be very useful in Cyberchef, like PyWhat (Webassembl/Rust version is Lemmeknow).
I believe we have the right skillset and passion to take Cyberchef to the next level π₯
Want to talk to us? Come to our Discord!
Alternatively you can talk to me on Twitter.
Some changes
We've already taken in some pull requests and made a few changes, like:
- Added support for JQ, so now you can process & transform JSON in CyberFork!
- Added a new Cut operation which behaves similarly to awk and cut.
- Adds JSWhat, The Javscript version of my PyWhat to identify anything.
- Have data in YAML etc? There's new operations to transform it into JSON. You can now do YAML -> JSON -> JQ.
- Your data is formatted, but not JSON etc? Use Cut!
- π There's now a Dockerfile
Added a bunch of cryptocurrency operations like:
- Extracting certain types of cryptocurrency addresses, private keys and seedphrases from text.
- Breaking down extended keys into their component parts.Turning a Secp256k1 public key into a cryptocurrency address (right now, BTC or ETH only).
- Private Key <-> WIF (Wallet Import Format) Key.
- Attempt to determine the type of Cryptocurrency artifac .
- Private Secp256k1 key to Public Key.
- Seedphrase to Seed.
- Change the version of an extended key.
- Converts seed to a master key.
- Decrypts an Ethereum Keystore File, given password.
Click here for everything else we've added
- Chromedriver is updated, so CI now works again!
- Added FangURL operation
- Added new operation to get Public Key from Private Key
- New operation to convert XML data to JSON format
- Added a Dev container so you can deploy a GitHub codespace
- You can now set logging levels via the URI param
- Fixed ChaCha operation for Raw output
- It's slightly more accessible (it wouldn't be a Bee project if it wasn't!)
- Add X.509 output formats
- Add "XOR Checksum" operation
- Add Base92 operations
- Added an operation to handle Yubikey's ModHex.
- New GitHub actions deployment system
- LZNT1 Decompression
- Fixed a bug where the IPv6 regex matched on IPv4
And since I know you love to be nosey, here's the analytics webpage. We're using SimpleAnalytics which is a cookie-less GDPR friendly analytics suite.
CyberChef from GCHQ uses Google Analytics.
Can we trust you?
A big question people had when Cyberchef released was:
How do we trust GCHQ isn't spying on the data we put into the application?
You may want to ask us the same thing.
Can you trust us?
No.
There are a million things I could do to steal your data. I am not going to, but I am not going to lie to you.
However, we did merge the Docker image pull request so you can easily deploy this locally now.
You can even run it on an airgapped system if you really don't trust me. The world is your oyster!
Alternativelty our code is open source and the build system (GitHub pages) is right there and the same one that GCHQ used, except instead of Google Analytics we use SimpleAnalytics.
SimpleAnalytics doesn't store individual user metrics, but rather aggregates. Also it respects do not track. Basically, it's analytics which respect you.
So I can put on my CV "forked a website which now gets 100 views a day" in all honesty.
Thanks
A very heartfelt thanks to n1474335 for all their work (assuming they are the original author... The blog posts releasing Cyberchef are secretive π).
Bigger thanks to everyone over in my Discord.
- SkeletalDemise, lead Cryptographer of many of the projects we've worked on together.
- Swandx and