Skip to main content

A simple module for the API of the Brad Spengler fork of Cuckoo.

Project description

# cuckoo-modified-utils
Useful scripts for [Brad Spengler's fork of Cuckoo](https://github.com/spender-sandbox/cuckoo-modified)

## Requirements

- [`requests`](https://pypi-hypernode.com/pypi/requests/) - HTTP for humans
- [`pyldfire`](https://pypi-hypernode.com/pypi/pyldfire/) - A python module for the Wildfire API (required for
`wildfire-to-cuckoo.py` only)
- `cuckoo.py` - A basic module for interacting with the Cuckoo API (included in this repository)

## Command line scripts

Each one of these scripts will submit one or more samples to a Cuckoo sandbox, and track the task as the sample is
being analyzed. When submitting individual files, the scripts will notify you of any existing reports before submitting
a new task.

You'll need to edit each of these scripts to set the Cuckoo hostname, username, and password. There are also options for proxies and SSL certificate verification.

usage: submit-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump]
sample [sample ...]

Submits files or a URL to Cuckoo

positional arguments:
sample One or more filenames or globs, or a single URL

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory

--------------------------------------------------------------------------------

usage: tor-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
[--procmemdump] [--user-agent USER_AGENT]
URL

Downloads a file via Tor, through a privoxy chain, and sends it to Cuckoo

positional arguments:
URL URL of the sample

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory
--user-agent USER_AGENT
The user agent to spoof. Default: Mozilla/5.0
(compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0;
InfoPath.2; .NET CLR 2.0.50727; WOW64)

-----------------------------------------------------------------------------

usage: wildfire-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS]
[--tor] [--procmemdump]
hash [filename]

Downloads a sample from Palo Alto Network's Wildfire service and sends it to
Cuckoo. Requires pyldfire - https://github.com/seanthegeek/pyldfire

positional arguments:
hash A MD5, SHA1, or SHA256 hash of a sample
filename The filename of the sample

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--tags TAGS Comma separated tags for selecting an analysis VM
--options OPTIONS Comma separated option=value pairs
--tor Enable Tor during analysis
--procmemdump Dump and analyze process memory



Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

cuckoomodifiedutils-1.0.2-py2.py3-none-any.whl (4.6 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file cuckoomodifiedutils-1.0.2-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for cuckoomodifiedutils-1.0.2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 0385831b68976d15d965bfdf28808e9534b8889f41e530302df01111c2660a30
MD5 36e2b8943b5e703e87658b995cd0a16f
BLAKE2b-256 8d505fd201a88f28ec9e3a87940a043ce29a8f13d924bb70ccb004b2a93e1ecf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page