Cuckoo Package Description
Cuckoo Sandbox is a malware analysis system. You can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
Cuckoo generates a handful of different raw data which include:
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Full memory dump of the analysis machine
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis.
In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:
- JSON report
- HTML report
- MAEC report
- MongoDB interface
- HPFeeds interface
Source: https://github.com/cuckoosandbox
Cuckoo Homepage | Kali Cuckoo Repo
- Author: Cuckoo Sandbox Developers
- License: GPLv3
Tools included in the cuckoo package
cuckoo – Automated dynamic malware analysis system
root@kali:~# cuckoo --help
Usage: cuckoo [OPTIONS] COMMAND [ARGS]...
Invokes the Cuckoo daemon or one of its subcommands.
To be able to use different Cuckoo configurations on the same machine with
the same Cuckoo installation, we use the so-called Cuckoo Working
Directory (aka "CWD"). A default CWD is available, but may be overridden
through the following options - listed in order of precedence.
* Command-line option (--cwd)
* Environment option ("CUCKOO_CWD")
* Environment option ("CUCKOO")
* Current directory (if the ".cwd" file exists)
* Default value ("~/.cuckoo")
Options:
-d, --debug Enable verbose logging
-q, --quiet Only log warnings and critical messages
--nolog Don't log to file.
-m, --maxcount INTEGER Maximum number of analyses to process
--user TEXT Drop privileges to this user
--cwd TEXT Cuckoo Working Directory
--help Show this message and exit.
Commands:
api Operate the Cuckoo REST API.
clean Clean the CWD and associated databases.
community Fetch supplies from the Cuckoo Community.
distributed Distributed Cuckoo helper utilities.
dnsserve Custom DNS server.
import Imports an older Cuckoo setup into a new CWD.
init Initializes Cuckoo and its configuration.
machine Dynamically add/remove machines.
migrate Perform database migrations.
process Process raw task data into reports.
rooter Instantiates the Cuckoo Rooter.
submit Submit one or more files or URLs to Cuckoo.
web Operate the Cuckoo Web Interface.
Cuckoo Usage Example
root@kali:~# coming soon
root@kali:~# cuckoo --help
Usage: cuckoo [OPTIONS] COMMAND [ARGS]...
Invokes the Cuckoo daemon or one of its subcommands.
To be able to use different Cuckoo configurations on the same machine with
the same Cuckoo installation, we use the so-called Cuckoo Working
Directory (aka "CWD"). A default CWD is available, but may be overridden
through the following options - listed in order of precedence.
* Command-line option (--cwd)
* Environment option ("CUCKOO_CWD")
* Environment option ("CUCKOO")
* Current directory (if the ".cwd" file exists)
* Default value ("~/.cuckoo")
Options:
-d, --debug Enable verbose logging
-q, --quiet Only log warnings and critical messages
--nolog Don't log to file.
-m, --maxcount INTEGER Maximum number of analyses to process
--user TEXT Drop privileges to this user
--cwd TEXT Cuckoo Working Directory
--help Show this message and exit.
Commands:
api Operate the Cuckoo REST API.
clean Clean the CWD and associated databases.
community Fetch supplies from the Cuckoo Community.
distributed Distributed Cuckoo helper utilities.
dnsserve Custom DNS server.
import Imports an older Cuckoo setup into a new CWD.
init Initializes Cuckoo and its configuration.
machine Dynamically add/remove machines.
migrate Perform database migrations.
process Process raw task data into reports.
rooter Instantiates the Cuckoo Rooter.
submit Submit one or more files or URLs to Cuckoo.
web Operate the Cuckoo Web Interface.
Usage: cuckoo [OPTIONS] COMMAND [ARGS]...
Invokes the Cuckoo daemon or one of its subcommands.
To be able to use different Cuckoo configurations on the same machine with
the same Cuckoo installation, we use the so-called Cuckoo Working
Directory (aka "CWD"). A default CWD is available, but may be overridden
through the following options - listed in order of precedence.
* Command-line option (--cwd)
* Environment option ("CUCKOO_CWD")
* Environment option ("CUCKOO")
* Current directory (if the ".cwd" file exists)
* Default value ("~/.cuckoo")
Options:
-d, --debug Enable verbose logging
-q, --quiet Only log warnings and critical messages
--nolog Don't log to file.
-m, --maxcount INTEGER Maximum number of analyses to process
--user TEXT Drop privileges to this user
--cwd TEXT Cuckoo Working Directory
--help Show this message and exit.
Commands:
api Operate the Cuckoo REST API.
clean Clean the CWD and associated databases.
community Fetch supplies from the Cuckoo Community.
distributed Distributed Cuckoo helper utilities.
dnsserve Custom DNS server.
import Imports an older Cuckoo setup into a new CWD.
init Initializes Cuckoo and its configuration.
machine Dynamically add/remove machines.
migrate Perform database migrations.
process Process raw task data into reports.
rooter Instantiates the Cuckoo Rooter.
submit Submit one or more files or URLs to Cuckoo.
web Operate the Cuckoo Web Interface.
Cuckoo Usage Example
root@kali:~# coming soon