feat: add neovim, ImHex, upx, unblob, p7zip; fix X11 and GDB support

- Add neovim, ImHex, upx, p7zip-full, unblob to the image
- Fix X11 GUI: add xcb/GL/EGL libs, switch to openjdk-21-jdk (non-headless)
- Add CTF_UID/CTF_GID build args (default 1000) for X11 socket permissions
- Remove default ubuntu user to free UID 1000 for ctf user
- Add --cap-add=SYS_PTRACE to all docker run examples for GDB
- Optimize Dockerfile: BuildKit cache mounts, merge layers, fewer RUN steps
- Update README.md and CLAUDE.md with new tools and usage instructions

Author: gl0bal01

CLAUDE.md

@@ -4,19 +4,22 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Project Overview
 
-A Docker image for CTF pwn/reverse-engineering. Single Dockerfile (Ubuntu 24.04) with 40+ pre-installed tools, a non-root `ctf` user, and GDB plugin switching.
+A Docker image for CTF pwn/reverse-engineering. Single Dockerfile (Ubuntu 24.04) with 45+ pre-installed tools, a non-root `ctf` user (UID configurable via build args), and GDB plugin switching.
 
 ## Build & Run
 
 ```bash
 # Build
 docker build -t pwndocker-reverse .
 
-# Run interactively
-docker run -it --rm -v $(pwd):/ctf pwndocker-reverse
+# Build with custom UID/GID (if host UID is not 1000)
+docker build --build-arg CTF_UID=$(id -u) --build-arg CTF_GID=$(id -g) -t pwndocker-reverse .
 
-# Run with X11 (for Ghidra, Cutter, IDA, Binary Ninja, jd-gui)
-docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v $(pwd):/ctf pwndocker-reverse
+# Run interactively (--cap-add=SYS_PTRACE needed for GDB)
+docker run -it --rm --cap-add=SYS_PTRACE -v $(pwd):/ctf pwndocker-reverse
+
+# Run with X11 (for Ghidra, Cutter, IDA, Binary Ninja, jd-gui, ImHex)
+docker run -it --rm --cap-add=SYS_PTRACE -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v $(pwd):/ctf pwndocker-reverse
 ```
 
 ## Architecture
@@ -25,15 +28,15 @@ Single `Dockerfile` with 13 logical layers, organized by purpose:
 
 | Layer | Contents |
 |---|---|
-| 1. Base | Ubuntu 24.04, system deps, multilib, X11, JDK 21, QEMU user-mode, wabt |
-| 2-4. Python | pwntools, angr, qiling, ropper, ROPgadget, binary-refinery, frida-tools (pipx). Libraries (capstone, keystone, unicorn, z3, yara, r2pipe) injected into pwntools venv |
+| 1. Base | Ubuntu 24.04, system deps, multilib, X11/GL, JDK 21, QEMU user-mode, wabt, neovim, upx, p7zip |
+| 2-4. Python | pwntools, angr, qiling, ropper, ROPgadget, binary-refinery, frida-tools, unblob (pipx). Libraries (capstone, keystone, unicorn, z3, yara, r2pipe) injected into pwntools venv |
 | 5. Pip/Manual | binwalk, hash-identifier, opengrep |
 | 6. Ruby | one_gadget, seccomp-tools |
 | 7. GDB | pwndbg, GEF, PEDA + switcher (`gdb-pwndbg`, `gdb-gef`, `gdb-peda`, `gdb-switch`) |
-| 8. RE | radare2, rizin, Cutter, Ghidra, retdec, IDA Free, Binary Ninja Free, pycdc, jd-gui |
+| 8. RE | radare2, rizin, Cutter, Ghidra, retdec, IDA Free, Binary Ninja Free, ImHex, pycdc, jd-gui |
 | 9. Fuzzing | AFL++, villoc |
 | 10. Workflow | libc-database (`libc-find`, `libc-identify`, `libc-dump`), pwninit |
-| 11-13. User | `ctf` user with sudo, oh-my-zsh, pre-populated history, helper scripts, MOTD |
+| 11-13. User | `ctf` user (UID/GID configurable via `CTF_UID`/`CTF_GID` build args, default 1000) with sudo, oh-my-zsh, pre-populated history, helper scripts, MOTD |
 
 ## File Structure
 
@@ -54,3 +57,6 @@ Single `Dockerfile` with 13 logical layers, organized by purpose:
 - **Ghidra zip is platform-independent** — no "linux" in the asset name, jq filter uses `endswith(".zip")` + `test("PUBLIC")`
 - **decomp2dbg deferred** — requires interactive `--install` step; noted in MOTD for manual setup
 - **libc-database replaces Docker-in-Docker multi-glibc** — the original approach was broken by design
+- **`CTF_UID`/`CTF_GID` build args** — default 1000 to match most Linux hosts; avoids X11 socket permission issues
+- **`openjdk-21-jdk` (not headless)** — Ghidra needs AWT/Swing for its GUI
+- **`--cap-add=SYS_PTRACE`** — required at runtime for GDB to attach to processes

Dockerfile

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM ubuntu:24.04
 LABEL maintainer="you@example.com"
 
@@ -8,38 +9,47 @@ ENV DEBIAN_FRONTEND=noninteractive \
     PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
 
 # Layer 1: System packages
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+    apt-get update && apt-get install -y --no-install-recommends \
         build-essential cmake nasm gcc-multilib g++-multilib meson ninja-build liblzma-dev elfutils \
         wabt \
         libc6-i386 libc6-dev-i386 \
         gdb-multiarch patchelf strace ltrace \
         xxd binutils file less hexedit \
         curl wget socat netcat-openbsd nmap tcpdump tshark lsof \
-        git unzip jq tmux zsh vim sudo procps bsdmainutils libfuse2 zstd \
-        x11-apps libx11-dev libgl1 libegl-mesa0 libglx-mesa0 libosmesa6 \
-        openjdk-21-jdk-headless \
+        git unzip p7zip-full jq tmux zsh vim neovim sudo procps bsdmainutils libfuse2 zstd upx \
+        x11-apps libx11-dev libgl1 libegl1 libegl-mesa0 libglx-mesa0 libosmesa6 libopengl0 \
+        libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render-util0 \
+        libxcb-render0 libxcb-shape0 libxcb-xinerama0 libxcb-xkb1 \
+        libxkbcommon-x11-0 libxkbcommon0 \
+        openjdk-21-jdk \
         qemu-user qemu-user-static \
         llvm llvm-dev clang lld \
         python3 python3-dev python3-pip python3-venv pipx \
-        ruby-dev \
-    && rm -rf /var/lib/apt/lists/*
+        ruby-dev
 
-# Layer 2: Python pwn tools (pipx)
-RUN pipx install pwntools
-RUN pipx install ropper
-RUN pipx install ropgadget
-RUN pipx install angr
-RUN pipx install qiling
+# Layer 2: Python pwn tools (pipx) — merged into fewer layers
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pipx install pwntools \
+    && pipx install ropper \
+    && pipx install ropgadget \
+    && pipx install angr \
+    && pipx install qiling
 
 # Layer 3: Python libraries (injected into pwntools venv)
-RUN pipx inject pwntools capstone keystone-engine unicorn z3-solver yara-python r2pipe
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pipx inject pwntools capstone keystone-engine unicorn z3-solver yara-python r2pipe
 
 # Layer 4: Python CLI tools (pipx)
-RUN pipx install binary-refinery
-RUN pipx install frida-tools
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pipx install binary-refinery \
+    && pipx install frida-tools \
+    && pipx install unblob
 
 # Layer 5: Python tools (pip/manual)
-RUN pip install --break-system-packages binwalk
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --break-system-packages binwalk
 
 RUN git clone --depth=1 https://github.com/blackploit/hash-identifier /opt/hash-identifier \
     && ln -s /opt/hash-identifier/hash-id.py /usr/local/bin/hash-identifier \
@@ -57,9 +67,8 @@ RUN gem install one_gadget seccomp-tools
 RUN git clone --depth=1 https://github.com/pwndbg/pwndbg /opt/pwndbg \
     && cd /opt/pwndbg && ./setup.sh
 
-RUN git clone --depth=1 https://github.com/hugsy/gef /opt/gef
-
-RUN git clone --depth=1 https://github.com/longld/peda /opt/peda
+RUN git clone --depth=1 https://github.com/hugsy/gef /opt/gef \
+    && git clone --depth=1 https://github.com/longld/peda /opt/peda
 
 # GDB switcher and wrapper scripts
 COPY config/gdb-pwndbg config/gdb-gef config/gdb-peda config/gdb-switch /usr/local/bin/
@@ -116,6 +125,15 @@ RUN wget -qO /tmp/binaryninja_free.zip "https://cdn.binary.ninja/installers/bina
     && ln -s /opt/binaryninja/binaryninja /usr/local/bin/binaryninja \
     && rm /tmp/binaryninja_free.zip
 
+# ImHex (hex editor for RE)
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+    curl -s https://api.github.com/repos/WerWolv/ImHex/releases/latest \
+    | jq -r '.assets[] | select(.name | test("Ubuntu.*24\\.04.*\\.deb$")) | .browser_download_url' \
+    | head -1 | xargs wget -qO /tmp/imhex.deb \
+    && apt-get update && apt-get install -y --no-install-recommends /tmp/imhex.deb \
+    && rm /tmp/imhex.deb
+
 # pycdc (Python bytecode decompiler)
 RUN git clone --depth=1 https://github.com/zrax/pycdc /tmp/pycdc \
     && mkdir /tmp/pycdc/build && cd /tmp/pycdc/build \
@@ -124,11 +142,11 @@ RUN git clone --depth=1 https://github.com/zrax/pycdc /tmp/pycdc \
     && rm -rf /tmp/pycdc
 
 # jd-gui (Java decompiler)
+COPY config/jd-gui /usr/local/bin/jd-gui
 RUN mkdir -p /opt/jd-gui \
     && wget -qO /opt/jd-gui/jd-gui.jar \
-       "https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar"
-COPY config/jd-gui /usr/local/bin/jd-gui
-RUN chmod +x /usr/local/bin/jd-gui
+       "https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar" \
+    && chmod +x /usr/local/bin/jd-gui
 
 # Layer 9: Fuzzing & Dynamic Analysis
 
@@ -156,20 +174,22 @@ RUN curl -s https://api.github.com/repos/io12/pwninit/releases/latest \
     && chmod +x /usr/local/bin/pwninit
 
 # Layer 11: User Setup & Shell
-RUN useradd -m -s /bin/zsh -G sudo ctf \
+ARG CTF_UID=1000
+ARG CTF_GID=1000
+RUN userdel -r ubuntu 2>/dev/null; groupdel ubuntu 2>/dev/null; true \
+    && groupadd -f -g ${CTF_GID} ctf \
+    && useradd -m -s /bin/zsh -u ${CTF_UID} -g ${CTF_GID} -G sudo ctf \
     && echo "ctf ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
     && mkdir -p /ctf && chown ctf:ctf /ctf
 
 # MOTD with post-build notes
 RUN echo '\n=== pwndocker-reverse ===\nNote: Run "decomp2dbg --install" for Ghidra/Cutter GDB integration.\nUse "gdb-switch {pwndbg|gef|peda}" to change default GDB plugin.\n' > /etc/motd
 
-# Layer 12: Pre-populated command history
+# Layer 12: Config files and helper scripts
 COPY config/zsh_history /home/ctf/.zsh_history
-RUN chown ctf:ctf /home/ctf/.zsh_history
-
-# Layer 13: Helper scripts
 COPY config/start-cutter.sh config/start-ghidra.sh /usr/local/bin/
-RUN chmod +x /usr/local/bin/start-cutter.sh /usr/local/bin/start-ghidra.sh
+RUN chown ctf:ctf /home/ctf/.zsh_history \
+    && chmod +x /usr/local/bin/start-cutter.sh /usr/local/bin/start-ghidra.sh
 
 USER ctf
 

README.md

@@ -4,30 +4,33 @@
 [![Docker](https://img.shields.io/badge/docker-ubuntu%2024.04-blue?logo=docker)](https://ghcr.io/gl0bal01/pwndocker-reverse)
 [![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/gl0bal01/pwndocker-reverse/blob/master/LICENSE)
 
-A single Dockerfile that bundles 40+ CTF pwn and reverse-engineering tools into one Ubuntu 24.04 image. Includes 7 disassemblers and decompilers (Ghidra, IDA Free, Binary Ninja Free, Cutter, radare2, rizin, retdec), 3 GDB plugins with instant switching, and a pre-populated command history.
+A single Dockerfile that bundles 45+ CTF pwn and reverse-engineering tools into one Ubuntu 24.04 image. Includes 7 disassemblers and decompilers (Ghidra, IDA Free, Binary Ninja Free, Cutter, radare2, rizin, retdec), 3 GDB plugins with instant switching, and a pre-populated command history.
 
 IDA Free and Binary Ninja Free are installed from their vendors' free-tier downloads. Users are responsible for compliance with each vendor's license terms.
 
 ## Why?
 
-Given Docker on the host, this image packages 40+ tools that would otherwise require separate installation steps -- Python packages, Java-based disassemblers, GDB plugins, and Ruby gems -- into a single Dockerfile.
+Given Docker on the host, this image packages 45+ tools that would otherwise require separate installation steps -- Python packages, Java-based disassemblers, GDB plugins, and Ruby gems -- into a single Dockerfile.
 
 ## Quick Start
 
 ```bash
 # Pull from GHCR (fastest)
 docker pull ghcr.io/gl0bal01/pwndocker-reverse:latest
-docker run -it --rm -v $(pwd):/ctf ghcr.io/gl0bal01/pwndocker-reverse
+docker run -it --rm --cap-add=SYS_PTRACE -v $(pwd):/ctf ghcr.io/gl0bal01/pwndocker-reverse
 
 # Or build locally
 docker build -t pwndocker-reverse .
-docker run -it --rm -v $(pwd):/ctf pwndocker-reverse
+docker run -it --rm --cap-add=SYS_PTRACE -v $(pwd):/ctf pwndocker-reverse
 
 # With X11 forwarding (requires X11 server on host -- see GUI tools section)
-docker run -it --rm \
+docker run -it --rm --cap-add=SYS_PTRACE \
   -e DISPLAY=$DISPLAY \
   -v /tmp/.X11-unix:/tmp/.X11-unix \
   -v $(pwd):/ctf pwndocker-reverse
+
+# Custom UID/GID (if your host UID is not 1000)
+docker build --build-arg CTF_UID=$(id -u) --build-arg CTF_GID=$(id -g) -t pwndocker-reverse .
 ```
 
 You land in `/ctf` as user `ctf` with sudo, oh-my-zsh, and 97 pre-loaded history entries searchable via Ctrl+R.
@@ -40,20 +43,22 @@ You land in `/ctf` as user `ctf` with sudo, oh-my-zsh, and 97 pre-loaded history
 | **Libraries** | capstone, keystone, unicorn, z3, yara, r2pipe *(in pwntools venv)* |
 | **Disassemblers / Decompilers** | Ghidra, IDA Free, Binary Ninja Free, Cutter (rizin), retdec, radare2, rizin, pycdc, jd-gui |
 | **GDB** | pwndbg, GEF, PEDA + switcher scripts |
+| **Hex Editors** | ImHex, hexedit |
 | **Fuzzing** | AFL++ |
 | **Dynamic** | frida, strace, ltrace, villoc |
-| **Workflow** | libc-database, pwninit, patchelf, binwalk |
+| **Workflow** | libc-database, pwninit, patchelf, binwalk, unblob, upx |
 | **Analysis** | binary-refinery, opengrep, hash-identifier |
 | **Networking** | socat, ncat, tcpdump, tshark, nmap |
-| **System** | QEMU user-mode, wabt, hexedit, gdb-multiarch, oh-my-zsh |
+| **Editors** | vim, neovim |
+| **System** | QEMU user-mode, wabt, gdb-multiarch, p7zip, oh-my-zsh |
 
 ## Usage
 
 ### Typical CTF workflow
 
 ```bash
 # Start the container with your challenge directory mounted
-docker run -it --rm -v $(pwd):/ctf pwndocker-reverse
+docker run -it --rm --cap-add=SYS_PTRACE -v $(pwd):/ctf pwndocker-reverse
 
 # Analyze the binary
 checksec --file=./challenge
@@ -90,7 +95,7 @@ gdb-switch pwndbg          # set default for plain `gdb`
 Requires X11 forwarding. On Linux this works natively; on macOS install [XQuartz](https://www.xquartz.org/), on Windows install [VcXsrv](https://sourceforge.net/projects/vcxsrv/) or use WSLg.
 
 ```bash
-docker run -it --rm \
+docker run -it --rm --cap-add=SYS_PTRACE \
   -e DISPLAY=$DISPLAY \
   -v /tmp/.X11-unix:/tmp/.X11-unix \
   -v $(pwd):/ctf pwndocker-reverse