# Use the official Python 3.8 image as the base
FROM python:3.8

# Set environment variables to avoid interactive prompts
ENV DEBIAN_FRONTEND=noninteractive
# Set the container hostname
ENV HOSTNAME=volatility-box

# Install OS dependencies
RUN apt-get update && apt-get install -y apt-utils
RUN apt-get update && apt-get install -y \
    git \
    openssh-server \
    sudo \
    vim \
    zsh \
    man \
    curl \
    wget \
    unzip zip \
    exiftool \
    graphviz \
    && rm -rf /var/lib/apt/lists/*

# Create a user with sudo privileges
RUN useradd -m -s /bin/bash forensic && echo "forensic:forensic" | chpasswd && adduser forensic sudo

# Add forensic user to sudoers file with NOPASSWD option
RUN echo "forensic ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# Define build argument for architecture detection
ARG TARGETPLATFORM
RUN echo "Building for platform: $TARGETPLATFORM"

# Set up SSH
RUN mkdir /var/run/sshd
RUN echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
RUN echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

# Generate SSH host keys
RUN ssh-keygen -A

# Install Volatility 2
RUN git clone https://github.com/volatilityfoundation/volatility.git /opt/volatility2 && \
    ln -s /usr/bin/python2 /usr/bin/python && \
    chmod +x /opt/volatility2/vol.py

# Enable contrib and non-free repositories (for Debian image base)
#RUN sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list && \
#    apt-get update

# Install Volatility required dependencies including development tools
RUN apt-get update && apt-get install -y \
    python3-dev \
    build-essential \
    python3-yara \
    libssl-dev\
    yara \
    libyara-dev \
    libntirpc-dev

# Install Volatility 3 from git
RUN git clone https://github.com/volatilityfoundation/volatility3.git /opt/volatility3 && \
    chmod +x /opt/volatility3/vol.py

# Create a shared folder for memory dumps
RUN mkdir /shared && chmod 777 /shared

# Change the default shell for the forensic user to zsh
RUN chsh -s /bin/zsh forensic

# Install Oh My Zsh for the forensic user
USER forensic
RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" \
    && rm -rf /home/forensic/.oh-my-zsh/custom/themes/robbyrussell.zsh-theme

# On macOS (arm, tested)
RUN pip3 install -U git+https://github.com/VirusTotal/yara-python
RUN curl -fsSL https://sh.rustup.rs -o /tmp/rustup.sh
RUN sh /tmp/rustup.sh -y
RUN rm /tmp/rustup.sh
RUN sh -c "PATH=$PATH:$HOME/.cargo/bin"

# Install Python3 dependencies
RUN pip3 install --upgrade setuptools pip
RUN pip3 install distorm3 yara-python pefile pycrypto tqdm

# Python2 installation (from source code)
# Download source tarball into a subfolder named src, and untar:
USER root
WORKDIR /tmp
# Get Pyhton2.7.14 and build it from source
RUN wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz
RUN tar xvf Python-2.7.14.tgz
WORKDIR /tmp/Python-2.7.14
# Apply this patch to bypass SSL error 
RUN wget https://gist.githubusercontent.com/rkitover/2d9e5baff1f1cc4f2618dee53083bd35/raw/7f33fcf5470a9f1013ac6ae7bb168368a98fe5a0/python-2.7.14-custom-static-openssl.patch
RUN git apply python-2.7.14-custom-static-openssl.patch
RUN mkdir /opt/python-2.7.14
RUN ./configure --prefix=/opt/python-2.7.14

RUN for f in \
    rpc/rpc.h \
    rpc/types.h \
    rpc/xdr.h \
    rpc/tirpc_compat.h \
    rpc/auth.h \
    rpc/rpc_error.h \
    rpc/rpc_err.h \
    rpc/clnt_stat.h \
    rpc/auth_stat.h \
    rpc/clnt.h \
    rpc/svc.h \
    rpc/rpc_msg.h \
    rpc/work_pool.h \
    rpc/pool_queue.h \
    rpc/auth_unix.h \
    rpc/rpcb_clnt.h \
    rpc/rpcb_prot.h \
    rpc/rpcent.h \
    ; do ln -sf /usr/include/ntirpc/$f /usr/include/rpc/; done && \
    for f in \
    misc/stdio.h \
    misc/rbtree.h \
    misc/opr.h \
    misc/wait_queue.h \
    misc/queue.h \
    misc/portable.h \
    misc/timespec.h \
    misc/os_epoll.h \
    ; do ln -sf /usr/include/ntirpc/$f /usr/include/misc/; done && \
    for f in \
    netconfig.h \
    intrinsic.h \
    reentrant.h \
    ; do ln -sf /usr/include/ntirpc/$f /usr/include/; done

RUN make
RUN make install
RUN sh -c "ln -sf /opt/python-2.7.14/bin/* /usr/bin/."

# Make sure the latest setuptools and pip are installed:
RUN /opt/python-2.7.14/bin/python2 -m ensurepip
# Install pip for Python 2 manually
RUN curl -fsSL https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py && \
    /opt/python-2.7.14/bin/python2 get-pip.py && \
    rm get-pip.py
# Install Vol2 dependendices
RUN /opt/python-2.7.14/bin/pip2 install distorm3 pycrypto pefile yara-python

# Set up a default .zshrc configuration for the forensic user
RUN echo "PATH=$PATH:/opt/python-2.7.14/bin:/home/forensic/.local/bin" >> /home/forensic/.zshrc
RUN echo "export LD_LIBRARY_PATH=/opt/python-2.7.10/lib:$LD_LIBRARY_PATH" >> /home/forensic/.zshrc
RUN sh -c "export LD_LIBRARY_PATH=/opt/python-2.7.10/lib:$LD_LIBRARY_PATH"
RUN echo "LANGUAGE=en_US.UTF-8" >> /home/forensic/.zshrc
RUN echo "LC_CTYPE=en_US.UTF-8" >> /home/forensic/.zshrc
RUN echo "LC_ALL=en_US.UTF-8" >> /home/forensic/.zshrc

RUN chown forensic:forensic -R /opt

RUN echo "alias volatility2='/usr/bin/python2 /opt/volatility2/vol.py'" >> /home/forensic/.zshrc && \
    echo "alias volatility3='/usr/bin/python3 /opt/volatility3/vol.py'" >> /home/forensic/.zshrc && \
    echo "alias vol2='volatility2'" >> /home/forensic/.zshrc && \
    echo "alias vol3='volatility3'" >> /home/forensic/.zshrc && \
    echo "alias grep='grep --color=auto'" >> /home/forensic/.zshrc

# Install r2
WORKDIR /opt
RUN git clone https://github.com/radareorg/radare2.git
RUN /opt/radare2/sys/install.sh
RUN pip3 install r2pipe

# Install readpe
WORKDIR /opt
RUN git clone https://github.com/mentebinaria/readpe.git
WORKDIR /opt/readpe
RUN make
RUN make install
RUN echo "/usr/local/lib" >> /etc/ld.so.conf.d/libpe.conf
RUN ldconfig

# Expose SSH port
EXPOSE 22

# Start SSH service
CMD ["/usr/sbin/sshd", "-D"]