Skip to main content

A simple module for the API of the Brad Spengler fork of Cuckoo.

Project description

# cuckoo-modified-utils
Useful scripts for [Brad Spengler's fork of Cuckoo](https://github.com/spender-sandbox/cuckoo-modified)

## Requirements

- [`requests`](https://pypi.python.org/pypi/requests/) - HTTP for humans
- [`pyldfire`](https://pypi.python.org/pypi/pyldfire/) - A python module for the Wildfire API (required for
`wildfire-to-cuckoo.py` only)
- `cuckoo.py` - A basic module for interacting with the Cuckoo API (included in this repository)

## Command line scripts

Each one of these scripts will submit one or more samples to a Cuckoo sandbox, and track the task as the sample is
being analyzed. When submitting individual files, the scripts will notify you of any existing reports before submitting
a new task.

You'll need to edit each of these scripts to set the Cuckoo hostname, username, and password. There are also options for proxies and SSL certificate verification.

usage: submit-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump]
sample [sample ...]

Submits files or a URL to Cuckoo

positional arguments:
sample One or more filenames or globs, or a single URL

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory

--------------------------------------------------------------------------------

usage: tor-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump] [--user-agent USER_AGENT]
URL

Downloads a file via Tor, through a privoxy chain, and sends it to Cuckoo

positional arguments:
URL URL of the sample

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--user-agent USER_AGENT
The user agent to spoof. Default: Mozilla/5.0
(compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0;
InfoPath.2; .NET CLR 2.0.50727; WOW64)

-----------------------------------------------------------------------------

usage: wildfire-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS]
[--tor] [--procmemdump]
hash [filename]

Downloads a sample from Palo Alto Network's Wildfire service and sends it to
Cuckoo. Requires pyldfire - https://github.com/seanthegeek/pyldfire

positional arguments:
hash A MD5, SHA1, or SHA256 hash of a sample
filename The filename of the sample

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory



Project details


Release history Release notifications

This version
History Node

1.0.3

History Node

1.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
cuckoomodifiedutils-1.0.3-py2.py3-none-any.whl (6.9 kB) Copy SHA256 hash SHA256 Wheel py2.py3 Nov 11, 2016

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page