Cuckoo Package Description

Cuckoo Sandbox is a malware analysis system. You can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Cuckoo generates a handful of different raw data which include:

  • Native functions and Windows API calls traces
  • Copies of files created and deleted from the filesystem
  • Dump of the memory of the selected process
  • Full memory dump of the analysis machine
  • Screenshots of the desktop during the execution of the malware analysis
  • Network dump generated by the machine used for the analysis.

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

  • JSON report
  • HTML report
  • MAEC report
  • MongoDB interface
  • HPFeeds interface

Cuckoo Homepage | Kali Cuckoo Repo

  • Author: Cuckoo Sandbox Developers
  • License: GPLv3

Tools included in the cuckoo package

cuckoo – Automated dynamic malware analysis system

root@kali:~# cuckoo --help
Usage: cuckoo [OPTIONS] COMMAND [ARGS]...

  Invokes the Cuckoo daemon or one of its subcommands.

  To be able to use different Cuckoo configurations on the same machine with
  the same Cuckoo installation, we use the so-called Cuckoo Working
  Directory (aka "CWD"). A default CWD is available, but may be overridden
  through the following options - listed in order of precedence.

  * Command-line option (--cwd)
  * Environment option ("CUCKOO_CWD")
  * Environment option ("CUCKOO")
  * Current directory (if the ".cwd" file exists)
  * Default value ("~/.cuckoo")

  -d, --debug             Enable verbose logging
  -q, --quiet             Only log warnings and critical messages
  --nolog                 Don't log to file.
  -m, --maxcount INTEGER  Maximum number of analyses to process
  --user TEXT             Drop privileges to this user
  --cwd TEXT              Cuckoo Working Directory
  --help                  Show this message and exit.

  api          Operate the Cuckoo REST API.
  clean        Clean the CWD and associated databases.
  community    Fetch supplies from the Cuckoo Community.
  distributed  Distributed Cuckoo helper utilities.
  dnsserve     Custom DNS server.
  import       Imports an older Cuckoo setup into a new CWD.
  init         Initializes Cuckoo and its configuration.
  machine      Dynamically add/remove machines.
  migrate      Perform database migrations.
  process      Process raw task data into reports.
  rooter       Instantiates the Cuckoo Rooter.
  submit       Submit one or more files or URLs to Cuckoo.
  web          Operate the Cuckoo Web Interface.

Cuckoo Usage Example

root@kali:~# coming soon