A simple module for the API of the Brad Spengler fork of Cuckoo.
Project description
# cuckoo-modified-utils
Useful scripts for [Brad Spengler's fork of Cuckoo](https://github.com/spender-sandbox/cuckoo-modified)
## Requirements
- [`requests`](https://pypi-hypernode.com/pypi/requests/) - HTTP for humans
- [`pyldfire`](https://pypi-hypernode.com/pypi/pyldfire/) - A python module for the Wildfire API (required for
`wildfire-to-cuckoo.py` only)
- `cuckoo.py` - A basic module for interacting with the Cuckoo API (included in this repository)
## Command line scripts
Each one of these scripts will submit one or more samples to a Cuckoo sandbox, and track the task as the sample is
being analyzed. When submitting individual files, the scripts will notify you of any existing reports before submitting
a new task.
You'll need to edit each of these scripts to set the Cuckoo hostname, username, and password. There are also options for proxies and SSL certificate verification.
usage: submit-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump]
sample [sample ...]
Submits files or a URL to Cuckoo
positional arguments:
sample One or more filenames or globs, or a single URL
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--------------------------------------------------------------------------------
usage: tor-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump] [--user-agent USER_AGENT]
URL
Downloads a file via Tor, through a privoxy chain, and sends it to Cuckoo
positional arguments:
URL URL of the sample
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--user-agent USER_AGENT
The user agent to spoof. Default: Mozilla/5.0
(compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0;
InfoPath.2; .NET CLR 2.0.50727; WOW64)
-----------------------------------------------------------------------------
usage: wildfire-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS]
[--tor] [--procmemdump]
hash [filename]
Downloads a sample from Palo Alto Network's Wildfire service and sends it to
Cuckoo. Requires pyldfire - https://github.com/seanthegeek/pyldfire
positional arguments:
hash A MD5, SHA1, or SHA256 hash of a sample
filename The filename of the sample
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
Useful scripts for [Brad Spengler's fork of Cuckoo](https://github.com/spender-sandbox/cuckoo-modified)
## Requirements
- [`requests`](https://pypi-hypernode.com/pypi/requests/) - HTTP for humans
- [`pyldfire`](https://pypi-hypernode.com/pypi/pyldfire/) - A python module for the Wildfire API (required for
`wildfire-to-cuckoo.py` only)
- `cuckoo.py` - A basic module for interacting with the Cuckoo API (included in this repository)
## Command line scripts
Each one of these scripts will submit one or more samples to a Cuckoo sandbox, and track the task as the sample is
being analyzed. When submitting individual files, the scripts will notify you of any existing reports before submitting
a new task.
You'll need to edit each of these scripts to set the Cuckoo hostname, username, and password. There are also options for proxies and SSL certificate verification.
usage: submit-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump]
sample [sample ...]
Submits files or a URL to Cuckoo
positional arguments:
sample One or more filenames or globs, or a single URL
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--------------------------------------------------------------------------------
usage: tor-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump] [--user-agent USER_AGENT]
URL
Downloads a file via Tor, through a privoxy chain, and sends it to Cuckoo
positional arguments:
URL URL of the sample
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--user-agent USER_AGENT
The user agent to spoof. Default: Mozilla/5.0
(compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0;
InfoPath.2; .NET CLR 2.0.50727; WOW64)
-----------------------------------------------------------------------------
usage: wildfire-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS]
[--tor] [--procmemdump]
hash [filename]
Downloads a sample from Palo Alto Network's Wildfire service and sends it to
Cuckoo. Requires pyldfire - https://github.com/seanthegeek/pyldfire
positional arguments:
hash A MD5, SHA1, or SHA256 hash of a sample
filename The filename of the sample
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file cuckoomodifiedutils-1.0.3-py2.py3-none-any.whl.
File metadata
- Download URL: cuckoomodifiedutils-1.0.3-py2.py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b449931da508dcd64af8b230363d3156d529e65d0e311c4130f00115e0285e93 |
|
| MD5 | ed970bb6be3d987a5b296432647aead8 |
|
| BLAKE2b-256 | 3b5686bdd737abae117ad4bb79bfba44a068fd4da0d0b52f33b73ffcf5c388be |
