GitHub - gchq/CyberChef-server: A server providing RESTful access to CyberChef
Skip to content

gchq/CyberChef-server

Repository files navigation

CyberChef server

Gitter

Run CyberChef in a server and provide an API for clients to send Cyberchef recipes to bake.

Motivation

CyberChef has a useful Node.js API, but sometimes we want to be able to programmatically run CyberChef recipes in languages other than JavaScript. By running this server, you can use CyberChef operations in any language, as long as you can communicate via HTTP.

Example use

Assuming you've downloaded the repository and are running it locally:

curl -X POST -H "Content-Type:application/json" -d '{"input":"... ---:.-.. --- -. --. --..--:.- -. -..:- .... .- -. -.- ...:..-. --- .-.:.- .-.. .-..:- .... .:..-. .. ... ....", "recipe":{"op":"from morse code", "args": {"wordDelimiter": "Colon"}}}' localhost:3000/bake

response:

{
    value: "SO LONG, AND THANKS FOR ALL THE FISH",
    type: "string"
}

Features

  • Compatible with recipes saved from CyberChef. After using CyberChef to experiment and find a suitable recipe, the exported recipe JSON can be used to post to the /bake endpoint. Just copy/paste it in as your recipe property as part of the POST body.

Installing

While the instructions below are straightforward, it's worth understanding what happens under the hood as quirks in the installation process can cause issues with upgrades etc. The upstream CyberChef library uses a postinstall script to manipulate some dependenciesafter installation. That postinstal script doesn't work when install CC as a dependency into another project, so we now have our own postinstall process to install the CyberChef library (hence it does not appear in the package.json dependency list).

This process can cause problems when updating libs, so the recommended approach is to remove node_modules and package-lock.json and install from scratch.

  • Clone the repository
  • cd into the project and run npm install
  • Run npm run
  • In a browser, navigate to localhost:3000 to see usage documentation.

Docker

A Docker image can be built, then run by doing the following:

  • git clone https://github.com/gchq/CyberChef-server
  • cd CyberChef-server
  • docker build -t cyberchef-server .
  • docker run -it --rm --name=cyberchef-server -p 3000:3000 cyberchef-server

API overview

For full documentation of the API, you can find the swagger page hosted at the root url. See Installing to run the application and browse the docs.

The server has two endpoints: /bake and /magic.

/bake

/bake allows a user to POST some input and configuration for a CyberChef Recipe. The application will run the input through the recipe and return the baked operation.

This endpoint accepts a POST request with the following body:

Parameter Type Description
input String The input data for the recipe. Currently accepts strings.
recipe String or Object or Array One or more operations, with optional arguments. Uses default arguments if they're not defined here.
outputType (optional) String The Data Type that you would like the result of the bake to be returned as. This will not work with File or List<File> at the moment.

Example: one operation, default arguments

{
    "input": "One, two, three, four.",
    "recipe": "to decimal"
}

Response:

{
    value: "79 110 101 44 32 116 119 111 44 32 116 104 114 101 101 44 32 102 111 117 114 46",
    type: "string"
}

For more information on how operation names are handled, see the Node API docs

Example: one operation, non-default arguments by name

{
    "input": "One, two, three, four.",
    "recipe": {
        "op": "to decimal",
        "args": {
            "delimiter": "Colon"
        }
    }
}

Response:

{
    value: "79:110:101:44:32:116:119:111:44:32:116:104:114:101:101:44:32:102:111:117:114:46",
    type: "string"
}

Example: one operation, non-default arguments by position

{
    "input": "One, two, three, four.",
    "recipe": {
        "op": "to decimal",
        "args": ["Colon"]
    }
}

Response:

{
    value: "79:110:101:44:32:116:119:111:44:32:116:104:114:101:101:44:32:102:111:117:114:46",
    type: "string"
}

Example: all together

{
    "input": "One, two, three, four.",
    "recipe": [
        {
            "op":"to decimal",
            "args": {
                "delimiter": "CRLF"
            }
        },
        {
            "op": "swap endianness",
            "args": ["Raw"]
        },
        "MD4"
    ]
}

Response:

{
    value: "31d6cfe0d16ae931b73c59d7e0c089c0",
    type: "string"
}

Example: Define outputType

toDecimal has an outputType of string. Here we are asking to translate the output to a number before returning.

{
    "input": "One, two, three, four.",
    "recipe": "to decimal",
    "outputType": "number"
}

Response:

{
    // Be wary, type conversions do not always behave as expected.
    "value": 79,
    "type": "number"
}

/magic

Find more information about what the Magic operation does here

The Magic operation cannot be used in conjunction with other applications in the /bake endpoint.

Parameter Type Description
input String The input data for the recipe. Currently accepts strings.
args Object or Array Arguments for the magic operation

Example: detecting hex

{
    "input": "4f 6e 65 2c 20 74 77 6f 2c 20 74 68 72 65 65 2c 20 66 6f 75 72 2e"
}

Response:

{
    "value": [
        {
            "recipe": [
                { "op": "From Hex", "args": [ "Space" ] }
            ],
            "data": "One, two, three, four.",
            "languageScores": [
                { "lang": "en", "score": 442.77940826119266, "probability": 2.8158586573567845e-12 },
                { "lang": "de", "score": 555.3142876037181, "probability": 0 },
                { "lang": "pl", "score": 560.9378201619123, "probability": 0 },
                ...
            ],
            "fileType": null,
            "isUTF8": true,
            "entropy": 3.5383105956150076,
            "matchingOps": [],
            "useful": false,
            "matchesCrib": null
        },
        ...
    ],
    "type":6
}

Licencing

CyberChef-server is released under the Apache 2.0 Licence and is covered by Crown Copyright.