docker.recipes

CyberChef

beginner

Web app for encoding, encryption, and data analysis.

Overview

CyberChef is an open-source web application developed by GCHQ that functions as a "Cyber Swiss Army Knife" for data analysis and manipulation. Originally created by intelligence analysts, it provides an intuitive drag-and-drop interface for performing complex encoding, encryption, compression, data format conversion, and analysis operations without requiring programming knowledge. The tool supports over 300 operations ranging from simple base64 encoding to advanced cryptographic functions and forensic analysis techniques. This Docker deployment uses the mpepping/cyberchef image to containerize the entire CyberChef application, making it accessible through a web browser on port 8000. The containerized approach ensures consistent performance across different environments while maintaining the tool's full functionality including its signature "recipe" system that allows users to chain multiple operations together in sequence. CyberChef processes all data client-side within the browser, ensuring sensitive information never leaves the local environment. Security professionals, digital forensics investigators, malware analysts, and CTF participants will find this deployment particularly valuable for rapid data analysis workflows. The containerized setup eliminates installation complexity while providing a standardized environment for teams to share analysis recipes and collaborate on data transformation tasks. Development teams also benefit from having a centralized instance for debugging encoded data, analyzing API responses, and reverse-engineering data formats during application development.

Key Features

  • Over 300 built-in operations including Base64, AES encryption, hash functions, compression algorithms, and regular expression processing
  • Visual recipe builder with drag-and-drop interface for chaining multiple data transformation operations
  • Real-time data processing with immediate output preview as operations are added or modified
  • Recipe sharing functionality allowing users to export and import complex operation chains as JSON
  • Magic operation that automatically detects and suggests appropriate decoding methods for unknown data formats
  • Hexdump viewer with customizable byte grouping and ASCII representation for binary data analysis
  • Built-in diff tool for comparing multiple data sets and highlighting differences
  • Extensive format support including JSON, XML, protobuf, various image formats, and network packet data

Common Use Cases

  • 1Digital forensics teams analyzing extracted files, memory dumps, and network traffic captures
  • 2Cybersecurity analysts decoding malicious payloads and reverse-engineering attack vectors
  • 3CTF competition participants solving encoding puzzles and cryptographic challenges
  • 4Development teams debugging API responses, JWT tokens, and encoded configuration data
  • 5Penetration testers crafting payloads and analyzing captured authentication tokens
  • 6Data recovery specialists working with corrupted or partially encoded file systems
  • 7Network administrators analyzing packet captures and troubleshooting protocol-level issues

Prerequisites

  • Docker and Docker Compose installed on the host system
  • Minimum 512MB RAM available for the container and browser-based processing
  • Port 8000 available and not conflicting with other services
  • Modern web browser with JavaScript enabled for client-side data processing
  • Basic understanding of encoding formats and cryptographic concepts for effective tool usage
  • Network access to pull the mpepping/cyberchef Docker image from Docker Hub

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  cyberchef: 
3    image: mpepping/cyberchef:latest
4    container_name: cyberchef
5    restart: unless-stopped
6    ports: 
7      - "8000:8000"

.env Template

.env
1# No configuration needed

Usage Notes

  1. 1Access at http://localhost:8000
  2. 2Chain multiple operations
  3. 3Data encoding/decoding

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  cyberchef:
5    image: mpepping/cyberchef:latest
6    container_name: cyberchef
7    restart: unless-stopped
8    ports:
9      - "8000:8000"
10EOF
11
12# 2. Create the .env file
13cat > .env << 'EOF'
14# No configuration needed
15EOF
16
17# 3. Start the services
18docker compose up -d
19
20# 4. View logs
21docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/cyberchef/run | bash

Troubleshooting

  • Browser displays 'This site can't be reached' error: Verify the container is running with 'docker ps' and check if port 8000 is blocked by firewall rules
  • CyberChef interface loads but operations fail silently: Clear browser cache and cookies, as cached JavaScript files may conflict with the containerized version
  • Large file processing causes browser to freeze: CyberChef processes data client-side, so increase browser memory limits or split large files into smaller chunks
  • Recipe sharing produces 'Invalid recipe' errors: Ensure the exported recipe JSON is complete and wasn't truncated during copy-paste operations
  • Container fails to start with port binding error: Another service is using port 8000, either stop the conflicting service or modify the port mapping to use an alternative port
  • Magic operation suggestions appear incorrect: The detection algorithm works best with complete data samples, try providing more context or manually select the appropriate operation

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

cyberchef

Tags

#cyberchef#encoding#encryption#analysis

Category

Development Tools

Related Recipes

Ad Space