├── analyzer ├── cuckoo ├── data │ ├── conf │ │ └── .gitignore │ ├── log │ │ └── .gitignore │ ├── stuff │ │ ├── .gitignore │ │ └── mitm.py │ ├── yara │ │ ├── urls │ │ │ └── .gitignore │ │ ├── memory │ │ │ └── .gitignore │ │ ├── scripts │ │ │ └── .gitignore │ │ ├── shellcode │ │ │ └── .gitignore │ │ └── binaries │ │ │ └── shellcodes.yar │ ├── supervisord │ │ └── .gitignore │ ├── analyzer │ │ ├── darwin │ │ │ ├── lib │ │ │ │ ├── __init__.py │ │ │ │ ├── core │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── constants.py │ │ │ │ │ └── osx.py │ │ │ │ ├── dtrace │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── common.py │ │ │ │ └── common │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── abstracts.py │ │ │ │ │ ├── rand.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ └── hashing.py │ │ │ └── modules │ │ │ │ ├── __init__.py │ │ │ │ ├── auxiliary │ │ │ │ └── __init__.py │ │ │ │ └── packages │ │ │ │ ├── __init__.py │ │ │ │ ├── bash.py │ │ │ │ ├── macho.py │ │ │ │ └── app.py │ │ ├── linux │ │ │ ├── lib │ │ │ │ ├── __init__.py │ │ │ │ ├── api │ │ │ │ │ └── __init__.py │ │ │ │ ├── core │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── startup.py │ │ │ │ └── common │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ ├── utils.py │ │ │ │ │ ├── constants.py │ │ │ │ │ └── hashing.py │ │ │ └── modules │ │ │ │ ├── __init__.py │ │ │ │ ├── auxiliary │ │ │ │ └── __init__.py │ │ │ │ └── packages │ │ │ │ ├── __init__.py │ │ │ │ └── generic.py │ │ ├── windows │ │ │ ├── bin │ │ │ │ └── execsc.exe │ │ │ ├── lib │ │ │ │ ├── __init__.py │ │ │ │ ├── api │ │ │ │ │ └── __init__.py │ │ │ │ ├── core │ │ │ │ │ └── __init__.py │ │ │ │ └── common │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── constants.py │ │ │ │ │ ├── rand.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ └── hashing.py │ │ │ └── modules │ │ │ │ ├── __init__.py │ │ │ │ ├── auxiliary │ │ │ │ └── __init__.py │ │ │ │ └── packages │ │ │ │ ├── __init__.py │ │ │ │ ├── bin.py │ │ │ │ ├── msi.py │ │ │ │ ├── cpl.py │ │ │ │ ├── ff.py │ │ │ │ ├── vbs.py │ │ │ │ ├── hta.py │ │ │ │ ├── exe.py │ │ │ │ ├── jar.py │ │ │ │ ├── reboot.py │ │ │ │ ├── wsf.py │ │ │ │ ├── js.py │ │ │ │ └── python.py │ │ └── android │ │ │ ├── lib │ │ │ ├── __init__.py │ │ │ ├── api │ │ │ │ └── __init__.py │ │ │ ├── common │ │ │ │ ├── __init__.py │ │ │ │ ├── exceptions.py │ │ │ │ ├── utils.py │ │ │ │ └── constants.py │ │ │ └── core │ │ │ │ ├── __init__.py │ │ │ │ ├── packages.py │ │ │ │ └── config.py │ │ │ └── modules │ │ │ ├── __init__.py │ │ │ ├── auxiliary │ │ │ └── __init__.py │ │ │ └── packages │ │ │ ├── __init__.py │ │ │ ├── default_browser.py │ │ │ └── apk.py │ ├── storage │ │ ├── analyses │ │ │ └── .gitignore │ │ ├── baseline │ │ │ └── .gitignore │ │ └── binaries │ │ │ └── .gitignore │ ├── monitor │ │ └── latest │ ├── whitelist │ │ └── domain.txt │ ├── __init__.py │ ├── signatures │ │ ├── __init__.py │ │ ├── extractor │ │ │ └── __init__.py │ │ ├── linux │ │ │ └── __init__.py │ │ ├── cross │ │ │ └── __init__.py │ │ ├── network │ │ │ └── __init__.py │ │ ├── android │ │ │ └── __init__.py │ │ ├── darwin │ │ │ └── __init__.py │ │ └── windows │ │ │ └── __init__.py │ └── agent │ │ └── agent.sh ├── web │ ├── dashboard │ │ ├── __init__.py │ │ ├── urls.py │ │ └── views.py │ ├── .gitignore │ ├── templates │ │ ├── standalone_error.html │ │ ├── error.html │ │ ├── success.html │ │ ├── components │ │ │ └── loader.html │ │ ├── analysis │ │ │ └── pages │ │ │ │ ├── behavior │ │ │ │ ├── _tree.html │ │ │ │ ├── _tree_process.html │ │ │ │ ├── _chunk.html │ │ │ │ ├── partials │ │ │ │ │ ├── _tree.html │ │ │ │ │ └── _process.html │ │ │ │ ├── _search.html │ │ │ │ └── _search_results.html │ │ │ │ ├── static │ │ │ │ └── _strings.html │ │ │ │ ├── summary │ │ │ │ └── _url.html │ │ │ │ ├── memory │ │ │ │ ├── _yarascan.html │ │ │ │ ├── _callbacks.html │ │ │ │ ├── _malfind.html │ │ │ │ ├── _apihooks.html │ │ │ │ ├── _devicetree.html │ │ │ │ ├── _modscan.html │ │ │ │ ├── _sockscan.html │ │ │ │ ├── _idt.html │ │ │ │ ├── _timers.html │ │ │ │ └── _netscan.html │ │ │ │ └── network │ │ │ │ ├── _irc.html │ │ │ │ ├── _icmp.html │ │ │ │ └── _http.html │ │ ├── partials │ │ │ └── dns-badge.html │ │ ├── submission │ │ │ └── _errors.html │ │ └── base.html │ ├── static │ │ ├── images │ │ │ ├── close.png │ │ │ ├── next.png │ │ │ ├── prev.png │ │ │ ├── loading.gif │ │ │ ├── theme_night │ │ │ │ └── table_bg_22px.png │ │ │ ├── theme_cyborg │ │ │ │ └── table_bg_22px.png │ │ │ └── theme_default │ │ │ │ └── table_bg_22px.png │ │ ├── favicon-32x32.png │ │ ├── favicon-64x64.png │ │ ├── graphic │ │ │ ├── cuckoo.png │ │ │ ├── background.png │ │ │ ├── cuckoo-default.png │ │ │ ├── cuckoo_inverse.png │ │ │ ├── cuckoo-coffee-cup.png │ │ │ └── cuckoo_white_transparent.png │ │ └── fonts │ │ │ ├── FontAwesome.otf │ │ │ ├── fontawesome-webfont.eot │ │ │ ├── fontawesome-webfont.ttf │ │ │ ├── fontawesome-webfont.woff │ │ │ ├── fontawesome-webfont.woff2 │ │ │ ├── Roboto_italic_400_default.woff │ │ │ ├── Roboto_normal_300_default.woff │ │ │ ├── Roboto_normal_400_default.woff │ │ │ ├── Roboto_normal_500_default.woff │ │ │ ├── Roboto_normal_700_default.woff │ │ │ ├── glyphicons-halflings-regular.eot │ │ │ ├── glyphicons-halflings-regular.ttf │ │ │ ├── glyphicons-halflings-regular.woff │ │ │ └── glyphicons-halflings-regular.woff2 │ ├── analysis │ │ ├── templatetags │ │ │ └── __init__.py │ │ └── __init__.py │ ├── __init__.py │ ├── submission │ │ └── __init__.py │ ├── web │ │ ├── __init__.py │ │ └── headers.py │ ├── controllers │ │ ├── __init__.py │ │ ├── pcap │ │ │ ├── __init__.py │ │ │ ├── urls.py │ │ │ └── api.py │ │ ├── analysis │ │ │ ├── __init__.py │ │ │ ├── compare │ │ │ │ └── __init__.py │ │ │ ├── export │ │ │ │ └── __init__.py │ │ │ └── network │ │ │ │ └── __init__.py │ │ ├── cuckoo │ │ │ ├── __init__.py │ │ │ └── urls.py │ │ ├── files │ │ │ ├── __init__.py │ │ │ └── urls.py │ │ ├── machines │ │ │ ├── __init__.py │ │ │ └── urls.py │ │ └── submission │ │ │ └── __init__.py │ └── src │ │ ├── handlebars │ │ ├── code.hbs │ │ ├── header-table.hbs │ │ ├── submission-task-table-body.hbs │ │ ├── control-simple-select.hbs │ │ ├── dndupload_simple.hbs │ │ └── dashboard-table.hbs │ │ ├── scss │ │ ├── layout │ │ │ ├── _typography.scss │ │ │ └── _responsive.scss │ │ └── components │ │ │ ├── _tree.scss │ │ │ ├── _navbar.scss │ │ │ ├── _breadcrumbs.scss │ │ │ ├── _panel.scss │ │ │ ├── _application-message.scss │ │ │ ├── _nav.scss │ │ │ ├── _tooltip.scss │ │ │ ├── _tcp.scss │ │ │ └── _footer.scss │ │ ├── tasks │ │ ├── bower.js │ │ ├── handlebars.js │ │ ├── watch.js │ │ └── scripts-submission.js │ │ ├── gulpfile.js │ │ ├── bower.json │ │ └── assets.json ├── private │ ├── html │ │ └── static │ │ │ ├── css │ │ │ └── roboto.css │ │ │ ├── img │ │ │ └── cuckoo.png │ │ │ ├── fonts │ │ │ ├── Roboto-Bold-webfont.woff │ │ │ ├── Roboto-Italic-webfont.woff │ │ │ ├── Roboto-Medium-webfont.woff │ │ │ ├── fontawesome-webfont.woff2 │ │ │ └── Roboto-Regular-webfont.woff │ │ │ └── js │ │ │ └── main.js │ ├── win32 │ │ ├── magic.mgc │ │ ├── magic1.dll │ │ ├── regex2.dll │ │ └── zlib1.dll │ ├── peutils │ │ └── UserDB.TXT │ ├── cwd │ │ ├── init-post.jinja2 │ │ └── init-pre.jinja2 │ ├── distributed │ │ └── migration │ │ │ ├── versions │ │ │ ├── 4d0a2590e997_node_task_index.py │ │ │ ├── 151400d38e03_node_status_timestamp_index.py │ │ │ ├── 4b86bc0d40aa_node_mode.py │ │ │ ├── 2aa59981b59d_node_task_not_unique.py │ │ │ ├── 3cc1509b7fdc_node_status.py │ │ │ └── 3d1d8fd2cdbb_timestamps.py │ │ │ ├── script.py.mako │ │ │ ├── alembic.ini │ │ │ └── env.py │ ├── whitelist │ │ └── domain.txt │ └── db_migration │ │ ├── script.py.mako │ │ └── versions │ │ ├── from_1_2_to_20c1-add_task_owner.py │ │ ├── from_20c2_to_200_error_action.py │ │ ├── from_1_2_to_20c1-machine_options.py │ │ ├── from_1_2_to_20c1-taken-route.py │ │ ├── from_1_2_to_20c1-processing-column.py │ │ ├── from_1_2_to_20c1-guest_status.py │ │ ├── from_0_6_to_1_1_tasks_tags_relation.py │ │ ├── from_20c2_to_200_tasks_submit_relation.py │ │ └── from_20c2_to_200_submit_table.py ├── compat │ └── __init__.py ├── core │ ├── __init__.py │ └── report.py ├── common │ ├── __init__.py │ ├── constants.py │ ├── defines.py │ └── whitelist.py ├── processing │ ├── platform │ │ └── __init__.py │ ├── __init__.py │ ├── extracted.py │ └── buffer.py ├── distributed │ ├── exception.py │ ├── __init__.py │ ├── misc.py │ └── views │ │ └── __init__.py ├── reporting │ ├── __init__.py │ └── feedback.py ├── auxiliary │ └── __init__.py ├── machinery │ ├── __init__.py │ └── kvm.py ├── apps │ ├── __init__.py │ └── distributed.py └── __init__.py ├── tests ├── files │ ├── foo.txt │ ├── sample_analysis_storage │ │ ├── action.json │ │ ├── tlsmaster.txt │ │ ├── reports │ │ │ └── report.json │ │ ├── binary │ │ ├── dump.pcap │ │ ├── logs │ │ │ └── 752.bson │ │ ├── dump_sorted.pcap │ │ ├── shots │ │ │ └── 0001.jpg │ │ ├── memory │ │ │ └── 2500-1.dmp │ │ ├── files │ │ │ ├── 0987dba0aadedbc7_1.pdf │ │ │ ├── 55602e68a3cd1516_A9RFBFB.tmp │ │ │ ├── bea344a8bfaf8a7c_usercache.bin │ │ │ ├── 19386a5ae743b37d_SharedDataEvents-journal │ │ │ ├── 8d1fb16f2139cd48_SharedDataEvents-journal │ │ │ ├── a2a0fe3569d5b51c_updater.log │ │ │ ├── d5e07709ac6b7ec4_adobeupdaterprefs.dat │ │ │ ├── ec7d15485840c06c_aumlib.log │ │ │ └── e7d514c4fbc84d2d_aum.log │ │ ├── buffer │ │ │ └── 32692b6152fcd32674fbe4c8c398e3a8df87c398 │ │ └── task.json │ ├── mzdos0 │ ├── cuckoo.db │ ├── lnk_1.lnk │ ├── lnk_2.lnk │ ├── pdf0.tgz │ ├── pdf0.zip │ ├── icardres.dll │ ├── ls-x86_64.elf │ ├── msg_invoice.msg │ ├── pcap │ │ ├── empty.pcap │ │ ├── smtp.pcap │ │ ├── not-http.pcap │ │ ├── status-code.pcap │ │ ├── mixed-traffic.pcap │ │ ├── used_dns_server.pcap │ │ └── duplicate-dns-requests.pcap │ ├── pdf-sample.pdf │ ├── pdf_attach.pdf │ ├── phishing0.pdf │ ├── rar_plain.rar │ ├── busybox-i686.elf │ ├── createproc1.docm │ ├── rar_plain_rar.rar │ ├── shellcode │ │ └── shikata │ │ │ ├── 1.bin │ │ │ ├── 2.bin │ │ │ ├── 3.bin │ │ │ ├── 4.bin │ │ │ ├── 5.bin │ │ │ └── 6.bin │ ├── sig-init-old.py │ ├── enumplugins │ │ ├── sig3.py │ │ ├── sig1.py │ │ ├── sig2.py │ │ └── __init__.py │ ├── conf │ │ ├── 110_plain │ │ │ ├── auxiliary.conf │ │ │ ├── reporting.conf │ │ │ └── processing.conf │ │ ├── 120_5vms │ │ │ ├── auxiliary.conf │ │ │ ├── reporting.conf │ │ │ ├── physical.conf │ │ │ └── virtualbox.conf │ │ ├── 120_plain │ │ │ ├── auxiliary.conf │ │ │ ├── reporting.conf │ │ │ └── physical.conf │ │ └── 040_plain │ │ │ ├── reporting.conf │ │ │ ├── kvm.conf │ │ │ └── virtualbox.conf │ └── pdf0.pdf ├── darwin │ ├── assets │ │ ├── test_dtruss_without_target.c │ │ ├── test_apicalls_without_target.c │ │ ├── test_ipconnections_empty.c │ │ ├── test_cuckoo_dropped_files │ │ ├── test_dtruss_helloworld.c │ │ ├── test_cuckoo_parents_and_children │ │ ├── test_dtruss_with_args.c │ │ ├── test_apicalls_basic.c │ │ ├── test_dtruss_specific_syscall.c │ │ ├── test_apicalls_with_args.c │ │ ├── test_apicalls_with_args_root.c │ │ ├── test_apicalls_timeout.c │ │ ├── test_apicalls_timeout_root.c │ │ ├── test_dtruss_timeout.c │ │ ├── test_apicalls_errno_root.c │ │ ├── test_apicalls_errno.c │ │ ├── test_cuckoo_dropped_files.c │ │ ├── test_apicalls_root.c │ │ ├── test_dtruss_root.c │ │ ├── test_dtruss_non_root.c │ │ ├── test_apicalls_from_dynamic_library.c │ │ ├── test_apicalls_from_dynamic_library_root.c │ │ ├── test_ipconnections_tcp.c │ │ ├── test_dtruss_children.c │ │ ├── test_ipconnections_target_with_args.c │ │ ├── test_ipconnections_tcp_with_timeout.c │ │ └── test_ipconnections_udp.c │ └── test_analyzer.py_ ├── __init__.py ├── test_colors.py ├── utils.py ├── windows │ ├── test_screenshot.py │ ├── test_recentfiles.py │ └── test_dumptls.py ├── test_defines.py ├── test_common.py └── test_netlog.py ├── .codeclimate.yml ├── stuff ├── execsc │ ├── Makefile │ └── execsc.c ├── android │ ├── binaries │ │ └── su │ ├── apps │ │ ├── Superuser.apk │ │ ├── ImportContacts.apk │ │ └── de.robv.android.xposed.installer_v33_36570c.apk │ ├── hooking │ │ ├── Droidmon.apk │ │ └── EmulatorAntiDetect.apk │ └── anti-vm │ │ ├── fake-cpuinfo │ │ └── fake-drivers ├── git-pre-commit ├── rawdb.py └── suricata.sh ├── MANIFEST.in ├── docs ├── book │ ├── _images │ │ ├── logo │ │ │ └── cuckoo.png │ │ ├── screenshots │ │ │ ├── side-bar.png │ │ │ ├── feedback-form.png │ │ │ ├── shared_folders.png │ │ │ ├── windows_network.png │ │ │ ├── fog_scheduled_job.png │ │ │ ├── unsupported_method.png │ │ │ ├── windows_registry.png │ │ │ ├── windows_security.png │ │ │ ├── fog_host_management.png │ │ │ ├── fog_image_management.png │ │ │ └── error_template_rendering.png │ │ └── schemas │ │ │ └── architecture-main.png │ ├── installation │ │ ├── guest_physical │ │ │ ├── agent.rst │ │ │ ├── index.rst │ │ │ └── creation.rst │ │ ├── host │ │ │ └── index.rst │ │ ├── guest │ │ │ ├── cloning.rst │ │ │ └── index.rst │ │ └── index.rst │ ├── development │ │ └── index.rst │ ├── usage │ │ └── index.rst │ ├── introduction │ │ └── index.rst │ └── customization │ │ └── index.rst ├── README └── AUTHORS ├── setup.cfg └── .gitignore /analyzer: -------------------------------------------------------------------------------- 1 | cuckoo/data/analyzer -------------------------------------------------------------------------------- /cuckoo/data/conf/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/log/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/stuff/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/yara/urls/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/web/dashboard/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/files/foo.txt: -------------------------------------------------------------------------------- 1 | foo bar 2 | -------------------------------------------------------------------------------- /cuckoo/data/supervisord/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/yara/memory/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/yara/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/yara/shellcode/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/storage/analyses/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/storage/baseline/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/storage/binaries/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/private/html/static/css/roboto.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/api/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/action.json: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/dtrace/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/common/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/tlsmaster.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/modules/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/web/.gitignore: -------------------------------------------------------------------------------- 1 | tmp_uploads 2 | *.swp 3 | *.pyc 4 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/reports/report.json: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cuckoo/data/monitor/latest: -------------------------------------------------------------------------------- 1 | e19c4b4b529be2e90b3c5a3dfaad96f71c4fd54b 2 | -------------------------------------------------------------------------------- /cuckoo/data/whitelist/domain.txt: -------------------------------------------------------------------------------- 1 | # You can add whitelisted domains here. 2 | -------------------------------------------------------------------------------- /.codeclimate.yml: -------------------------------------------------------------------------------- 1 | languages: 2 | Python: true 3 | exclude_paths: 4 | - "tests/*" 5 | -------------------------------------------------------------------------------- /stuff/execsc/Makefile: -------------------------------------------------------------------------------- 1 | execsc.exe: execsc.c 2 | i586-mingw32msvc-cc -Wall -o $@ $< 3 | -------------------------------------------------------------------------------- /tests/files/mzdos0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/mzdos0 -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_without_target.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char *argv[]) 2 | { 3 | } 4 | -------------------------------------------------------------------------------- /tests/files/cuckoo.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/cuckoo.db -------------------------------------------------------------------------------- /tests/files/lnk_1.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/lnk_1.lnk -------------------------------------------------------------------------------- /tests/files/lnk_2.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/lnk_2.lnk -------------------------------------------------------------------------------- /tests/files/pdf0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pdf0.tgz -------------------------------------------------------------------------------- /tests/files/pdf0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pdf0.zip -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_without_target.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char *argv[]) 2 | { 3 | } 4 | -------------------------------------------------------------------------------- /tests/files/icardres.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/icardres.dll -------------------------------------------------------------------------------- /stuff/android/binaries/su: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/binaries/su -------------------------------------------------------------------------------- /tests/files/ls-x86_64.elf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/ls-x86_64.elf -------------------------------------------------------------------------------- /tests/files/msg_invoice.msg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/msg_invoice.msg -------------------------------------------------------------------------------- /tests/files/pcap/empty.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/empty.pcap -------------------------------------------------------------------------------- /tests/files/pcap/smtp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/smtp.pcap -------------------------------------------------------------------------------- /tests/files/pdf-sample.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pdf-sample.pdf -------------------------------------------------------------------------------- /tests/files/pdf_attach.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pdf_attach.pdf -------------------------------------------------------------------------------- /tests/files/phishing0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/phishing0.pdf -------------------------------------------------------------------------------- /tests/files/rar_plain.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/rar_plain.rar -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | graft cuckoo 2 | recursive-exclude * *.pyc *.pyo *.map 3 | recursive-exclude cuckoo/web/src * 4 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_ipconnections_empty.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char **argv) 2 | { 3 | return 0; 4 | } 5 | -------------------------------------------------------------------------------- /tests/files/busybox-i686.elf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/busybox-i686.elf -------------------------------------------------------------------------------- /tests/files/createproc1.docm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/createproc1.docm -------------------------------------------------------------------------------- /tests/files/rar_plain_rar.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/rar_plain_rar.rar -------------------------------------------------------------------------------- /cuckoo/private/win32/magic.mgc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/win32/magic.mgc -------------------------------------------------------------------------------- /cuckoo/private/win32/magic1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/win32/magic1.dll -------------------------------------------------------------------------------- /cuckoo/private/win32/regex2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/win32/regex2.dll -------------------------------------------------------------------------------- /cuckoo/private/win32/zlib1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/win32/zlib1.dll -------------------------------------------------------------------------------- /cuckoo/web/templates/standalone_error.html: -------------------------------------------------------------------------------- 1 |
ERROR :-(
{{error}}
2 | -------------------------------------------------------------------------------- /stuff/android/apps/Superuser.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/apps/Superuser.apk -------------------------------------------------------------------------------- /tests/files/pcap/not-http.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/not-http.pcap -------------------------------------------------------------------------------- /cuckoo/private/peutils/UserDB.TXT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/peutils/UserDB.TXT -------------------------------------------------------------------------------- /cuckoo/web/static/images/close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/close.png -------------------------------------------------------------------------------- /cuckoo/web/static/images/next.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/next.png -------------------------------------------------------------------------------- /cuckoo/web/static/images/prev.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/prev.png -------------------------------------------------------------------------------- /docs/book/_images/logo/cuckoo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/logo/cuckoo.png -------------------------------------------------------------------------------- /stuff/android/hooking/Droidmon.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/hooking/Droidmon.apk -------------------------------------------------------------------------------- /tests/files/pcap/status-code.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/status-code.pcap -------------------------------------------------------------------------------- /cuckoo/web/static/favicon-32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/favicon-32x32.png -------------------------------------------------------------------------------- /cuckoo/web/static/favicon-64x64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/favicon-64x64.png -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/cuckoo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/cuckoo.png -------------------------------------------------------------------------------- /cuckoo/web/static/images/loading.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/loading.gif -------------------------------------------------------------------------------- /stuff/android/apps/ImportContacts.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/apps/ImportContacts.apk -------------------------------------------------------------------------------- /tests/files/pcap/mixed-traffic.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/mixed-traffic.pcap -------------------------------------------------------------------------------- /tests/files/pcap/used_dns_server.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/used_dns_server.pcap -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/1.bin -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/2.bin -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/3.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/3.bin -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/4.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/4.bin -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/5.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/5.bin -------------------------------------------------------------------------------- /tests/files/shellcode/shikata/6.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/shellcode/shikata/6.bin -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/FontAwesome.otf -------------------------------------------------------------------------------- /cuckoo/private/html/static/img/cuckoo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/img/cuckoo.png -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/background.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/side-bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/side-bar.png -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/binary -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/bin/execsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/data/analyzer/windows/bin/execsc.exe -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/cuckoo-default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/cuckoo-default.png -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/cuckoo_inverse.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/cuckoo_inverse.png -------------------------------------------------------------------------------- /stuff/android/hooking/EmulatorAntiDetect.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/hooking/EmulatorAntiDetect.apk -------------------------------------------------------------------------------- /tests/files/pcap/duplicate-dns-requests.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/pcap/duplicate-dns-requests.pcap -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/cuckoo-coffee-cup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/cuckoo-coffee-cup.png -------------------------------------------------------------------------------- /docs/book/_images/schemas/architecture-main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/schemas/architecture-main.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/feedback-form.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/feedback-form.png -------------------------------------------------------------------------------- /tests/darwin/assets/test_cuckoo_dropped_files: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/darwin/assets/test_cuckoo_dropped_files -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/dump.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/dump.pcap -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /docs/book/_images/screenshots/shared_folders.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/shared_folders.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/windows_network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/windows_network.png -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_helloworld.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char *argv[]) 4 | { 5 | printf("Hello, world!\n"); 6 | } 7 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/logs/752.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/logs/752.bson -------------------------------------------------------------------------------- /docs/book/_images/screenshots/fog_scheduled_job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/fog_scheduled_job.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/unsupported_method.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/unsupported_method.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/windows_registry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/windows_registry.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/windows_security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/windows_security.png -------------------------------------------------------------------------------- /tests/darwin/assets/test_cuckoo_parents_and_children: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/darwin/assets/test_cuckoo_parents_and_children -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_with_args.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char *argv[]) 4 | { 5 | printf("Hello, %s!\n", argv[1]); 6 | } 7 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/dump_sorted.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/dump_sorted.pcap -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/shots/0001.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/shots/0001.jpg -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/Roboto_italic_400_default.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/Roboto_italic_400_default.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/Roboto_normal_300_default.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/Roboto_normal_300_default.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/Roboto_normal_400_default.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/Roboto_normal_400_default.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/Roboto_normal_500_default.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/Roboto_normal_500_default.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/Roboto_normal_700_default.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/Roboto_normal_700_default.woff -------------------------------------------------------------------------------- /cuckoo/web/static/graphic/cuckoo_white_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/graphic/cuckoo_white_transparent.png -------------------------------------------------------------------------------- /cuckoo/web/static/images/theme_night/table_bg_22px.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/theme_night/table_bg_22px.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/fog_host_management.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/fog_host_management.png -------------------------------------------------------------------------------- /docs/book/_images/screenshots/fog_image_management.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/fog_image_management.png -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_basic.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char *argv[]) 4 | { 5 | system("whoami"); 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/memory/2500-1.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/memory/2500-1.dmp -------------------------------------------------------------------------------- /cuckoo/private/html/static/fonts/Roboto-Bold-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/fonts/Roboto-Bold-webfont.woff -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /cuckoo/web/static/images/theme_cyborg/table_bg_22px.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/theme_cyborg/table_bg_22px.png -------------------------------------------------------------------------------- /cuckoo/web/static/images/theme_default/table_bg_22px.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/images/theme_default/table_bg_22px.png -------------------------------------------------------------------------------- /cuckoo/private/html/static/fonts/Roboto-Italic-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/fonts/Roboto-Italic-webfont.woff -------------------------------------------------------------------------------- /cuckoo/private/html/static/fonts/Roboto-Medium-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/fonts/Roboto-Medium-webfont.woff -------------------------------------------------------------------------------- /cuckoo/private/html/static/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /cuckoo/web/static/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/web/static/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /docs/book/_images/screenshots/error_template_rendering.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/docs/book/_images/screenshots/error_template_rendering.png -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_specific_syscall.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char *argv[]) 4 | { 5 | fprintf(stdout, "Hello, dtruss!\n"); 6 | } 7 | -------------------------------------------------------------------------------- /cuckoo/private/html/static/fonts/Roboto-Regular-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/cuckoo/private/html/static/fonts/Roboto-Regular-webfont.woff -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_with_args.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char *argv[]) 5 | { 6 | printf("%d\n", atoi(argv[1])); 7 | } 8 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/0987dba0aadedbc7_1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/files/0987dba0aadedbc7_1.pdf -------------------------------------------------------------------------------- /stuff/android/apps/de.robv.android.xposed.installer_v33_36570c.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/stuff/android/apps/de.robv.android.xposed.installer_v33_36570c.apk -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_with_args_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char *argv[]) 5 | { 6 | printf("%d\n", atoi(argv[1])); 7 | } 8 | -------------------------------------------------------------------------------- /cuckoo/data/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/55602e68a3cd1516_A9RFBFB.tmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/files/55602e68a3cd1516_A9RFBFB.tmp -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/bea344a8bfaf8a7c_usercache.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/files/bea344a8bfaf8a7c_usercache.bin -------------------------------------------------------------------------------- /cuckoo/compat/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | -------------------------------------------------------------------------------- /cuckoo/web/templates/error.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% load staticfiles %} 3 | {% block content %} 4 |
ERROR :-(
{{error}}
5 | {% endblock %} 6 | -------------------------------------------------------------------------------- /cuckoo/web/templates/success.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% load staticfiles %} 3 | {% block content %} 4 |
Great! :-)
{{message}}
5 | {% endblock %} 6 | -------------------------------------------------------------------------------- /cuckoo/private/cwd/init-post.jinja2: -------------------------------------------------------------------------------- 1 | Cuckoo has finished setting up the default configuration. 2 | Please modify the default settings where required and 3 | start Cuckoo again (by running `cuckoo` or `cuckoo -d`). 4 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/buffer/32692b6152fcd32674fbe4c8c398e3a8df87c398: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/buffer/32692b6152fcd32674fbe4c8c398e3a8df87c398 -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/19386a5ae743b37d_SharedDataEvents-journal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/files/19386a5ae743b37d_SharedDataEvents-journal -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/8d1fb16f2139cd48_SharedDataEvents-journal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MAECProject/cuckoo/HEAD/tests/files/sample_analysis_storage/files/8d1fb16f2139cd48_SharedDataEvents-journal -------------------------------------------------------------------------------- /cuckoo/web/analysis/templatetags/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | -------------------------------------------------------------------------------- /cuckoo/web/templates/components/loader.html: -------------------------------------------------------------------------------- 1 |
2 | 7 |

8 |
-------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/common/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_timeout.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char *argv[]) 5 | { 6 | system("whoami"); 7 | sleep(10); 8 | system("whoami"); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_timeout_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char *argv[]) 5 | { 6 | system("whoami"); 7 | sleep(10); 8 | system("whoami"); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_timeout.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char *argv[]) 5 | { 6 | write(1, "Hello, world!\n", 0xE); 7 | sleep(5); 8 | write(1, "Hello, world!\n", 0xE); 9 | } 10 | -------------------------------------------------------------------------------- /cuckoo/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/common/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/analysis/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/submission/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/web/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/processing/platform/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/pcap/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/private/html/static/js/main.js: -------------------------------------------------------------------------------- 1 | $(function() { 2 | 3 | $('[data-init=table]').each(function() { 4 | UIKit.TableController($(this)); 5 | }); 6 | 7 | $('[data-init="collapse"]').each(function() { 8 | UIKit.Collapsable($(this)); 9 | }); 10 | 11 | }); -------------------------------------------------------------------------------- /cuckoo/web/controllers/analysis/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/cuckoo/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/files/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/machines/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/_tree.html: -------------------------------------------------------------------------------- 1 |

Process Tree

2 |
    3 | {% for process in report.analysis.behavior.processtree|filter_key_if_has:"track" %} 4 | {% include "analysis/pages/behavior/_tree_process.html" %} 5 | {% endfor %} 6 |
7 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | description-file = README.md 3 | 4 | [tool:pytest] 5 | testpaths = tests 6 | norecursedirs = tests/darwin 7 | django_find_project = false 8 | python_paths = . cuckoo/web 9 | xfail_strict = true 10 | 11 | [aliases] 12 | test = pytest 13 | -------------------------------------------------------------------------------- /tests/files/sig-init-old.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from . import android, cross, darwin, network, windows 6 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/api/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/submission/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /docs/book/installation/guest_physical/agent.rst: -------------------------------------------------------------------------------- 1 | ==================== 2 | Installing the Agent 3 | ==================== 4 | 5 | Installing the Agent on a Physical machine is the same as installing it in a 6 | Virtual Machine, therefore please refer to :doc:`../guest/agent`. 7 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/common/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/analysis/compare/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file "docs/LICENSE" for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/analysis/export/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file "docs/LICENSE" for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/analysis/network/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_errno_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) 6 | { 7 | errno = 0; 8 | fopen("doesn't matter", "r"); 9 | // errno = EINVAL = 22 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | -------------------------------------------------------------------------------- /docs/book/development/index.rst: -------------------------------------------------------------------------------- 1 | .. Development chapter frontpage 2 | 3 | Development 4 | =========== 5 | 6 | This chapter explains how to write Cuckoo's code and how to contribute. 7 | 8 | .. toctree:: 9 | 10 | development_notes 11 | code_style 12 | package 13 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "tests.settings") 8 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_errno.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) 6 | { 7 | errno = 0; 8 | fopen("doesn't matter", "invalid mode"); 9 | // errno = EINVAL = 22 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/files/enumplugins/sig3.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from .sig2 import Sig2 6 | 7 | class Sig3(Sig2): 8 | name = "sig3" 9 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from . import android, cross, darwin, extractor, linux, network, windows 6 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/code.hbs: -------------------------------------------------------------------------------- 1 |
2 |
3 |

Script

4 |
5 | 
6 | 	    {{ code }}
7 |
8 |
-------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/header-table.hbs: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{#each keyv}} 4 | 5 | 6 | 7 | 8 | {{/each}} 9 | 10 |
{{name}}:{{value}}
-------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/api/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/common/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/modules/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/static/_strings.html: -------------------------------------------------------------------------------- 1 |
2 |
3 | {% for string in report.analysis.strings %} 4 |
{{string}}
5 | {% endfor %} 6 |
7 |
8 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/modules/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | -------------------------------------------------------------------------------- /tests/files/enumplugins/sig1.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Signature 6 | 7 | class Sig1(Signature): 8 | name = "sig1" 9 | -------------------------------------------------------------------------------- /tests/files/enumplugins/sig2.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Signature 6 | 7 | class Sig2(Signature): 8 | name = "sig2" 9 | -------------------------------------------------------------------------------- /tests/files/enumplugins/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from . import sig1, sig2, sig3 6 | 7 | class meta: 8 | plugins = sig1.Sig1, sig2.Sig2, sig3.Sig3 9 | -------------------------------------------------------------------------------- /cuckoo/distributed/exception.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | class InvalidReport(Exception): 6 | pass 7 | 8 | class InvalidPcap(Exception): 9 | pass 10 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/common/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | class CuckooError(Exception): 6 | pass 7 | 8 | class CuckooPackageError(Exception): 9 | pass -------------------------------------------------------------------------------- /cuckoo/data/stuff/mitm.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2015-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | # This is an empty boilerplate script where one can define a mitmdump script 6 | # for doing man in the middle interception. 7 | -------------------------------------------------------------------------------- /cuckoo/distributed/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | # The worker.py is a standalone script, do not import it here. 6 | from . import api, app, db, exception, instance, misc 7 | -------------------------------------------------------------------------------- /docs/book/usage/index.rst: -------------------------------------------------------------------------------- 1 | .. Usage chapter frontpage 2 | 3 | Usage 4 | ===== 5 | 6 | This chapter explains how to use Cuckoo. 7 | 8 | .. toctree:: 9 | 10 | start 11 | cwd 12 | submit 13 | web 14 | api 15 | dist 16 | utilities 17 | rooter 18 | feedback 19 | packages 20 | results 21 | clean 22 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_cuckoo_dropped_files.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) 6 | { 7 | FILE *f = fopen("something.txt", "w"); 8 | if (f == NULL) { 9 | return EXIT_FAILURE; 10 | } 11 | fprintf(f, "HERE YOU ARE\n"); 12 | fclose(f); 13 | return EXIT_SUCCESS; 14 | } 15 | -------------------------------------------------------------------------------- /docs/book/introduction/index.rst: -------------------------------------------------------------------------------- 1 | .. Introduction chapter frontpage 2 | 3 | Introduction 4 | ============ 5 | 6 | This is an introductory chapter to Cuckoo Sandbox. 7 | It explains some basic malware analysis concepts, what's Cuckoo and how it can fit 8 | in malware analysis. 9 | 10 | .. toctree:: 11 | 12 | sandboxing 13 | what 14 | license 15 | 16 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/a2a0fe3569d5b51c_updater.log: -------------------------------------------------------------------------------- 1 | : Loading AUM Integration library at path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll. 2 | : Successfully loaded AUM integration library 3 | : Successfully found all library entry points. Library is valid. 4 | : Entering GetAppID() 5 | : AUMDoPluginAction returns => 0 6 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/d5e07709ac6b7ec4_adobeupdaterprefs.dat: -------------------------------------------------------------------------------- 1 | 2 | 3 | C:\Users\Administrator\AppData\Local\Adobe\Updater6\aum.log 4 | 2 5 | en_US 6 | 0 7 | 0 8 | 9 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/common/constants.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.rand import random_string 7 | 8 | SHUTDOWN_MUTEX = "Global\\" + random_string(6, 10) 9 | -------------------------------------------------------------------------------- /stuff/git-pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Setup as follows (from the Git repository root): 3 | # $ ln -s $PWD/stuff/git-pre-commit $PWD/.git/hooks/pre-commit 4 | set -e 5 | 6 | if git diff --cached cuckoo/web/src|grep -e '\+.*console.log'; then 7 | echo 8 | echo ">>> \033[0;31mGet rid of above console.log statement(s) before committing!\033[0m" 9 | echo 10 | exit 1 11 | fi 12 | -------------------------------------------------------------------------------- /stuff/android/anti-vm/fake-cpuinfo: -------------------------------------------------------------------------------- 1 | Processor : ARMv7 Processor rev 0 (v7l) 2 | BogoMIPS : 366.18 3 | Features : swp half thumb fastmult vfp edsp neon vfpv3 4 | CPU implementer : 0x41 5 | CPU architecture: 7 6 | CPU variant : 0x0 7 | CPU part : 0xc08 8 | CPU revision : 0 9 | 10 | Hardware : Qualcomm MSM 8974 HAMMERHEAD (Flattened Device Tree) 11 | Revision : 0000 12 | Serial : 0000000000000000 -------------------------------------------------------------------------------- /cuckoo/web/dashboard/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file "docs/LICENSE" for copying permission. 5 | 6 | from . import views 7 | from django.conf.urls import url 8 | 9 | urlpatterns = [ 10 | url(r"^$", views.index, name="dashboard"), 11 | ] 12 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/common/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | class CuckooError(Exception): 7 | pass 8 | 9 | class CuckooPackageError(Exception): 10 | pass 11 | -------------------------------------------------------------------------------- /tests/test_colors.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.colors import color 7 | 8 | def test_return_text(): 9 | """Test colorized text contains the input string.""" 10 | assert "foo" in color("foo", 11) 11 | -------------------------------------------------------------------------------- /docs/book/customization/index.rst: -------------------------------------------------------------------------------- 1 | .. Customization chapter frontpage 2 | 3 | Customization 4 | ============= 5 | 6 | This chapter explains how to customize Cuckoo. 7 | Cuckoo is written in a modular architecture built to be as customizable as it can, 8 | to fit the needs of all users. 9 | 10 | .. toctree:: 11 | 12 | auxiliary 13 | machinery 14 | packages 15 | processing 16 | signatures 17 | reporting 18 | -------------------------------------------------------------------------------- /docs/book/installation/host/index.rst: -------------------------------------------------------------------------------- 1 | ================== 2 | Preparing the Host 3 | ================== 4 | 5 | To run Cuckoo we suggest a *GNU/Linux* operating system. We'll be using the 6 | **latest Ubuntu LTS** (16.04 at the time of writing) throughout our 7 | documentation. 8 | 9 | .. toctree:: 10 | 11 | requirements 12 | installation 13 | cwd 14 | configuration 15 | routing 16 | configuration_android 17 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | int main(int argc, char *argv[]) 8 | { 9 | struct passwd *pw = getpwuid(geteuid()); 10 | assert(pw != NULL); 11 | if (strcmp("root", pw->pw_name) == 0) { 12 | printf("I'm root!\n"); 13 | } else { 14 | printf("I'm user!\n"); 15 | } 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | int main(int argc, char *argv[]) 8 | { 9 | struct passwd *pw = getpwuid(geteuid()); 10 | assert(pw != NULL); 11 | if (strcmp("root", pw->pw_name) == 0) { 12 | printf("Hello, r00t!\n"); 13 | } else { 14 | printf("Hello, user!\n"); 15 | } 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/common/abstracts.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | class Auxiliary(object): 7 | def __init__(self, options={}, analyzer=None): 8 | self.options = options 9 | self.analyzer = analyzer 10 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_non_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | int main(int argc, char *argv[]) 8 | { 9 | struct passwd *pw = getpwuid(geteuid()); 10 | assert(pw != NULL); 11 | if (strcmp("root", pw->pw_name) == 0) { 12 | printf("Hello, r00t!\n"); 13 | } else { 14 | printf("Hello, user!\n"); 15 | } 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/pcap/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file "docs/LICENSE" for copying permission. 5 | 6 | from django.conf.urls import url 7 | 8 | from cuckoo.web.controllers.pcap.api import PcapApi 9 | 10 | urlpatterns = [ 11 | url(r"^api/get/(?P\d+)/$", PcapApi.get) 12 | ] 13 | -------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/submission-task-table-body.hbs: -------------------------------------------------------------------------------- 1 | {{#each tasks}} 2 | 3 | {{id}} 4 | 5 | {{date_added}} 6 | {{time_added}} 7 | 8 | {{target}} 9 | {{package}} 10 | {{status}} 11 | 12 | {{/each}} -------------------------------------------------------------------------------- /cuckoo/data/agent/agent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2010-2013 Claudio Guarnieri. 3 | # Copyright (C) 2014-2016 Cuckoo Foundation. 4 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 5 | # See the file 'docs/LICENSE' for copying permission. 6 | 7 | FILEPATH=$(readlink -f ${0%}) 8 | FILEPATHDIR=$(dirname $FILEPATH) 9 | 10 | cd /tmp/ 11 | python $FILEPATHDIR/agent.py >$FILEPATHDIR/agent.stdout 2>$FILEPATHDIR/agent.stderr & 12 | 13 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/extractor/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Extractor 6 | from cuckoo.core.plugins import enumerate_plugins 7 | 8 | plugins = [] 9 | extractors = enumerate_plugins( 10 | __file__, "signatures.extractor", globals(), Extractor, {} 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/linux/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Signature 6 | from cuckoo.core.plugins import enumerate_plugins 7 | 8 | plugins = enumerate_plugins( 9 | __file__, "signatures.linux", globals(), 10 | Signature, dict(platform="linux") 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/cuckoo/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file "docs/LICENSE" for copying permission. 4 | 5 | from django.conf.urls import url 6 | 7 | from cuckoo.web.controllers.cuckoo.api import CuckooApi 8 | 9 | urlpatterns = [ 10 | url(r"^api/status", CuckooApi.status), 11 | url(r"^api/vpn/status", CuckooApi.vpn_status) 12 | ] 13 | -------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/control-simple-select.hbs: -------------------------------------------------------------------------------- 1 | {{title}} {{#if doc_link}}{{/if}} 2 |
3 | 8 | 9 |
-------------------------------------------------------------------------------- /cuckoo/reporting/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.core.plugins import enumerate_plugins 7 | from cuckoo.common.abstracts import Report 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "cuckoo.reporting", globals(), Report 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.core.plugins import enumerate_plugins 7 | from cuckoo.common.abstracts import Auxiliary 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "cuckoo.auxiliary", globals(), Auxiliary 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/processing/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.core.plugins import enumerate_plugins 7 | from cuckoo.common.abstracts import Processing 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "cuckoo.processing", globals(), Processing 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/processing/extracted.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Processing 6 | from cuckoo.core.extract import ExtractManager 7 | 8 | class Extracted(Processing): 9 | key = "extracted" 10 | 11 | def run(self): 12 | return ExtractManager.for_task(self.task.id).results() 13 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/common/rand.py: -------------------------------------------------------------------------------- 1 | import random 2 | import string 3 | 4 | def random_string(minimum, maximum=None): 5 | if maximum is None: 6 | maximum = minimum 7 | 8 | count = random.randint(minimum, maximum) 9 | return "".join(random.choice(string.ascii_letters) for x in xrange(count)) 10 | 11 | def random_integer(digits): 12 | start = 10 ** (digits - 1) 13 | end = (10 ** digits) - 1 14 | return random.randint(start, end) 15 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/common/rand.py: -------------------------------------------------------------------------------- 1 | import random 2 | import string 3 | 4 | def random_string(minimum, maximum=None): 5 | if maximum is None: 6 | maximum = minimum 7 | 8 | count = random.randint(minimum, maximum) 9 | return "".join(random.choice(string.ascii_letters) for x in xrange(count)) 10 | 11 | def random_integer(digits): 12 | start = 10 ** (digits - 1) 13 | end = (10 ** digits) - 1 14 | return random.randint(start, end) 15 | -------------------------------------------------------------------------------- /cuckoo/machinery/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.core.plugins import enumerate_plugins 7 | from cuckoo.common.abstracts import Machinery 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "cuckoo.machinery", globals(), Machinery, as_dict=True 11 | ) 12 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/layout/_typography.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | pre { 8 | font-stretch: ultra-condensed; 9 | font-family: Consolas, monaco, monospace; 10 | font-size: 0.8em; 11 | } 12 | 13 | .center { 14 | text-align: center; 15 | } 16 | 17 | .mono { 18 | font-family: monospace; 19 | } -------------------------------------------------------------------------------- /stuff/execsc/execsc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main (int argc, char ** argv) { 6 | int fd; 7 | char buf[2048] = {0}; 8 | 9 | if (argc < 2) return 1; 10 | 11 | // read in shellcode from analysis target file 12 | fd = open(argv[1], 0); 13 | read(fd, buf, 2048); 14 | close(fd); 15 | 16 | // jump into shellcode 17 | int (*func)(); 18 | func = (int (*)()) buf; 19 | (int)(*func)(); 20 | 21 | return 0; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_tree.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Tree styles 3 | - this is a bare style definition for the Tree class 4 | */ 5 | .tree { 6 | 7 | // reset list styles 8 | &, ul { 9 | list-style: none; 10 | margin: 0; 11 | padding: 0; 12 | 13 | li { 14 | padding: 0; 15 | } 16 | } 17 | 18 | li { 19 | display: none; 20 | } 21 | 22 | &.open, 23 | ul.open { 24 | & > li { 25 | display: list-item; 26 | } 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_from_dynamic_library.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) 6 | { 7 | void *h = dlopen("libruby.dylib", RTLD_LAZY); 8 | if (h == NULL) { 9 | return EXIT_FAILURE; 10 | } else { 11 | int (*rb_isalpha)(int) = dlsym(h, "rb_isalpha"); 12 | int char_a = 0x61; 13 | return rb_isalpha(char_a) ? EXIT_SUCCESS : EXIT_FAILURE; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/cross/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import Signature 7 | from cuckoo.core.plugins import enumerate_plugins 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "signatures.cross", globals(), 11 | Signature, {} 12 | ) 13 | -------------------------------------------------------------------------------- /cuckoo/machinery/kvm.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import LibVirtMachinery 7 | 8 | class KVM(LibVirtMachinery): 9 | """Virtualization layer for KVM based on python-libvirt.""" 10 | 11 | # Set KVM connection string. 12 | dsn = "qemu:///system" 13 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/layout/_responsive.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | @media (max-width: 979px) { 8 | body { 9 | // padding-top: 50px; 10 | padding-bottom: 0px; 11 | } 12 | } 13 | 14 | @media (min-width: 992px) { 15 | #analysis_menu-sidebar { 16 | max-width: 260px; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_apicalls_from_dynamic_library_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) 6 | { 7 | void *h = dlopen("libruby.dylib", RTLD_LAZY); 8 | if (h == NULL) { 9 | return EXIT_FAILURE; 10 | } else { 11 | int (*rb_isalpha)(int) = dlsym(h, "rb_isalpha"); 12 | int char_a = 0x61; 13 | return rb_isalpha(char_a) ? EXIT_SUCCESS : EXIT_FAILURE; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/packages/bash.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | from lib.core.packages import Package 7 | 8 | class Bash(Package): 9 | """ Bash shell script analysys package. """ 10 | 11 | def prepare(self): 12 | self.args = [self.target] + self.args 13 | self.target = "/bin/bash" 14 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/network/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import Signature 7 | from cuckoo.core.plugins import enumerate_plugins 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "signatures.network", globals(), 11 | Signature, {} 12 | ) 13 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/ec7d15485840c06c_aumlib.log: -------------------------------------------------------------------------------- 1 | 2016-08-26T05:45:21: >>> Adobe Updater Log Begin >>> 2 | 2016-08-26T05:45:21: logFile: = C:\Users\Administrator\AppData\Local\Adobe\Updater6\aumLib.log 3 | 2016-08-26T05:45:21: logLevel: = 2 4 | 2016-08-26T05:45:21: Vista IE Protected Mode:No 5 | 2016-08-26T05:45:21: In AUMDoPluginAction(...) 6 | 2016-08-26T05:45:21: appIdentifierreader9rdr-en_US 7 | 2016-08-26T05:45:21: Has admin priv. 8 | 2016-08-26T05:45:21: ForkUpdater. 9 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/common/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | class CuckooError(Exception): 7 | pass 8 | 9 | class CuckooPackageError(Exception): 10 | pass 11 | 12 | class CuckooDisableModule(CuckooError): 13 | """Exception for disabling a module dynamically.""" 14 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/common/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | class CuckooError(Exception): 7 | pass 8 | 9 | class CuckooPackageError(Exception): 10 | pass 11 | 12 | class CuckooDisableModule(CuckooError): 13 | """Exception for disabling a module dynamically.""" 14 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/common/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | from lib.common.results import NetlogFile 7 | 8 | def send_file(name, data): 9 | """Send file to result server""" 10 | nf = NetlogFile(name) 11 | nf.sock.sendall(data) 12 | nf.close() 13 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/android/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import Signature 7 | from cuckoo.core.plugins import enumerate_plugins 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "signatures.android", globals(), 11 | Signature, dict(platform="android") 12 | ) 13 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/darwin/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import Signature 7 | from cuckoo.core.plugins import enumerate_plugins 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "signatures.darwin", globals(), 11 | Signature, dict(platform="darwin") 12 | ) 13 | -------------------------------------------------------------------------------- /cuckoo/data/signatures/windows/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.abstracts import Signature 7 | from cuckoo.core.plugins import enumerate_plugins 8 | 9 | plugins = enumerate_plugins( 10 | __file__, "signatures.windows", globals(), 11 | Signature, dict(platform="windows") 12 | ) 13 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/machines/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file "docs/LICENSE" for copying permission. 5 | 6 | from django.conf.urls import url 7 | 8 | from cuckoo.web.controllers.machines.api import MachinesApi 9 | 10 | urlpatterns = [ 11 | url(r"^api/list/$", MachinesApi.list), 12 | url(r"^api/view/(?P\w+)/$", MachinesApi.view), 13 | ] 14 | -------------------------------------------------------------------------------- /tests/files/conf/110_plain/auxiliary.conf: -------------------------------------------------------------------------------- 1 | [sniffer] 2 | # Enable or disable the use of an external sniffer (tcpdump) [yes/no]. 3 | enabled = yes 4 | 5 | # Specify the path to your local installation of tcpdump. Make sure this 6 | # path is correct. 7 | tcpdump = /usr/sbin/tcpdump 8 | 9 | # Specify the network interface name on which tcpdump should monitor the 10 | # traffic. Make sure the interface is active. 11 | interface = vboxnet0 12 | 13 | # Specify a Berkeley packet filter to pass to tcpdump. 14 | # bpf = not arp 15 | -------------------------------------------------------------------------------- /tests/files/conf/120_5vms/auxiliary.conf: -------------------------------------------------------------------------------- 1 | [sniffer] 2 | # Enable or disable the use of an external sniffer (tcpdump) [yes/no]. 3 | enabled = yes 4 | 5 | # Specify the path to your local installation of tcpdump. Make sure this 6 | # path is correct. 7 | tcpdump = /usr/sbin/tcpdump 8 | 9 | # Specify the network interface name on which tcpdump should monitor the 10 | # traffic. Make sure the interface is active. 11 | interface = vboxnet0 12 | 13 | # Specify a Berkeley packet filter to pass to tcpdump. 14 | # bpf = not arp 15 | -------------------------------------------------------------------------------- /tests/files/conf/120_plain/auxiliary.conf: -------------------------------------------------------------------------------- 1 | [sniffer] 2 | # Enable or disable the use of an external sniffer (tcpdump) [yes/no]. 3 | enabled = yes 4 | 5 | # Specify the path to your local installation of tcpdump. Make sure this 6 | # path is correct. 7 | tcpdump = /usr/sbin/tcpdump 8 | 9 | # Specify the network interface name on which tcpdump should monitor the 10 | # traffic. Make sure the interface is active. 11 | interface = vboxnet0 12 | 13 | # Specify a Berkeley packet filter to pass to tcpdump. 14 | # bpf = not arp 15 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/bin.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class Shellcode(Package): 9 | """Shellcode (any x86 executable code) analysis package.""" 10 | 11 | def start(self, path): 12 | return self.execute("bin/execsc.exe", args=[path]) 13 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_navbar.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | .navbar { 8 | 9 | &-brand, 10 | &-nav li a { 11 | line-height: 40px; 12 | height: 40px; 13 | padding-top: 0; 14 | } 15 | 16 | &-fixed-top { 17 | min-height: 30px; 18 | 19 | li a img { 20 | margin: 5px 0px 10px 20px; 21 | height: 34px; 22 | } 23 | } 24 | 25 | } -------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/dndupload_simple.hbs: -------------------------------------------------------------------------------- 1 |
2 |
3 | 4 | 5 | 6 |
{{title}}
7 | 8 | {{#if html}} 9 | {{{html}}} 10 | {{/if}} 11 | 12 | 0 13 |
14 |
-------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/packages/macho.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | from os import system 7 | from lib.core.packages import Package 8 | 9 | class Macho(Package): 10 | """ Mach-O executable analysys package. """ 11 | 12 | def prepare(self): 13 | # Make sure that our target is executable 14 | system("/bin/chmod +x \"%s\"" % self.target) 15 | -------------------------------------------------------------------------------- /cuckoo/private/cwd/init-pre.jinja2: -------------------------------------------------------------------------------- 1 | {{ "="*71 }} 2 | {{ yellow("Welcome to Cuckoo Sandbox, this appears to be your first run!") }} 3 | We will now set you up with our default configuration. 4 | You will be able to see and modify the Cuckoo configuration, 5 | Yara rules, Cuckoo Signatures, and much more to your likings 6 | by exploring the {{ red(cwd()) }} directory. 7 | 8 | Among other configurable items of most interest is the 9 | new location for your Cuckoo configuration: 10 | {{ red(cwd("conf")) }} 11 | {{ "="*71 }} 12 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/4d0a2590e997_node_task_index.py: -------------------------------------------------------------------------------- 1 | """node task index 2 | 3 | Revision ID: 4d0a2590e997 4 | Revises: 166078eb1311 5 | Create Date: 2015-06-30 15:46:11.780052 6 | 7 | """ 8 | 9 | revision = "4d0a2590e997" 10 | down_revision = "166078eb1311" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | 16 | def upgrade(): 17 | op.create_index("ix_node_task", "task", ["node_id", "task_id"], unique=True) 18 | 19 | def downgrade(): 20 | op.drop_index("ix_node_task", table_name="task") 21 | -------------------------------------------------------------------------------- /cuckoo/web/src/tasks/bower.js: -------------------------------------------------------------------------------- 1 | var gulp = require('gulp'); 2 | var assets = require('gulp-bower-assets'); 3 | 4 | /** 5 | * BOWER task 6 | * @description: hooks up bower files using gulp-bower-assets 7 | */ 8 | module.exports = function() { 9 | 10 | // select the assets.json file for parsing 11 | return gulp.src('assets.json') 12 | 13 | // run gulp-bower-assets to concat the bower files 14 | .pipe(assets({ 15 | prefix: false 16 | })) 17 | 18 | // output to vendor folder in the assets directory of dit 19 | .pipe(gulp.dest('../static')); 20 | 21 | } -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/summary/_url.html: -------------------------------------------------------------------------------- 1 |
2 |

URL Details

3 |
4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
URL
{{report.analysis.target.url}}
16 |
17 |
18 | -------------------------------------------------------------------------------- /cuckoo/web/templates/partials/dns-badge.html: -------------------------------------------------------------------------------- 1 |
2 | {{a.type}} 3 | 4 | {% if a.type == "CNAME" %} 5 | {{a.data|linebreaksbr}} 6 | {% elif a.type == "A" and ":" not in a.data %} 7 | {{a.data|linebreaksbr}} 8 | {% else %} 9 | {{a.data|linebreaksbr}} 10 | {% endif %} 11 | 12 |
-------------------------------------------------------------------------------- /tests/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | class chdir(object): 8 | """Temporarily change the current directory.""" 9 | 10 | def __init__(self, dirpath): 11 | self.dirpath = dirpath 12 | 13 | def __enter__(self): 14 | self.origpath = os.getcwd() 15 | os.chdir(self.dirpath) 16 | 17 | def __exit__(self, type_, value, traceback): 18 | os.chdir(self.origpath) 19 | -------------------------------------------------------------------------------- /stuff/rawdb.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import IPython 7 | import os.path 8 | import sys 9 | 10 | from cuckoo.core.database import * 11 | from cuckoo.misc import decide_cwd 12 | 13 | if __name__ == "__main__": 14 | decide_cwd(exists=True) 15 | 16 | db = Database() 17 | db.connect() 18 | db.engine.echo = True 19 | s = db.Session() 20 | 21 | IPython.start_ipython(user_ns=locals()) 22 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/script.py.mako: -------------------------------------------------------------------------------- 1 | """${message} 2 | 3 | Revision ID: ${up_revision} 4 | Revises: ${down_revision | comma,n} 5 | Create Date: ${create_date} 6 | 7 | """ 8 | 9 | revision = ${repr(up_revision)} 10 | down_revision = ${repr(down_revision)} 11 | branch_labels = ${repr(branch_labels)} 12 | depends_on = ${repr(depends_on)} 13 | 14 | from alembic import op 15 | import sqlalchemy as sa 16 | ${imports if imports else ""} 17 | 18 | def upgrade(): 19 | ${upgrades if upgrades else "pass"} 20 | 21 | def downgrade(): 22 | ${downgrades if downgrades else "pass"} 23 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/files/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file "docs/LICENSE" for copying permission. 4 | 5 | from django.conf.urls import url 6 | 7 | from cuckoo.web.controllers.files.api import FilesApi 8 | 9 | urlpatterns = [ 10 | url(r"^api/view/md5/(?P\w+)/$", FilesApi.view), 11 | url(r"^api/view/sha256/(?P\w+)/$", FilesApi.view), 12 | url(r"^api/view/id/(?P\d+)/$", FilesApi.view), 13 | url(r"^api/get/(?P\w+)/$", FilesApi.get) 14 | ] 15 | -------------------------------------------------------------------------------- /cuckoo/web/src/tasks/handlebars.js: -------------------------------------------------------------------------------- 1 | var gulp = require('gulp'); 2 | var handlebars = require('gulp-handlebars'); 3 | var concat = require('gulp-concat'); 4 | var declare = require('gulp-declare'); 5 | var wrap = require('gulp-wrap'); 6 | 7 | module.exports = function() { 8 | 9 | return gulp.src('./handlebars/*.hbs') 10 | .pipe(handlebars()) 11 | .pipe(wrap('Handlebars.template(<%= contents %>)')) 12 | .pipe(declare({ 13 | namespace: 'HANDLEBARS_TEMPLATES', 14 | noRedeclare: true 15 | })) 16 | .pipe(concat('handlebars-templates.js')) 17 | .pipe(gulp.dest('../static/js')); 18 | 19 | } -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/msi.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class Msi(Package): 9 | """MSI analysis package.""" 10 | 11 | PATHS = [ 12 | ("System32", "msiexec.exe"), 13 | ] 14 | 15 | def start(self, path): 16 | msi_path = self.get_path("msiexec.exe") 17 | return self.execute(msi_path, args=["/I", path]) 18 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/151400d38e03_node_status_timestamp_index.py: -------------------------------------------------------------------------------- 1 | """node status timestamp index 2 | 3 | Revision ID: 151400d38e03 4 | Revises: 4d0a2590e997 5 | Create Date: 2015-07-15 15:53:56.016839 6 | 7 | """ 8 | 9 | revision = "151400d38e03" 10 | down_revision = "4d0a2590e997" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | 16 | def upgrade(): 17 | op.create_index("ix_node_status_timestamp", "node_status", ["timestamp"], unique=False) 18 | 19 | def downgrade(): 20 | op.drop_index("ix_node_status_timestamp", table_name="node_status") 21 | -------------------------------------------------------------------------------- /tests/windows/test_screenshot.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import mock 6 | 7 | from modules.auxiliary.screenshots import Screenshots 8 | 9 | @mock.patch("modules.auxiliary.screenshots.log") 10 | @mock.patch("modules.auxiliary.screenshots.Screenshot") 11 | def test_log_info(p, q): 12 | s = Screenshots() 13 | 14 | p.return_value.have_pil.return_value = False 15 | s.run() 16 | 17 | q.info.assert_called_once() 18 | q.warning.assert_not_called() 19 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/cpl.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class CPL(Package): 9 | """Control Panel Applet analysis package.""" 10 | PATHS = [ 11 | ("System32", "control.exe"), 12 | ] 13 | 14 | def start(self, path): 15 | control = self.get_path("control.exe") 16 | return self.execute(control, args=[path]) 17 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/ff.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class Firefox(Package): 9 | """Firefox analysis package.""" 10 | PATHS = [ 11 | ("ProgramFiles", "Mozilla Firefox", "firefox.exe"), 12 | ] 13 | 14 | def start(self, url): 15 | firefox = self.get_path("Firefox") 16 | return self.execute(firefox, args=[url]) 17 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/vbs.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class VBS(Package): 9 | """VBS analysis package.""" 10 | PATHS = [ 11 | ("System32", "wscript.exe"), 12 | ] 13 | 14 | def start(self, path): 15 | wscript = self.get_path("WScript") 16 | return self.execute(wscript, args=[path], trigger="file:%s" % path) 17 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_ipconnections_tcp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | int main(int argc, char *argv[]) 8 | { 9 | int sd = socket(AF_INET, SOCK_STREAM, 0); 10 | assert(sd > 0); 11 | 12 | struct sockaddr_in addr; 13 | memset(&addr, 0, sizeof(addr)); 14 | addr.sin_family = AF_INET; 15 | addr.sin_addr.s_addr = inet_addr("127.0.0.1"); 16 | addr.sin_port = htons(80); 17 | 18 | int ret = connect(sd, (struct sockaddr *)&addr , sizeof(addr)); 19 | 20 | return close(sd) && ret == 0; 21 | } 22 | -------------------------------------------------------------------------------- /tests/windows/test_recentfiles.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os.path 6 | 7 | from modules.auxiliary.recentfiles import RecentFiles 8 | 9 | def test_get_path(): 10 | s = RecentFiles() 11 | 12 | s.options = {} 13 | assert "Documents" in s.get_path() 14 | assert os.path.isdir(s.get_path()) 15 | 16 | s.options = { 17 | "recentfiles": "desktop", 18 | } 19 | assert "Desktop" in s.get_path() 20 | assert os.path.isdir(s.get_path()) 21 | -------------------------------------------------------------------------------- /cuckoo/apps/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from .apps import ( 6 | fetch_community, submit_tasks, process_tasks, process_task, 7 | process_task_range, cuckoo_clean, cuckoo_machine, migrate_database, 8 | migrate_cwd 9 | ) 10 | 11 | from .api import cuckoo_api 12 | from .distributed import cuckoo_distributed, cuckoo_distributed_instance 13 | from .dnsserve import cuckoo_dnsserve 14 | from .import_ import import_cuckoo 15 | from .rooter import cuckoo_rooter 16 | -------------------------------------------------------------------------------- /cuckoo/distributed/misc.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.misc import cwd 6 | 7 | class settings(object): 8 | """Settings object containing the various configurable components of 9 | Distributed Cuckoo.""" 10 | 11 | def init_settings(): 12 | s = {} 13 | execfile(cwd("distributed", "settings.py"), s) 14 | 15 | for key, value in s.items(): 16 | if key.startswith("_"): 17 | continue 18 | 19 | setattr(settings, key, value) 20 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_breadcrumbs.scss: -------------------------------------------------------------------------------- 1 | .breadcrumbs { 2 | display: flex; 3 | list-style: none; 4 | padding: 0; 5 | margin: 0 0 5px; 6 | font-size: 11px; 7 | 8 | & > li { 9 | 10 | & > a { 11 | text-decoration: none; 12 | color: #337AB7; 13 | } 14 | 15 | &.done > a { 16 | text-decoration: line-through; 17 | } 18 | &.active > a { 19 | font-weight: 700; 20 | } 21 | &.todo > a, 22 | &.done > a { 23 | opacity: .36; 24 | } 25 | 26 | &:not(:last-child):after { 27 | @extend .fa; 28 | content: "\f101"; 29 | margin: 0 15px; 30 | color: #337AB7; 31 | } 32 | 33 | } 34 | 35 | } -------------------------------------------------------------------------------- /docs/book/installation/guest/cloning.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Cloning the Virtual Machine 3 | =========================== 4 | 5 | In case you planned to use more than one virtual machine, there's no need to 6 | repeat all the steps done so far: you can clone it. In this way you'll have 7 | a copy of the original virtualized Windows with all requirements already 8 | installed. 9 | 10 | The new virtual machine will also contain all the settings of the original one, 11 | which is not good. Now you need to proceed repeating the steps explained in 12 | :doc:`network`, :doc:`agent` and :doc:`saving` for this new machine. 13 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_dtruss_children.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | int main(int argc, char *argv[]) 10 | { 11 | write(1, "Hello, I'm parent!", 18); 12 | 13 | pid_t child = fork(); 14 | assert(child >= 0); 15 | 16 | if (child == 0) { 17 | // child 18 | write(1, "Hello from child!", 17); 19 | } else { 20 | // parent 21 | printf("Hello again from the parent! My child is %d\n", child); 22 | int status; 23 | wait(&status); 24 | } 25 | 26 | 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /tests/darwin/test_analyzer.py_: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | import unittest 7 | from analyzer.darwin.lib.core.osx import set_wallclock 8 | 9 | class TestAnalyzer(unittest.TestCase): 10 | 11 | def test_set_wallclock(self): 12 | # given 13 | clock_str = "20151203T15:23:43" 14 | # when 15 | result = set_wallclock(clock_str, just_testing=True) 16 | # then 17 | self.assertEqual(result, "sudo date 1203152315.43") 18 | -------------------------------------------------------------------------------- /cuckoo/distributed/views/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | __all__ = ["blueprints"] 8 | blueprints = [] 9 | 10 | for fname in os.listdir(os.path.dirname(__file__)): 11 | if fname.endswith(".py") and not fname.startswith("__init__"): 12 | view = __import__("cuckoo.distributed.views.%s" % fname.rstrip(".py"), 13 | globals(), locals(), ["blueprint", "routes"], -1) 14 | blueprints.append((view.blueprint, view.routes)) 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Python byte code 2 | *.pyc 3 | 4 | # Certificates 5 | *.pem 6 | *.cert 7 | 8 | # .map files (css/js debugging) 9 | *.map 10 | 11 | # OS generated files 12 | .DS_Store* 13 | .AppleDouble 14 | ehthumbs.db 15 | Icon? 16 | Thumbs.db 17 | 18 | # Development files 19 | docs/book/_build/ 20 | .idea/ 21 | .project 22 | .pydevproject 23 | 24 | # Python package stuff 25 | .eggs/ 26 | .cache 27 | Cuckoo.egg-info/ 28 | venv 29 | lib/python2.7/ 30 | build/ 31 | dist/ 32 | local/ 33 | 34 | # Cuckoo package stuff 35 | cuckoo/private/.cwd 36 | 37 | # Frontend compilation services 38 | node_modules/ 39 | bower_components/ 40 | .sass-cache/ 41 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/4b86bc0d40aa_node_mode.py: -------------------------------------------------------------------------------- 1 | """node mode 2 | 3 | Revision ID: 4b86bc0d40aa 4 | Revises: 2aa59981b59d 5 | Create Date: 2015-09-09 00:04:56.119968 6 | 7 | """ 8 | 9 | revision = "4b86bc0d40aa" 10 | down_revision = "2aa59981b59d" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | import sqlalchemy as sa 16 | 17 | def upgrade(): 18 | op.add_column("node", sa.Column("mode", sa.Text())) 19 | op.execute("update node set mode = 'normal'") 20 | op.alter_column("node", "mode", nullable=False) 21 | 22 | def downgrade(): 23 | op.drop_column("node", "mode") 24 | -------------------------------------------------------------------------------- /cuckoo/web/dashboard/views.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from django.views.decorators.http import require_safe 6 | 7 | from cuckoo.common.config import config 8 | from cuckoo.misc import version 9 | from cuckoo.web.utils import render_template 10 | 11 | @require_safe 12 | def index(request): 13 | report = { 14 | "machinery": config("cuckoo:cuckoo:machinery"), 15 | "version": version, 16 | } 17 | return render_template(request, "dashboard/index.html", report=report) 18 | -------------------------------------------------------------------------------- /docs/README: -------------------------------------------------------------------------------- 1 | README 2 | 3 | The documentation for installing, using and customizing Cuckoo Sandbox is 4 | available under different forms and formats. 5 | 6 | Under "docs/book/" you can find the complete Cuckoo Sandbox Book Sphinx 7 | sources to build the book as well as the compiled book in different formats: 8 | * HTML 9 | * PDF 10 | * Text 11 | 12 | Under "epydoc/" you'll find the Python documentation of Cuckoo's libs and apis 13 | generated by Epydoc. This directory contains two sub-directories: "host" and 14 | "guest", containing references for Cuckoo's Host and Guest components 15 | respectively. 16 | -------------------------------------------------------------------------------- /cuckoo/private/whitelist/domain.txt: -------------------------------------------------------------------------------- 1 | java.com 2 | www.msn.com 3 | www.bing.com 4 | windows.microsoft.com 5 | go.microsoft.com 6 | static-hp-eas.s-msn.com 7 | img-s-msn-com.akamaized.net 8 | sdlc-esd.oracle.com 9 | javadl.sun.com 10 | res2.windows.microsoft.com 11 | res1.windows.microsoft.com 12 | img.s-msn.com 13 | js.microsoft.com 14 | fbstatic-a.akamaihd.net 15 | ajax.microsoft.com 16 | ajax.aspnetcdn.com 17 | ieonline.microsoft.com 18 | api.bing.com 19 | schemas.microsoft.com 20 | www.w3.org 21 | dns.msftncsi.com 22 | teredo.ipv6.microsoft.com 23 | time.windows.com 24 | dns.msftncsi.com 25 | ocsp.msocsp.com 26 | ocsp.omniroot.com 27 | crl.microsoft.com 28 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_panel.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | .panel { 8 | 9 | border: 1px solid #d0d0d0; 10 | 11 | &-heading { 12 | padding: 5px 8px; 13 | font-weight: bold; 14 | 15 | .glyphicon { 16 | color: #646464; 17 | button & { 18 | line-height: 1.6; 19 | } 20 | } 21 | } 22 | 23 | &-title { 24 | margin-top: 6px; 25 | } 26 | 27 | &-body { 28 | #domains &, 29 | #host & { 30 | padding:0; 31 | } 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/common/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import random 6 | import string 7 | 8 | def random_string(minimum, maximum=None): 9 | if maximum is None: 10 | maximum = minimum 11 | 12 | count = random.randint(minimum, maximum) 13 | return "".join(random.choice(string.ascii_letters) for x in xrange(count)) 14 | 15 | def random_integer(digits): 16 | start = 10 ** (digits - 1) 17 | end = (10 ** digits) - 1 18 | return random.randint(start, end) 19 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/modules/packages/generic.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2015-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | from lib.common.abstracts import Package 8 | 9 | class Generic(Package): 10 | """Generic analysis package. Uses shell based execution.""" 11 | 12 | def __init__(self, *args, **kwargs): 13 | Package.__init__(self, *args, **kwargs) 14 | self.seen_pids = set() 15 | 16 | def start(self, path): 17 | os.chmod(path, 0o755) 18 | return self.execute(["sh", "-c", path]) 19 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/_tree_process.html: -------------------------------------------------------------------------------- 1 |
  • 2 | {{process.process_name}} ({{process.pid}}) 3 | {{ process.command_line }} 4 | {% if process.children %} 5 |
      6 | {% for child in process.children %} 7 | {% with process=child template_name="analysis/pages/behavior/_tree_process.html" %} 8 | {% include template_name %} 9 | {% endwith %} 10 | {% endfor %} 11 |
    12 | {% endif %} 13 |
    • 14 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_yarascan.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | {% for row in report.analysis.memory.yarascan.data|volsort %} 11 | 12 | 13 | 14 | 15 | 16 | {% endfor %} 17 | 18 |
    OwnerRuleHexdump
    {{row.owner}}{{row.rule}}
    {{row.hexdump}}
    19 | -------------------------------------------------------------------------------- /cuckoo/common/constants.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2011-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | CUCKOO_GUEST_PORT = 8000 7 | CUCKOO_GUEST_INIT = 0x001 8 | CUCKOO_GUEST_RUNNING = 0x002 9 | CUCKOO_GUEST_COMPLETED = 0x003 10 | CUCKOO_GUEST_FAILED = 0x004 11 | GITHUB_URL = "https://github.com/cuckoosandbox/cuckoo" 12 | ISSUES_PAGE_URL = "https://github.com/cuckoosandbox/cuckoo/issues" 13 | DOCS_URL = "https://cuckoo.sh/docs" 14 | 15 | def faq(entry): 16 | return "%s/faq/index.html#%s" % (DOCS_URL, entry) 17 | -------------------------------------------------------------------------------- /docs/book/installation/guest/index.rst: -------------------------------------------------------------------------------- 1 | =================== 2 | Preparing the Guest 3 | =================== 4 | 5 | At this point you should have configured the Cuckoo host component and you 6 | should have designed and defined the number and the names of the virtual 7 | machines you are going to use for malware execution. 8 | 9 | Now it's time to create such machines and to configure them properly. The 10 | following documentation details the entire setup guide for Windows-based 11 | Guests. For Linux Guests, please read :doc:`linux`. 12 | 13 | .. toctree:: 14 | 15 | creation 16 | requirements 17 | network 18 | agent 19 | saving 20 | cloning 21 | -------------------------------------------------------------------------------- /tests/files/pdf0.pdf: -------------------------------------------------------------------------------- 1 | %PDF-1.5 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R /OpenAction 5 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [4 0 R] /Count 1 >> endobj 4 0 obj << /Type /Page /Pages 3 0 R /MediaBox [0 0 612 792] >> endobj 5 0 obj << /Type /Action /S /JavaScript /JS 6 0 R >> endobj 6 0 obj << /Length 101 >> stream var x = unescape('%48%65%6c%6c%6f%20%57%6f%72%6c%64'); for (var i = 0; i < 5; i++) { alert(x); } endstream endobj xref 0 7 0000000000 65535 f 0000000017 00000 n 0000000127 00000 n 0000000182 00000 n 0000000252 00000 n 0000000340 00000 n 0000000415 00000 n trailer << /Size 7 /Root 1 0 R >> startxref 414 %%EOF -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/common/hashing.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | BUFSIZE = 1024*1024 6 | 7 | 8 | def hash_file(method, path): 9 | """Calculates an hash on a file by path. 10 | @param method: callable hashing method 11 | @param path: file path 12 | @return: computed hash string 13 | """ 14 | f = open(path, "rb") 15 | h = method() 16 | while True: 17 | buf = f.read(BUFSIZE) 18 | if not buf: 19 | break 20 | h.update(buf) 21 | return h.hexdigest() 22 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/common/constants.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | import tempfile 7 | from lib.common.utils import random_string 8 | 9 | ROOT = os.path.join(tempfile.gettempdir(), random_string(6, 10)) 10 | 11 | PATHS = {"root" : ROOT, 12 | "logs" : os.path.join(ROOT, "logs"), 13 | "files" : os.path.join(ROOT, "files"), 14 | "shots" : os.path.join(ROOT, "shots"), 15 | "memory" : os.path.join(ROOT, "memory"), 16 | "drop" : os.path.join(ROOT, "drop")} 17 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/core/constants.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | from tempfile import gettempdir 7 | from ..common.rand import random_string 8 | 9 | ROOT = os.path.join(gettempdir() + os.sep, random_string(6, 10)) 10 | 11 | PATHS = { 12 | "root" : ROOT, 13 | "logs" : os.path.join(ROOT, "logs"), 14 | "files" : os.path.join(ROOT, "files"), 15 | "shots" : os.path.join(ROOT, "shots"), 16 | "memory" : os.path.join(ROOT, "memory"), 17 | "drop" : os.path.join(ROOT, "drop") 18 | } 19 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/network/_irc.html: -------------------------------------------------------------------------------- 1 |

    IRC traffic

    2 | {% if report.analysis.network.irc %} 3 | 4 | 5 | 6 | 7 | 8 | 9 | {% for irc in report.analysis.network.irc %} 10 | 11 | 12 | 13 | 14 | 15 | {% endfor %} 16 |
    CommandParamsType
    {{irc.command}}{{irc.params}}{{irc.type}}
    17 | {% else %} 18 |

    No IRC requests performed.

    19 | {% endif %} -------------------------------------------------------------------------------- /tests/test_defines.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.defines import PUBLICKEYSTRUC, RSAPUBKEY, REG_DWORD 6 | 7 | def test_defines(): 8 | a = PUBLICKEYSTRUC.from_buffer_copy("A"*8) 9 | assert a.type == 0x41 10 | assert a.version == 0x41 11 | assert a.reserved == 0x4141 12 | assert a.algid == 0x41414141 13 | 14 | a = RSAPUBKEY.from_buffer_copy("A"*12) 15 | assert a.magic == 0x41414141 16 | assert a.bitlen == 0x41414141 17 | assert a.pubexp == 0x41414141 18 | 19 | assert REG_DWORD == 4 20 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/2aa59981b59d_node_task_not_unique.py: -------------------------------------------------------------------------------- 1 | """node task not unique 2 | 3 | Revision ID: 2aa59981b59d 4 | Revises: 151400d38e03 5 | Create Date: 2015-07-17 10:54:27.568346 6 | 7 | """ 8 | 9 | revision = "2aa59981b59d" 10 | down_revision = "151400d38e03" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | 16 | def upgrade(): 17 | op.drop_index("ix_node_task", table_name="task") 18 | op.create_index("ix_node_task", "task", ["node_id", "task_id"]) 19 | 20 | def downgrade(): 21 | op.drop_index("ix_node_task", table_name="task") 22 | op.create_index("ix_node_task", "task", ["node_id", "task_id"], unique=True) 23 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/_chunk.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {% for call in chunk.calls %} 13 | 14 | {% include "analysis/pages/behavior/_api_call.html" %} 15 | 16 | {% endfor %} 17 | 18 |
    Time & APIArgumentsStatusReturnRepeated
    19 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/script.py.mako: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """${message} 6 | 7 | Revision ID: ${up_revision} 8 | Revises: ${down_revision} 9 | Create Date: ${create_date} 10 | 11 | """ 12 | 13 | # Revision identifiers, used by Alembic. 14 | revision = ${repr(up_revision)} 15 | down_revision = ${repr(down_revision)} 16 | 17 | from alembic import op 18 | import sqlalchemy as sa 19 | ${imports if imports else ""} 20 | 21 | def upgrade(): 22 | ${upgrades if upgrades else "pass"} 23 | 24 | def downgrade(): 25 | ${downgrades if downgrades else "pass"} 26 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_application-message.scss: -------------------------------------------------------------------------------- 1 | .app-message { 2 | position: fixed; 3 | bottom: 25px; 4 | left: 25px; 5 | 6 | width: 400px; 7 | height: auto; 8 | background-color: #222; 9 | border-radius: 4px; 10 | color: #fff; 11 | padding: 15px; 12 | 13 | z-index: 1000; 14 | 15 | & > h5 { 16 | margin-top: 0; 17 | .fa { 18 | margin-right: 10px; 19 | } 20 | } 21 | 22 | & > p { 23 | margin-bottom: 15px; 24 | 25 | a { 26 | color: #6297F8; 27 | font-weight: 700; 28 | } 29 | } 30 | 31 | @include cuckoo-theme('cyborg') { 32 | border: 2px solid #999; 33 | } 34 | 35 | @include cuckoo-theme('night') { 36 | background-color: #000; 37 | border: 2px solid #999; 38 | } 39 | } -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/partials/_tree.html: -------------------------------------------------------------------------------- 1 | 5 | 12 | 13 |
      14 | {% for process in report.analysis.behavior.processtree|filter_key_if_has:"track" %} 15 | {% include "analysis/pages/behavior/partials/_process.html" %} 16 | {% endfor %} 17 |
    18 | -------------------------------------------------------------------------------- /docs/book/installation/guest_physical/index.rst: -------------------------------------------------------------------------------- 1 | ====================================== 2 | Preparing the Guest (Physical Machine) 3 | ====================================== 4 | 5 | .. warning:: 6 | This chapter only applies for a Physical Machine setup! For normal Cuckoo 7 | usage please ignore it. 8 | 9 | At this point you should have configured the Cuckoo host component and you 10 | should have designed and defined the number and the names of the physical 11 | machines you are going to use for malware execution. 12 | 13 | Now it's time to create such machines and to configure them properly. 14 | 15 | .. toctree:: 16 | 17 | creation 18 | requirements 19 | network 20 | agent 21 | saving 22 | -------------------------------------------------------------------------------- /tests/files/conf/040_plain/reporting.conf: -------------------------------------------------------------------------------- 1 | # Enable or disable the available reporting modules [on/off]. 2 | # If you add a custom reporting module to your Cuckoo setup, you have to add 3 | # a dedicated entry in this file, or it won't be executed. 4 | # You can also add additional options under the section of your module and 5 | # they will be available in your Python class. 6 | 7 | [jsondump] 8 | enabled = on 9 | 10 | [reporthtml] 11 | enabled = on 12 | 13 | [pickled] 14 | enabled = off 15 | 16 | [metadata] 17 | enabled = off 18 | 19 | [maec11] 20 | enabled = off 21 | 22 | [mongodb] 23 | enabled = off 24 | 25 | [hpfclient] 26 | enabled = off 27 | host = 28 | port = 10000 29 | ident = 30 | secret = 31 | channel = 32 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_ipconnections_target_with_args.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | void send_tcp(const char *remote, const int port) 8 | { 9 | int sd = socket(AF_INET, SOCK_STREAM, 0); 10 | assert(sd > 0); 11 | 12 | struct sockaddr_in addr; 13 | memset(&addr, 0, sizeof(addr)); 14 | addr.sin_family = AF_INET; 15 | addr.sin_addr.s_addr = inet_addr(remote); 16 | addr.sin_port = htons(port); 17 | 18 | connect(sd, (struct sockaddr *)&addr , sizeof(addr)); 19 | close(sd); 20 | } 21 | 22 | int main(int argc, char *argv[]) 23 | { 24 | send_tcp(argv[1], 80); 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/hta.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | from lib.common.abstracts import Package 8 | 9 | class HTA(Package): 10 | """HTA analysis package.""" 11 | PATHS = [ 12 | ("System32", "mshta.exe"), 13 | ] 14 | 15 | def start(self, path): 16 | mshta = self.get_path("mshta") 17 | 18 | # Enforce .hta extension. 19 | if not path.endswith(".hta"): 20 | os.rename(path, path + ".hta") 21 | path += ".hta" 22 | 23 | return self.execute(mshta, args=[path]) 24 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/lib/common/hashing.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | BUFSIZE = 1024*1024 7 | 8 | 9 | def hash_file(method, path): 10 | """Calculates an hash on a file by path. 11 | @param method: callable hashing method 12 | @param path: file path 13 | @return: computed hash string 14 | """ 15 | f = open(path, "rb") 16 | h = method() 17 | while True: 18 | buf = f.read(BUFSIZE) 19 | if not buf: 20 | break 21 | h.update(buf) 22 | return h.hexdigest() 23 | -------------------------------------------------------------------------------- /stuff/android/anti-vm/fake-drivers: -------------------------------------------------------------------------------- 1 | /dev/tty /dev/tty 5 0 system:/dev/tty 2 | /dev/console /dev/console 5 1 system:console 3 | /dev/ptmx /dev/ptmx 5 2 system 4 | /dev/vc/0 /dev/vc/0 4 0 system:vtmaster 5 | rfcomm /dev/rfcomm 216 0-255 serial 6 | acm /dev/ttyACM 166 0-31 serial 7 | hso /dev/ttyHS 243 0-255 serial 8 | msm_serial_hsl /dev/ttyHSL 247 0-2 serial 9 | msm_serial_hs /dev/ttyHS 248 0-255 serial 10 | pty_slave /dev/pts 136 0-1048575 pty:slave 11 | pty_master /dev/ptm 128 0-1048575 pty:master 12 | unknown /dev/tty 4 1-63 console 13 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_nav.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | .nav { 8 | 9 | & > li { 10 | & > a { 11 | &:hover { 12 | text-decoration: none; 13 | cursor:pointer; 14 | background-color: #eee; 15 | 16 | &.btn-primary { 17 | background-color: #337ab7; 18 | border-color: #2e6da4; 19 | } 20 | } 21 | } 22 | } 23 | 24 | &-pills > li.active a { 25 | color: #4c4c4c; 26 | background-color: #eee; 27 | &:focus, 28 | &:hover { 29 | color: #4c4c4c; 30 | background-color: #eee; 31 | } 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_callbacks.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | {% for row in report.analysis.memory.callbacks.data|volsort %} 12 | 13 | 14 | 15 | 16 | 17 | 18 | {% endfor %} 19 | 20 |
    TypeCallbackModuleDetails
    {{row.type}}{{row.callback}}{{row.module}}{{row.details}}
    21 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_malfind.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | {% for row in report.analysis.memory.malfind.data|volsort %} 12 | 13 | 14 | 15 | 16 | 17 | 18 | {% endfor %} 19 | 20 |
    PIDProcess NameStartTag
    {{row.process_id}}{{row.process_name}}{{row.vad_start}}{{row.vad_tag}}
    21 | -------------------------------------------------------------------------------- /tests/files/conf/040_plain/kvm.conf: -------------------------------------------------------------------------------- 1 | [kvm] 2 | # Specify a comma-separated list of available machines to be used. For each 3 | # specified ID you have to define a dedicated section containing the details 4 | # on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3) 5 | machines = cuckoo1 6 | 7 | [cuckoo1] 8 | # Specify the label name of the current machine as specified in your 9 | # libvirt configuration. 10 | label = cuckoo1 11 | 12 | # Specify the operating system platform used by current machine 13 | # [windows/darwin/linux]. 14 | platform = windows 15 | 16 | # Specify the IP address of the current machine. Make sure that the IP address 17 | # is valid and that the host machine is able to reach it. If not, the analysis 18 | # will fail. 19 | ip = 192.168.122.105 20 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/modules/packages/default_browser.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | from lib.common.abstracts import Package 7 | from lib.api.adb import execute_browser 8 | 9 | class default_browser(Package): 10 | """Default Browser analysis package.""" 11 | def __init__(self, options={}): 12 | super(default_browser, self).__init__(options) 13 | 14 | def start(self, target): 15 | execute_browser(target) 16 | 17 | def check(self): 18 | return True 19 | 20 | def finish(self): 21 | return True 22 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/exe.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import os 7 | import shlex 8 | 9 | from lib.common.abstracts import Package 10 | 11 | class Exe(Package): 12 | """EXE analysis package.""" 13 | 14 | def start(self, path): 15 | args = self.options.get("arguments", "") 16 | 17 | name, ext = os.path.splitext(path) 18 | if not ext: 19 | new_path = name + ".exe" 20 | os.rename(path, new_path) 21 | path = new_path 22 | 23 | return self.execute(path, args=shlex.split(args)) 24 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_1_2_to_20c1-add_task_owner.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2014 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """Added task owner used by Distributed Cuckoo (from Cuckoo 1.2 to 2.0-rc1) 6 | 7 | Revision ID: 3aa42d870199 8 | Revises: 18eee46c6f81 9 | Create Date: 2014-12-04 11:19:49.388410 10 | """ 11 | 12 | # Revision identifiers, used by Alembic. 13 | revision = "3aa42d870199" 14 | down_revision = "495d5a6edef3" 15 | 16 | from alembic import op 17 | import sqlalchemy as sa 18 | 19 | def upgrade(): 20 | op.add_column("tasks", sa.Column("owner", sa.String(length=64), nullable=True)) 21 | 22 | def downgrade(): 23 | pass 24 | -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/task.json: -------------------------------------------------------------------------------- 1 | {"started_on": {"$dt": "2016-08-25T22:44:58.917943"}, "duration": 66, "sample_id": 83, "owner": "", "id": 2204, "category": "file", "priority": 374289732472983, "guest": {"status": "stopped", "name": "cuckoo1", "label": "cuckoo7", "manager": "VirtualBox", "started_on": "2016-08-25 22:44:59", "shutdown_on": "2016-08-25 22:46:00"}, "clock": {"$dt": "2016-08-25T22:44:56.778393"}, "custom": "", "machine": "", "platform": "", "memory": false, "status": "reported", "tags": [], "processing": null, "enforce_timeout": false, "completed_on": {"$dt": "2016-08-25T22:46:05.179941"}, "target": "/home/test/git/samples/CVE-2011-0611.pdf_", "package": "pdf", "route": "none", "timeout": 0, "options": {"human": "0"}, "added_on": {"$dt": "2016-08-25T22:44:56.778411"}} -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/common/hashing.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import hashlib 6 | 7 | BUFSIZE = 1024*1024 8 | 9 | def sha256_file(path): 10 | return hash_file(hashlib.sha256, path) 11 | 12 | def hash_file(method, path): 13 | """Calculates an hash on a file by path. 14 | @param method: callable hashing method 15 | @param path: file path 16 | @return: computed hash string 17 | """ 18 | f = open(path, "rb") 19 | h = method() 20 | while True: 21 | buf = f.read(BUFSIZE) 22 | if not buf: 23 | break 24 | h.update(buf) 25 | return h.hexdigest() 26 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_20c2_to_200_error_action.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """action element for error (from Cuckoo 2.0-rc2 to 2.0.0) 6 | 7 | Revision ID: 181be2111077 8 | Revises: ef1ecf216392 9 | Create Date: 2017-02-23 15:11:39.711902 10 | 11 | """ 12 | 13 | # Revision identifiers, used by Alembic. 14 | revision = "181be2111077" 15 | down_revision = "ef1ecf216392" 16 | 17 | from alembic import op 18 | import sqlalchemy as sa 19 | 20 | def upgrade(): 21 | op.add_column( 22 | "errors", sa.Column("action", sa.String(length=64), nullable=True) 23 | ) 24 | 25 | def downgrade(): 26 | pass 27 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_tooltip.scss: -------------------------------------------------------------------------------- 1 | // basic jquery ui styles 2 | .ui-tooltip { 3 | padding: 8px; 4 | position: absolute; 5 | z-index: 9999; 6 | max-width: 300px; 7 | } 8 | body .ui-tooltip { 9 | border-width: 2px; 10 | } 11 | 12 | // cuckoo tooltip style 13 | .cuckoo-tooltip { 14 | background-color: #f5f5f5; 15 | border: 1px solid rgba($cuckoo_secundary_color, .1); 16 | padding: 15px; 17 | border-radius: 4px; 18 | 19 | &.tree-tip { 20 | font-size: 12px; 21 | padding: 3px; 22 | max-width: 70%; 23 | word-wrap: break-word; 24 | pointer-events: none; 25 | } 26 | 27 | @include cuckoo-theme('cyborg') { 28 | background-color: $cyborg_panel_color; 29 | border-color: $cyborg_border_color; 30 | color: $cyborg_text_color; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/darwin/assets/test_ipconnections_tcp_with_timeout.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | void send_tcp(const char *remote, const int port) 8 | { 9 | int sd = socket(AF_INET, SOCK_STREAM, 0); 10 | assert(sd > 0); 11 | 12 | struct sockaddr_in addr; 13 | memset(&addr, 0, sizeof(addr)); 14 | addr.sin_family = AF_INET; 15 | addr.sin_addr.s_addr = inet_addr(remote); 16 | addr.sin_port = htons(port); 17 | 18 | connect(sd, (struct sockaddr *)&addr , sizeof(addr)); 19 | close(sd); 20 | } 21 | 22 | int main(int argc, char *argv[]) 23 | { 24 | send_tcp("127.0.0.1", 80); 25 | sleep(5); 26 | send_tcp("127.0.0.1", 80); 27 | 28 | return 0; 29 | } 30 | -------------------------------------------------------------------------------- /tests/test_common.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import tempfile 6 | 7 | from cuckoo.common.virustotal import VirusTotalAPI 8 | from cuckoo.main import cuckoo_create 9 | from cuckoo.misc import set_cwd 10 | 11 | def test_vt_init(): 12 | set_cwd(tempfile.mkdtemp()) 13 | cuckoo_create(cfg={ 14 | "processing": { 15 | "virustotal": { 16 | "key": "hello", 17 | "timeout": 32, 18 | "scan": False, 19 | }, 20 | }, 21 | }) 22 | v = VirusTotalAPI() 23 | assert v.apikey == "hello" 24 | assert v.timeout == 32 25 | assert v.scan is False 26 | -------------------------------------------------------------------------------- /cuckoo/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo import ( 7 | auxiliary, machinery, processing, reporting 8 | ) 9 | 10 | from cuckoo.misc import version as __version__ 11 | 12 | signatures = [] 13 | 14 | # Don't include machinery here as its data structure is different from the 15 | # other plugins - of which multiple are in use at any time. 16 | plugins = { 17 | "auxiliary": auxiliary.plugins, 18 | "machinery": machinery.plugins.values(), 19 | "processing": processing.plugins, 20 | "reporting": reporting.plugins, 21 | "signatures": signatures, 22 | } 23 | -------------------------------------------------------------------------------- /cuckoo/data/yara/binaries/shellcodes.yar: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2010-2014 Cuckoo Foundation. 2 | // This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | // See the file 'docs/LICENSE' for copying permission. 4 | 5 | rule shellcode 6 | { 7 | meta: 8 | author = "nex" 9 | description = "Matched shellcode byte patterns" 10 | 11 | strings: 12 | $mz = { 4d 5a } 13 | $shell1 = { 64 8b 64 } 14 | $shell2 = { 64 a1 30 } 15 | $shell3 = { 64 8b 15 30 } 16 | $shell4 = { 64 8b 35 30 } 17 | $shell5 = { 55 8b ec 83 c4 } 18 | $shell6 = { 55 8b ec 81 ec } 19 | $shell7 = { 55 8b ec e8 } 20 | $shell8 = { 55 8b ec e9 } 21 | condition: 22 | not ($mz at 0) and 23 | any of ($shell*) 24 | } 25 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/network/_icmp.html: -------------------------------------------------------------------------------- 1 |

    ICMP traffic

    2 | {% if report.analysis.network.icmp %} 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | {% for packet in report.analysis.network.icmp %} 11 | 12 | 13 | 14 | 15 | 16 | 17 | {% endfor %} 18 |
    SourceDestinationICMP TypeData
    {{packet.src}}{{packet.dst}}{{packet.type}}{{packet.data}}
    19 | {% else %} 20 |

    No ICMP traffic performed.

    21 | {% endif %} -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/core/osx.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | from os import system 7 | from datetime import datetime 8 | 9 | def set_wallclock(clock_str, **kwargs): 10 | clock = datetime.strptime(clock_str, "%Y%m%dT%H:%M:%S") 11 | # NOTE: On OS X there's `date` utility that accepts 12 | # new date/time as a string of the folowing format: 13 | # {month}{day}{hour}{minutes}{year}.{seconds} 14 | # where every {x} is a 2 digit number. 15 | cmd = "sudo date {0}".format(clock.strftime("%m%d%H%M%y.%S")) 16 | 17 | if "just_testing" in kwargs: 18 | return cmd 19 | else: 20 | system(cmd) 21 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_1_2_to_20c1-machine_options.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | """machine options (from Cuckoo 1.2 to 2.0-rc1) 7 | 8 | Revision ID: cd31654d187 9 | Revises: 1583656cb935 10 | Create Date: 2015-12-16 11:07:59.948819 11 | 12 | """ 13 | 14 | # revision identifiers, used by Alembic. 15 | revision = "cd31654d187" 16 | down_revision = "1583656cb935" 17 | 18 | from alembic import op 19 | import sqlalchemy as sa 20 | 21 | def upgrade(): 22 | op.add_column("machines", sa.Column("options", sa.String(length=255), nullable=True)) 23 | 24 | def downgrade(): 25 | pass 26 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_1_2_to_20c1-taken-route.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | """taken route for a task (from Cuckoo 1.2 to 2.0-rc1) 7 | 8 | Revision ID: 1070cd314621 9 | Revises: 4a04f40d4ab4 10 | Create Date: 2015-11-21 23:10:04.724813 11 | 12 | """ 13 | 14 | # revision identifiers, used by Alembic. 15 | revision = "1070cd314621" 16 | down_revision = "4a04f40d4ab4" 17 | 18 | from alembic import op 19 | import sqlalchemy as sa 20 | 21 | def upgrade(): 22 | op.add_column("tasks", sa.Column("route", sa.String(length=16), nullable=True)) 23 | 24 | def downgrade(): 25 | pass 26 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_1_2_to_20c1-processing-column.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | """processing column (from Cuckoo 1.2 to 2.0-rc1) 7 | 8 | Revision ID: 4a04f40d4ab4 9 | Revises: 3aa42d870199 10 | Create Date: 2015-11-15 00:57:32.068872 11 | 12 | """ 13 | 14 | # revision identifiers, used by Alembic. 15 | revision = "4a04f40d4ab4" 16 | down_revision = "3aa42d870199" 17 | 18 | from alembic import op 19 | import sqlalchemy as sa 20 | 21 | def upgrade(): 22 | op.add_column("tasks", sa.Column("processing", sa.String(length=16), nullable=True)) 23 | 24 | def downgrade(): 25 | pass 26 | -------------------------------------------------------------------------------- /tests/files/conf/120_5vms/reporting.conf: -------------------------------------------------------------------------------- 1 | # Enable or disable the available reporting modules [on/off]. 2 | # If you add a custom reporting module to your Cuckoo setup, you have to add 3 | # a dedicated entry in this file, or it won't be executed. 4 | # You can also add additional options under the section of your module and 5 | # they will be available in your Python class. 6 | 7 | [jsondump] 8 | enabled = yes 9 | indent = 4 10 | encoding = latin-1 11 | 12 | [reporthtml] 13 | enabled = yes 14 | 15 | [mmdef] 16 | enabled = no 17 | 18 | [maec40] 19 | enabled = no 20 | mode = overview 21 | processtree = true 22 | output_handles = false 23 | static = true 24 | strings = true 25 | virustotal = true 26 | 27 | [mongodb] 28 | enabled = no 29 | host = 127.0.0.1 30 | port = 27017 31 | db = cuckoo 32 | store_memdump = yes -------------------------------------------------------------------------------- /tests/files/conf/120_plain/reporting.conf: -------------------------------------------------------------------------------- 1 | # Enable or disable the available reporting modules [on/off]. 2 | # If you add a custom reporting module to your Cuckoo setup, you have to add 3 | # a dedicated entry in this file, or it won't be executed. 4 | # You can also add additional options under the section of your module and 5 | # they will be available in your Python class. 6 | 7 | [jsondump] 8 | enabled = yes 9 | indent = 4 10 | encoding = latin-1 11 | 12 | [reporthtml] 13 | enabled = yes 14 | 15 | [mmdef] 16 | enabled = no 17 | 18 | [maec40] 19 | enabled = no 20 | mode = overview 21 | processtree = true 22 | output_handles = false 23 | static = true 24 | strings = true 25 | virustotal = true 26 | 27 | [mongodb] 28 | enabled = no 29 | host = 127.0.0.1 30 | port = 27017 31 | db = cuckoo 32 | store_memdump = yes -------------------------------------------------------------------------------- /tests/darwin/assets/test_ipconnections_udp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | int main(int argc, char *argv[]) 11 | { 12 | int sd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); 13 | assert(sd > 0); 14 | 15 | struct sockaddr_in addr; 16 | memset(&addr, 0, sizeof(addr)); 17 | addr.sin_family = AF_INET; 18 | inet_pton(AF_INET, "127.0.0.1", &addr.sin_addr); 19 | addr.sin_port = htons(53); 20 | 21 | char *request = "hi, i like you"; 22 | int ret = sendto(sd, request, strlen(request), 0, (struct sockaddr*)&addr, sizeof(addr)); 23 | assert(ret >= 0); 24 | 25 | close(sd); 26 | 27 | return EXIT_SUCCESS; 28 | } 29 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_1_2_to_20c1-guest_status.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | """guest status (from Cuckoo 1.2 to 2.0-rc1) 7 | 8 | Revision ID: 1583656cb935 9 | Revises: 1070cd314621 10 | Create Date: 2015-12-15 14:25:27.379967 11 | 12 | """ 13 | 14 | # revision identifiers, used by Alembic. 15 | revision = "1583656cb935" 16 | down_revision = "1070cd314621" 17 | 18 | from alembic import op 19 | import sqlalchemy as sa 20 | 21 | def upgrade(): 22 | op.add_column("guests", sa.Column("status", sa.String(length=16), nullable=False, server_default="stopped")) 23 | 24 | def downgrade(): 25 | pass 26 | -------------------------------------------------------------------------------- /cuckoo/web/controllers/pcap/api.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | from cuckoo.misc import cwd 8 | from cuckoo.web.utils import json_error_response, file_response, api_get 9 | 10 | class PcapApi: 11 | @api_get 12 | def get(request, task_id): 13 | file_path = cwd("dump.pcap", analysis=task_id) 14 | if not os.path.exists(file_path): 15 | return json_error_response("File not found") 16 | 17 | return file_response( 18 | data=open(file_path, "rb"), 19 | filename="analysis_pcap_dump_%s.pcap" % str(task_id), 20 | content_type="application/octet-stream; charset=UTF-8" 21 | ) 22 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/alembic.ini: -------------------------------------------------------------------------------- 1 | # A generic, single database configuration. 2 | 3 | [alembic] 4 | # path to migration scripts 5 | script_location = . 6 | 7 | # Logging configuration 8 | [loggers] 9 | keys = root,sqlalchemy,alembic 10 | 11 | [handlers] 12 | keys = console 13 | 14 | [formatters] 15 | keys = generic 16 | 17 | [logger_root] 18 | level = WARN 19 | handlers = console 20 | qualname = 21 | 22 | [logger_sqlalchemy] 23 | level = WARN 24 | handlers = 25 | qualname = sqlalchemy.engine 26 | 27 | [logger_alembic] 28 | level = INFO 29 | handlers = 30 | qualname = alembic 31 | 32 | [handler_console] 33 | class = StreamHandler 34 | args = (sys.stderr,) 35 | level = NOTSET 36 | formatter = generic 37 | 38 | [formatter_generic] 39 | format = %(levelname)-5.5s [%(name)s] %(message)s 40 | datefmt = %H:%M:%S 41 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/network/_http.html: -------------------------------------------------------------------------------- 1 | {% if report.analysis.network.http_ex or report.analysis.network.https_ex %} 2 | 3 |
    4 | {% for http in report.analysis.network.https_ex %} 5 | {% include "partials/http-request.html" with http=http %} 6 | {% endfor %} 7 | {% for http in report.analysis.network.http_ex %} 8 | {% include "partials/http-request.html" with http=http %} 9 | {% endfor %} 10 |
    11 | 12 | {% else %} 13 | 14 |
    15 |
    16 |
    17 |

    No traffic

    18 |
    19 |
    20 |
    21 | 22 | {% endif %} -------------------------------------------------------------------------------- /cuckoo/web/src/gulpfile.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | /* 8 | require dependencies: 9 | gulp 10 | gulp-task-loader 11 | */ 12 | var gulp = require('gulp'); 13 | 14 | /* 15 | this script will read all modules in ./tasks and executes them 16 | as gulp task functions. All tasks can be used here by their names. 17 | */ 18 | require('gulp-task-loader')('./tasks'); 19 | 20 | // define the default task when 'gulp' is called from the CLI 21 | gulp.task('default', ['bower','styles','scripts','scripts-submission','handlebars','watch']); 22 | 23 | // task for ONLY building to static 24 | gulp.task('build', ['bower','styles','scripts','scripts-submission','handlebars']); 25 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_tcp.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | /* tcp-flow.scss */ 8 | .tcp { 9 | 10 | &-flow { 11 | list-style-type: none; 12 | 13 | li { 14 | margin-bottom: 20px; 15 | } 16 | } 17 | 18 | &-out pre { 19 | padding: 0; 20 | border: 0; 21 | background-color: white; 22 | color: #d9534f; 23 | } 24 | 25 | &-in { 26 | 27 | padding-left: 100px; 28 | 29 | pre { 30 | padding: 0; 31 | border: 0; 32 | background-color: white; 33 | color: #5bc0de; 34 | } 35 | 36 | } 37 | 38 | } -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/jar.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from lib.common.abstracts import Package 7 | 8 | class Jar(Package): 9 | """Java analysis package.""" 10 | PATHS = [ 11 | ("ProgramFiles", "Java", "jre*", "bin", "java.exe"), 12 | ] 13 | 14 | def start(self, path): 15 | java = self.get_path_glob("Java") 16 | class_path = self.options.get("class") 17 | 18 | if class_path: 19 | args = ["-cp", path, class_path] 20 | else: 21 | args = ["-jar", path] 22 | 23 | return self.execute(java, args=args, trigger="file:%s" % path) 24 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/common/constants.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | import os 7 | import string 8 | import random 9 | 10 | def _rand_string(a, b): 11 | return "".join(random.choice(string.ascii_lowercase) for x in xrange(random.randint(a, b))) 12 | 13 | ROOT = os.path.join("/data/local/tmp", _rand_string(6, 10)) 14 | 15 | PATHS = { 16 | "root" : ROOT, 17 | "logs" : os.path.join(ROOT, "logs"), 18 | "files" : os.path.join(ROOT, "files"), 19 | "shots" : os.path.join(ROOT, "shots"), 20 | "memory" : os.path.join(ROOT, "memory"), 21 | "drop" : os.path.join(ROOT, "drop") 22 | } 23 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/env.py: -------------------------------------------------------------------------------- 1 | from alembic import context 2 | from sqlalchemy import create_engine, pool 3 | 4 | from cuckoo.distributed.db import db 5 | from cuckoo.distributed.misc import init_settings, settings 6 | 7 | from cuckoo.misc import set_cwd 8 | 9 | set_cwd(context.get_x_argument(as_dictionary=True)["cwd"]) 10 | init_settings() 11 | 12 | config = context.config 13 | 14 | def run_migrations(): 15 | engine = create_engine(settings.SQLALCHEMY_DATABASE_URI, 16 | poolclass=pool.NullPool) 17 | 18 | connection = engine.connect() 19 | context.configure(connection=connection, target_metadata=db.metadata) 20 | 21 | try: 22 | with context.begin_transaction(): 23 | context.run_migrations() 24 | finally: 25 | connection.close() 26 | 27 | run_migrations() 28 | -------------------------------------------------------------------------------- /tests/files/conf/110_plain/reporting.conf: -------------------------------------------------------------------------------- 1 | # Enable or disable the available reporting modules [on/off]. 2 | # If you add a custom reporting module to your Cuckoo setup, you have to add 3 | # a dedicated entry in this file, or it won't be executed. 4 | # You can also add additional options under the section of your module and 5 | # they will be available in your Python class. 6 | 7 | [jsondump] 8 | enabled = yes 9 | 10 | [reporthtml] 11 | enabled = yes 12 | 13 | [mmdef] 14 | enabled = no 15 | 16 | [maec40] 17 | enabled = no 18 | mode = overview 19 | processtree = true 20 | output_handles = false 21 | static = true 22 | strings = true 23 | virustotal = true 24 | 25 | [mongodb] 26 | enabled = no 27 | host = 127.0.0.1 28 | port = 27017 29 | 30 | [hpfclient] 31 | enabled = no 32 | host = 33 | port = 10000 34 | ident = 35 | secret = 36 | channel = 37 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/core/packages.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | def choose_package(file_type, file_name): 7 | """Choose analysis package due to file type and file extension. 8 | @param file_type: file type. 9 | @return: package or None. 10 | """ 11 | if not file_type: 12 | return None 13 | 14 | file_type = file_type.lower() 15 | file_name = file_name.lower() 16 | 17 | if "apk" in file_name: 18 | return "apk" 19 | elif "zip" in file_type: 20 | return "apk" 21 | # elif "DEX" in file_type: 22 | # return "dex" 23 | else: 24 | return "apk" 25 | -------------------------------------------------------------------------------- /cuckoo/web/src/tasks/watch.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | /* 8 | require node dependencies: 9 | gulp 10 | gulp-watch 11 | */ 12 | var gulp = require('gulp'); 13 | var watch = require('gulp-watch'); 14 | 15 | /* 16 | return Gulp function() 17 | - initiates watchers for static building 18 | */ 19 | module.exports = function() { 20 | // starts a watcher RECURSIVE on all .scss files in /src/scss and assigns 'styles' as task 21 | gulp.watch('scss/**/*.scss', ['styles']); 22 | gulp.watch(['scripts/**/*.js','!scripts/submission/**/*.js'], ['scripts']); 23 | gulp.watch('scripts/submission/**/*.js', ['scripts-submission']); 24 | gulp.watch('handlebars/**/*.hbs', ['handlebars']); 25 | } -------------------------------------------------------------------------------- /docs/AUTHORS: -------------------------------------------------------------------------------- 1 | AUTHORS 2 | 3 | Cuckoo is the result of the work and efforts of many people. Some main developers 4 | and some friends and users who kindly provided us with feedback and new features. 5 | You'll find contributions to the code mentioned in the specific source files. 6 | 7 | DEVELOPERS: 8 | Claudio "nex" Guarnieri Lead Developer @botherder 9 | Alessandro "jekil" Tanasi Core Developer @jekil 10 | Jurriaan "skier" Bremer Core Developer @skier_t 11 | Mark "rep" Schloesser Core Developer @repmovsb 12 | 13 | CONTRIBUTORS: 14 | A list of up-to-date contributors can be found at the following URL. 15 | http://docs.cuckoosandbox.org/en/latest/finalremarks/#people 16 | 17 | Thanks to the whole community and mailing list members who submitted bug 18 | reports and suggested new features. 19 | -------------------------------------------------------------------------------- /tests/test_netlog.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.common.netlog import ( 7 | pointer_converter_32bit, pointer_converter_64bit 8 | ) 9 | 10 | def test_pointer_repr(): 11 | assert pointer_converter_32bit(0) == "0x00000000" 12 | assert pointer_converter_32bit(1) == "0x00000001" 13 | assert pointer_converter_32bit(0xffffffff) == "0xffffffff" 14 | 15 | assert pointer_converter_64bit(0) == "0x0000000000000000" 16 | assert pointer_converter_64bit(1) == "0x0000000000000001" 17 | assert pointer_converter_64bit(0xffffffff) == "0x00000000ffffffff" 18 | assert pointer_converter_64bit(0xffffffffffffffff) == "0xffffffffffffffff" 19 | -------------------------------------------------------------------------------- /cuckoo/web/web/headers.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | from cuckoo.misc import version 7 | 8 | class CuckooHeaders(object): 9 | """Set Cuckoo custom response headers.""" 10 | 11 | def process_response(self, request, response): 12 | response["Server"] = "Machete Server" 13 | response["X-Cuckoo-Version"] = version 14 | response["X-Content-Type-Options"] = "nosniff" 15 | response["X-Frame-Options"] = "DENY" 16 | response["X-XSS-Protection"] = "1; mode=block" 17 | response["Pragma"] = "no-cache" 18 | response["Cache-Control"] = "no-cache" 19 | response["Expires"] = "0" 20 | return response 21 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_apihooks.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {% for row in report.analysis.memory.apihooks.data|volsort %} 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | {% endfor %} 21 | 22 |
    PIDProcess NameVictim FunctionHook TypeHooking Module
    {{row.process_id}}{{row.process_name}}{{row.victim_function}}{{row.hook_type}}{{row.hooking_module}}
    23 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/reboot.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import logging 6 | 7 | from lib.common.abstracts import Package 8 | 9 | log = logging.getLogger(__name__) 10 | 11 | class Reboot(Package): 12 | """Reboot analysis package.""" 13 | 14 | def _handle_create_process(self, filepath, command_line, source): 15 | self.pids.append(self.execute(filepath, command_line)) 16 | 17 | def start(self, path): 18 | for category, args in self.analyzer.reboot: 19 | if not hasattr(self, "_handle_%s" % category): 20 | log.warning("Unhandled reboot command: %s", category) 21 | continue 22 | 23 | getattr(self, "_handle_%s" % category)(*args) 24 | -------------------------------------------------------------------------------- /tests/files/conf/120_5vms/physical.conf: -------------------------------------------------------------------------------- 1 | [physical] 2 | # Specify a comma-separated list of available machines to be used. For each 3 | # specified ID you have to define a dedicated section containing the details 4 | # on the respective machine. (E.g. physical1,physical2,physical3) 5 | machines = physical1 6 | 7 | # Credentials to access the machine 8 | user = username 9 | password = password 10 | 11 | [physical1] 12 | # Specify the label name of the current machine as specified in your 13 | # physical machine configuration. 14 | label = physical1 15 | 16 | # Specify the operating system platform used by current machine 17 | # [windows/darwin/linux]. 18 | platform = windows 19 | 20 | # Specify the IP address of the current machine. Make sure that the IP address 21 | # is valid and that the host machine is able to reach it. If not, the analysis 22 | # will fail. 23 | ip = 192.168.56.101 24 | -------------------------------------------------------------------------------- /tests/files/conf/120_plain/physical.conf: -------------------------------------------------------------------------------- 1 | [physical] 2 | # Specify a comma-separated list of available machines to be used. For each 3 | # specified ID you have to define a dedicated section containing the details 4 | # on the respective machine. (E.g. physical1,physical2,physical3) 5 | machines = physical1 6 | 7 | # Credentials to access the machine 8 | user = username 9 | password = password 10 | 11 | [physical1] 12 | # Specify the label name of the current machine as specified in your 13 | # physical machine configuration. 14 | label = physical1 15 | 16 | # Specify the operating system platform used by current machine 17 | # [windows/darwin/linux]. 18 | platform = windows 19 | 20 | # Specify the IP address of the current machine. Make sure that the IP address 21 | # is valid and that the host machine is able to reach it. If not, the analysis 22 | # will fail. 23 | ip = 192.168.56.101 24 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/3cc1509b7fdc_node_status.py: -------------------------------------------------------------------------------- 1 | """node status 2 | 3 | Revision ID: 3cc1509b7fdc 4 | Revises: 37c08c9655bb 5 | Create Date: 2015-03-30 17:14:39.604125 6 | 7 | """ 8 | 9 | revision = "3cc1509b7fdc" 10 | down_revision = "37c08c9655bb" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | import sqlalchemy as sa 16 | 17 | def upgrade(): 18 | op.create_table( 19 | "node_status", 20 | sa.Column("id", sa.Integer(), nullable=False), 21 | sa.Column("node_id", sa.Integer(), nullable=True), 22 | sa.Column("timestamp", sa.DateTime(), nullable=False), 23 | sa.Column("status", sa.Text(), nullable=False), 24 | sa.ForeignKeyConstraint(["node_id"], ["node.id"]), 25 | sa.PrimaryKeyConstraint("id") 26 | ) 27 | 28 | def downgrade(): 29 | op.drop_table("node_status") 30 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_devicetree.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | {% for row in report.analysis.memory.devicetree.data|volsort %} 11 | 12 | 13 | 14 | 21 | 22 | {% endfor %} 23 | 24 |
    Driver NameDriver OffsetDevices
    {{row.driver_name}}{{row.driver_offset}} 15 | {% for device in row.devices %} 16 | {% if device.device_name %} 17 | {{device.device_name}}, 18 | {% endif %} 19 | {% endfor %} 20 |
    25 | -------------------------------------------------------------------------------- /cuckoo/common/defines.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2017 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import ctypes as c 7 | 8 | from cuckoo.misc import Structure 9 | 10 | REG_NONE = 0 11 | REG_SZ = 1 12 | REG_EXPAND_SZ = 2 13 | REG_BINARY = 3 14 | REG_DWORD_LITTLE_ENDIAN = 4 15 | REG_DWORD = 4 16 | REG_DWORD_BIG_ENDIAN = 5 17 | 18 | class PUBLICKEYSTRUC(Structure): 19 | _pack_ = 1 20 | _fields_ = [ 21 | ("type", c.c_ubyte), 22 | ("version", c.c_ubyte), 23 | ("reserved", c.c_ushort), 24 | ("algid", c.c_uint), 25 | ] 26 | 27 | class RSAPUBKEY(Structure): 28 | _pack_ = 1 29 | _fields_ = [ 30 | ("magic", c.c_uint), 31 | ("bitlen", c.c_uint), 32 | ("pubexp", c.c_uint), 33 | ] 34 | -------------------------------------------------------------------------------- /cuckoo/web/src/handlebars/dashboard-table.hbs: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | {{#each entries}} 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | {{/each}} 26 | 27 | {{#if lessEntries}} 28 | 29 | 30 | 31 | {{/if}} 32 | 33 | 34 | 35 |
    #DateFilePackageScore
    {{id}}{{added_on}}{{target}}{{package}}{{score}} / 10
    No more results
    -------------------------------------------------------------------------------- /cuckoo/web/src/bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cuckoo-frontend", 3 | "description": "", 4 | "main": "index.js", 5 | "authors": [ 6 | "Koen Houtman " 7 | ], 8 | "license": "ISC", 9 | "homepage": "https://github.com/cuckoosandbox/cuckoo", 10 | "ignore": [ 11 | "**/.*", 12 | "node_modules", 13 | "bower_components", 14 | "test", 15 | "tests" 16 | ], 17 | "devDependencies": { 18 | "font-awesome": "fontawesome#^4.7.0", 19 | "handlebars": "^3.0.0", 20 | "font-roboto": "^0.0.2", 21 | "string": "stringjs#^3.3.3", 22 | "moment": "^2.17.1", 23 | "chart.js": "^2.5.0", 24 | "bootstrap": "^3.3.7", 25 | "js-cookie": "^2.1.4", 26 | "datatables": "^1.10.13", 27 | "highlight": "^9.10.0", 28 | "jquery-ui": "^1.12.1", 29 | "bowser": "browser#^1.6.1", 30 | "Split.js": "^1.2.0", 31 | "bourbon": "^4.3.4" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /cuckoo/web/templates/submission/_errors.html: -------------------------------------------------------------------------------- 1 | {% if submit.data.errors %} 2 |
    3 |

    4 | 5 | Errors 6 | Hide 7 |

    8 | 9 |

    Some of the submitted data could not be processed.

    10 | 11 | 19 |
    20 | {% endif %} -------------------------------------------------------------------------------- /tests/files/sample_analysis_storage/files/e7d514c4fbc84d2d_aum.log: -------------------------------------------------------------------------------- 1 | 2016-08-25T22:45:22: >>> Adobe Updater Log Begin >>> 2 | 2016-08-26T05:45:22: cmdline option: -logFile = C:\Users\Administrator\AppData\Local\Adobe\Updater6\aum.log 3 | 2016-08-26T05:45:22: cmdline option: -logLevel = 2 4 | 2016-08-26T05:45:22: Display Language requested = 5 | 2016-08-26T05:45:22: Valid AppID added from global xml file = reader9rdr-en_US 6 | 2016-08-26T05:45:22: Could not load adobe_aum2pcd.dll 7 | 2016-08-26T05:45:22: No Startup mode specified. 8 | 2016-08-26T05:45:22: GetAppIDUpdates: getting available update info for AppID: reader9rdr-en_US 9 | 2016-08-26T05:45:34: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd 10 | 2016-08-26T05:45:34: GetAppIDUpdates: GetManifestProcessingError = 2 11 | 2016-08-26T05:45:34: GetAppIDUpdates: getting available update info for AppID: AdobeUpdater 12 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_modscan.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {% for row in report.analysis.memory.modscan.data|volsort %} 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | {% endfor %} 21 | 22 |
    Base AddressOffsetNameFileSize
    {{row.kernel_module_base}}{{row.kernel_module_offset}}{{row.kernel_module_name}}{{row.kernel_module_file}}{{row.kernel_module_size}}
    23 | -------------------------------------------------------------------------------- /cuckoo/private/distributed/migration/versions/3d1d8fd2cdbb_timestamps.py: -------------------------------------------------------------------------------- 1 | """timestamps 2 | 3 | Revision ID: 3d1d8fd2cdbb 4 | Revises: 69ecf07a99b 5 | Create Date: 2015-06-03 22:55:51.357575 6 | 7 | """ 8 | 9 | revision = "3d1d8fd2cdbb" 10 | down_revision = "69ecf07a99b" 11 | branch_labels = None 12 | depends_on = None 13 | 14 | from alembic import op 15 | import sqlalchemy as sa 16 | 17 | def upgrade(): 18 | op.add_column("task", sa.Column("submitted", sa.DateTime(), nullable=True)) 19 | op.add_column("task", sa.Column("delegated", sa.DateTime(), nullable=True)) 20 | op.add_column("task", sa.Column("started", sa.DateTime(), nullable=True)) 21 | op.add_column("task", sa.Column("completed", sa.DateTime(), nullable=True)) 22 | 23 | def downgrade(): 24 | op.drop_column("task", "submitted") 25 | op.drop_column("task", "started") 26 | op.drop_column("task", "delegated") 27 | op.drop_column("task", "completed") 28 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_sockscan.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {% for row in report.analysis.memory.sockscan.data|volsort %} 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | {% endfor %} 23 | 24 |
    OffsetPIDLocal AddressLocal PortProtocolCreation Time
    {{row.offset}}{{row.process_id}}{{row.address}}{{row.port}}{{row.protocol}}{{row.create_time}}
    25 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/wsf.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import logging 6 | import os 7 | 8 | from lib.common.abstracts import Package 9 | 10 | log = logging.getLogger(__name__) 11 | 12 | class WSF(Package): 13 | """Windows Scripting File analysis package.""" 14 | PATHS = [ 15 | ("System32", "wscript.exe"), 16 | ] 17 | 18 | def start(self, path): 19 | wscript = self.get_path("WScript") 20 | 21 | # Enforce the .wsf file extension as is required by wscript. 22 | if not path.endswith(".wsf"): 23 | os.rename(path, path + ".wsf") 24 | path += ".wsf" 25 | log.info("Submitted file is missing extension, added .wsf") 26 | 27 | return self.execute(wscript, args=[path], trigger="file:%s" % path) 28 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_0_6_to_1_1_tasks_tags_relation.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """tasks tags relation 6 | 7 | Revision ID: 263a45963c72 8 | Revises: 5aa718cc79e1 9 | Create Date: 2017-02-07 00:37:15.017423 10 | 11 | """ 12 | 13 | # Revision identifiers, used by Alembic. 14 | revision = "263a45963c72" 15 | down_revision = "5aa718cc79e1" 16 | 17 | from alembic import op 18 | import sqlalchemy as sa 19 | 20 | def upgrade(): 21 | op.create_table( 22 | "tasks_tags", 23 | sa.Column("task_id", sa.Integer(), nullable=True), 24 | sa.Column("tag_id", sa.Integer(), nullable=True), 25 | sa.ForeignKeyConstraint(["tag_id"], ["tags.id"]), 26 | sa.ForeignKeyConstraint(["task_id"], ["tasks.id"]) 27 | ) 28 | 29 | def downgrade(): 30 | pass 31 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_idt.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {% for row in report.analysis.memory.idt.data|volsort %} 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | {% endfor %} 23 | 24 |
    CPUIndexSelectorAddressModuleSection
    {{row.cpu_number}}{{row.index}}{{row.selector}}{{row.address}}{{row.module}}{{row.section}}
    25 | -------------------------------------------------------------------------------- /cuckoo/core/report.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | class Report(object): 6 | def __init__(self, report): 7 | self.report = report 8 | 9 | def get(self, *keys): 10 | r = self.report 11 | for key in keys: 12 | if key not in r: 13 | return 14 | r = r[key] 15 | return r 16 | 17 | @property 18 | def info(self): 19 | return self.get("info") or {} 20 | 21 | @property 22 | def path(self): 23 | return self.get("info", "analysis_path") 24 | 25 | @property 26 | def feedback(self): 27 | return self.get("feedback") or {} 28 | 29 | @property 30 | def target(self): 31 | return self.get("target") 32 | 33 | @property 34 | def errors(self): 35 | return self.get("debug", "errors") or [] 36 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_timers.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {% for row in report.analysis.memory.timers.data|volsort %} 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | {% endfor %} 23 | 24 |
    OffsetDue TimePeriodSignaledRoutineModule
    {{row.offset}}{{row.due_time}}{{row.period}}{{row.signaled}}{{row.routine}}{{row.module}}
    25 | -------------------------------------------------------------------------------- /tests/windows/test_dumptls.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import mock 6 | 7 | from lib.common.exceptions import CuckooError 8 | from modules.auxiliary.dumptls import DumpTLSMasterSecrets 9 | 10 | @mock.patch("modules.auxiliary.dumptls.Process") 11 | @mock.patch("modules.auxiliary.dumptls.log") 12 | def test_dumptls_regular_user(p, q): 13 | q.return_value.inject.side_effect = CuckooError( 14 | "Error returned by is32bit: process access denied" 15 | ) 16 | DumpTLSMasterSecrets().start() 17 | p.warning.assert_called_once() 18 | assert "Agent as Administrator" in p.warning.call_args_list[0][0][0] 19 | 20 | @mock.patch("modules.auxiliary.dumptls.Process") 21 | @mock.patch("modules.auxiliary.dumptls.log") 22 | def test_dumptls_success(p, q): 23 | DumpTLSMasterSecrets().start() 24 | p.warning.assert_not_called() 25 | -------------------------------------------------------------------------------- /cuckoo/apps/distributed.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2016-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | 7 | from cuckoo.distributed.app import create_app 8 | from cuckoo.distributed.instance import ( 9 | scheduler, status_caching, handle_node 10 | ) 11 | from cuckoo.misc import decide_cwd 12 | 13 | app = None 14 | 15 | def cuckoo_distributed(hostname, port, debug): 16 | app = create_app() 17 | app.run(host=hostname, port=port, debug=debug) 18 | 19 | def cuckoo_distributed_instance(name): 20 | app = create_app() 21 | 22 | with app.app_context(): 23 | if name == "dist.scheduler": 24 | scheduler() 25 | elif name == "dist.status": 26 | status_caching() 27 | else: 28 | handle_node(name) 29 | 30 | if os.environ.get("CUCKOO_APP") == "dist": 31 | decide_cwd(exists=True) 32 | app = create_app() 33 | -------------------------------------------------------------------------------- /cuckoo/common/whitelist.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2015-2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os.path 6 | 7 | from cuckoo.misc import cwd 8 | 9 | domains = set() 10 | 11 | def is_whitelisted_domain(domain): 12 | # Initialize the domain whitelist. 13 | if not domains: 14 | for line in open(cwd("whitelist", "domain.txt", private=True), "rb"): 15 | if not line.strip() or line.startswith("#"): 16 | continue 17 | domains.add(line.strip()) 18 | 19 | # Collect whitelist also from $CWD if available. 20 | if os.path.exists(cwd("whitelist", "domain.txt")): 21 | for line in open(cwd("whitelist", "domain.txt"), "rb"): 22 | if not line.strip() or line.startswith("#"): 23 | continue 24 | domains.add(line.strip()) 25 | 26 | return domain in domains 27 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/js.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import logging 7 | import os 8 | 9 | from lib.common.abstracts import Package 10 | 11 | log = logging.getLogger(__name__) 12 | 13 | class Javascript(Package): 14 | """Javascript analysis package.""" 15 | PATHS = [ 16 | ("System32", "wscript.exe"), 17 | ] 18 | 19 | def start(self, path): 20 | wscript = self.get_path("WScript") 21 | 22 | # Enforce the .js file extension as is required by wscript. 23 | if not path.endswith(".js"): 24 | os.rename(path, path + ".js") 25 | path += ".js" 26 | log.info("Submitted file is missing extension, added .js") 27 | 28 | return self.execute(wscript, args=[path], trigger="file:%s" % path) 29 | -------------------------------------------------------------------------------- /cuckoo/web/templates/base.html: -------------------------------------------------------------------------------- 1 | {%include "header.html" %} 2 |
    3 | {% autoescape on %} 4 | 5 | 13 | 14 | {% block content %}{% endblock %} 15 | {% endautoescape %} 16 |
    17 | {%include "footer.html" %} 18 | -------------------------------------------------------------------------------- /cuckoo/processing/buffer.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import os 7 | 8 | from cuckoo.common.abstracts import Processing 9 | from cuckoo.common.objects import File 10 | 11 | class DroppedBuffer(Processing): 12 | """Dropped buffer analysis.""" 13 | 14 | def run(self): 15 | """Run analysis. 16 | @return: list of dropped files with related information. 17 | """ 18 | self.key = "buffer" 19 | dropped_files = [] 20 | 21 | for dir_name, dir_names, file_names in os.walk(self.buffer_path): 22 | for file_name in file_names: 23 | file_path = os.path.join(dir_name, file_name) 24 | file_info = File(file_path=file_path).get_all() 25 | dropped_files.append(file_info) 26 | 27 | return dropped_files 28 | -------------------------------------------------------------------------------- /cuckoo/web/src/assets.json: -------------------------------------------------------------------------------- 1 | { 2 | "main": { 3 | "js/vendor.js@concat": [ 4 | "jquery/dist/jquery.js", 5 | "bootstrap/dist/js/bootstrap.js", 6 | "datatables/media/js/jquery.dataTables.js", 7 | "datatables/media/js/dataTables.bootstrap.js", 8 | "dataTables/media/js/dataTables.responsive.js", 9 | "highlight/build/highlight.pack.js", 10 | "js-cookie/src/js.cookie.js", 11 | "jquery-ui/jquery-ui.js", 12 | "handlebars/handlebars.js", 13 | "string/dist/string.js", 14 | "moment/moment.js", 15 | "chart.js/dist/Chart.js", 16 | "lightbox2/dist/js/lightbox.js", 17 | "bowser/src/bowser.js" 18 | ], 19 | "css/vendor.css@concat": [ 20 | "font-roboto/dist/styles/roboto.css", 21 | "bootstrap/dist/css/bootstrap.css", 22 | "highlight/src/styles/default.css", 23 | "datatables/media/src/dataTables.bootstrap.css", 24 | "lightbox2/dist/css/lightbox.css" 25 | ], 26 | "fonts@copy": [ 27 | "font-awesome/fonts/*", 28 | "font-roboto/dist/fonts/*" 29 | ] 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /docs/book/installation/index.rst: -------------------------------------------------------------------------------- 1 | .. Installation chapter frontpage 2 | 3 | Installation 4 | ============ 5 | 6 | This chapter explains how to install Cuckoo. 7 | 8 | Although the recommended setup is *GNU/Linux* (Debian or Ubuntu preferably), 9 | Cuckoo has proved to work smoothly on *Mac OS X* and *Microsoft Windows 7* as 10 | host as well. The recommended and tested setup for guests are *Windows XP* and 11 | *64-bit Windows 7* for Windows analysis, *Mac OS X Yosemite* for Mac OS X 12 | analysis, and Debian for Linux Analysis, although Cuckoo should work with 13 | other releases of guest Operating Systems as well. 14 | 15 | .. note:: 16 | 17 | This documentation refers to *Host* as the underlying operating systems on 18 | which you are running Cuckoo (generally being a GNU/Linux distribution) and 19 | to *Guest* as the Windows virtual machine used to run the isolated analysis. 20 | 21 | .. toctree:: 22 | 23 | host/index 24 | guest/index 25 | guest_physical/index 26 | upgrade 27 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/lib/core/config.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | import ConfigParser 7 | 8 | class Config: 9 | def __init__(self, cfg): 10 | """@param cfg: configuration file.""" 11 | config = ConfigParser.ConfigParser(allow_no_value=True) 12 | config.read(cfg) 13 | 14 | for section in config.sections(): 15 | for name, raw_value in config.items(section): 16 | try: 17 | value = config.getboolean(section, name) 18 | except ValueError: 19 | try: 20 | value = config.getint(section, name) 21 | except ValueError: 22 | value = config.get(section, name) 23 | 24 | setattr(self, name, value) 25 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/android/modules/packages/apk.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | # Originally contributed by Check Point Software Technologies, Ltd. 5 | 6 | import logging 7 | 8 | from lib.api.adb import dump_droidmon_logs, execute_sample, install_sample 9 | from lib.common.abstracts import Package 10 | 11 | log = logging.getLogger(__name__) 12 | 13 | class Apk(Package): 14 | """Apk analysis package.""" 15 | def __init__(self, options={}): 16 | super(Apk, self).__init__(options) 17 | 18 | self.package, self.activity = options.get("apk_entry", ":").split(":") 19 | 20 | def start(self, path): 21 | install_sample(path) 22 | execute_sample(self.package, self.activity) 23 | 24 | def check(self): 25 | return True 26 | 27 | def finish(self): 28 | dump_droidmon_logs(self.package) 29 | return True 30 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/_search.html: -------------------------------------------------------------------------------- 1 | 15 | 16 | 29 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/modules/packages/app.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | from os import system, path 7 | from plistlib import readPlist 8 | from lib.core.packages import Package 9 | 10 | class App(Package): 11 | """ OS X application analysys package. """ 12 | 13 | def prepare(self): 14 | # We'll launch an executable file of this .app directly, 15 | # but we need to know what it is, don't we? 16 | info = readPlist(path.join(self.target, "Contents", "Info.plist")) 17 | exe_name = info.get("CFBundleExecutable") 18 | if not exe_name: 19 | raise Exception("Could not locate an executable of the app bundle") 20 | 21 | self.target = path.join(self.target, "Contents", "MacOS", exe_name) 22 | # Make sure that our target is executable 23 | system("/bin/chmod +x \"%s\"" % self.target) 24 | -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_20c2_to_200_tasks_submit_relation.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """tasks-submit-relation (from Cuckoo 2.0-rc2 to 2.0.0) 6 | 7 | Revision ID: ef1ecf216392 8 | Revises: a1c8aab9598e 9 | Create Date: 2017-02-20 21:51:42.014175 10 | 11 | """ 12 | 13 | # Revision identifiers, used by Alembic. 14 | revision = "ef1ecf216392" 15 | down_revision = "a1c8aab9598e" 16 | 17 | from alembic import op 18 | import sqlalchemy as sa 19 | 20 | def upgrade(): 21 | op.add_column( 22 | "tasks", sa.Column("submit_id", sa.Integer(), nullable=True) 23 | ) 24 | op.create_index( 25 | op.f("ix_tasks_submit_id"), "tasks", ["submit_id"], unique=False 26 | ) 27 | if op.get_bind().engine.driver != "pysqlite": 28 | op.create_foreign_key(None, "tasks", "submit", ["submit_id"], ["id"]) 29 | 30 | def downgrade(): 31 | pass 32 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/partials/_process.html: -------------------------------------------------------------------------------- 1 |
  • 2 |
    3 |

    4 | 5 | {{ process.process_name }} 6 | 7 | 8 | {{ process.command_line }} 9 |

    10 | {{ process.pid }} 11 | {% if process.children %} 12 | 13 | {% else %} 14 | 15 | {% endif %} 16 |
    17 | 18 | {% if process.children %} 19 |
      20 | {% for process in process.children %} 21 | {% include "analysis/pages/behavior/partials/_process.html" %} 22 | {% endfor %} 23 |
    24 | {% endif %} 25 | 26 |
    • 27 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/behavior/_search_results.html: -------------------------------------------------------------------------------- 1 |
    2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {% for match in results %} 14 | 15 | 16 | 17 | {% for sign in match.signs %} 18 | 19 | {% include "analysis/pages/behavior/_api_call.html" with call=sign pid=match.process.pid cid=sign.id %} 20 | 21 | {% endfor %} 22 | {% endfor %} 23 | 24 |
    Time & APIArgumentsStatusReturnRepeated
    {{match.process.process_name}} ({{match.process.pid}})
    25 |
    26 | -------------------------------------------------------------------------------- /cuckoo/web/src/tasks/scripts-submission.js: -------------------------------------------------------------------------------- 1 | var fs = require('fs'); 2 | var gulp = require('gulp'); 3 | var gutil = require('gulp-util'); 4 | var sourcemaps = require('gulp-sourcemaps'); 5 | var browserify = require('browserify'); 6 | var babelify = require('babelify'); 7 | var source = require('vinyl-source-stream'); 8 | var buffer = require('vinyl-buffer'); 9 | var uglify = require('gulp-uglify'); 10 | 11 | module.exports = function() { 12 | 13 | browserify({ 14 | entries: ['./scripts/submission/submission.js'], 15 | extensions: ['.js'], 16 | debug: true 17 | }) 18 | .transform(babelify, { 19 | extensions: ['.js'], 20 | presets: ["es2015"], 21 | sourceRoot: './scripts/submission' 22 | }) 23 | .bundle() 24 | .on('error', function(err) { console.log(err); }) 25 | .pipe(source('submission.js')) 26 | .pipe(buffer()) 27 | .pipe(sourcemaps.init({loadMaps: true})) 28 | .pipe(gutil.env.production ? uglify() : gutil.noop()) 29 | .pipe(sourcemaps.write('./')) 30 | .pipe(gulp.dest('../static/js/cuckoo')); 31 | 32 | } -------------------------------------------------------------------------------- /docs/book/installation/guest_physical/creation.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | Creation of the Physical Machine 3 | ================================ 4 | 5 | Once you have :doc:`properly installed <../host/requirements>` your imaging 6 | software, you can proceed on creating all the physical machines you need. 7 | 8 | Using and configuring your imaging software is out of the scope of this 9 | guide, so please refer to the official documentation. 10 | 11 | .. note:: 12 | You can find some hints and considerations on how to design and create 13 | your virtualized environment in the :doc:`../../introduction/sandboxing` 14 | chapter. 15 | 16 | .. note:: 17 | For analysis purposes you are recommended to use Windows XP Service Pack 18 | 3, but Cuckoo Sandbox also proved to work with Windows 7 with User 19 | Access Control disabled. 20 | 21 | 22 | When creating the physical machine, Cuckoo doesn't require any specific 23 | configuration. You can choose the options that best fit your needs. 24 | -------------------------------------------------------------------------------- /cuckoo/reporting/feedback.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | from cuckoo.common.abstracts import Report 6 | from cuckoo.core.feedback import CuckooFeedbackObject, CuckooFeedback 7 | 8 | class Feedback(Report): 9 | """Reports feedback to the Cuckoo Feedback backend if required.""" 10 | 11 | def run(self, results): 12 | # Nothing to see here. 13 | if not results.get("debug", {}).get("errors"): 14 | return 15 | 16 | feedback = CuckooFeedback() 17 | if not feedback.enabled(): 18 | return 19 | 20 | fo = CuckooFeedbackObject( 21 | message="One or more errors occurred during an analysis", 22 | automated=True 23 | ) 24 | 25 | for error in results["debug"]["errors"]: 26 | fo.add_error(error) 27 | 28 | fo.gather_export_files(self.analysis_path) 29 | feedback.send_feedback(fo) 30 | -------------------------------------------------------------------------------- /cuckoo/web/src/scss/components/_footer.scss: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (C) 2016 Cuckoo Foundation. 3 | This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | see the file 'docs/LICENSE' for copying permission. 5 | */ 6 | 7 | // footer 8 | footer:not(.dashboard-module__footer) { 9 | background: #292727; 10 | margin: 0; 11 | padding: 20px 0 15px; 12 | width: 100%; 13 | color: #ccc; 14 | 15 | a:link, 16 | a:visited { 17 | color: #ccc; 18 | text-decoration: none; 19 | } 20 | 21 | a:hover { 22 | color: #ccc; 23 | text-decoration: underline; 24 | } 25 | 26 | } 27 | 28 | // footer-extra 29 | #footer-extra { 30 | 31 | background: #1c1c1c; 32 | padding: 10px 0; 33 | font-size: 11px; 34 | color: #999; 35 | 36 | a:link, 37 | a:visited { 38 | color: #999; 39 | font-weight: bold; 40 | text-decoration: none; 41 | } 42 | 43 | a:hover { 44 | color: #ccc; 45 | text-decoration: underline; 46 | } 47 | 48 | } -------------------------------------------------------------------------------- /cuckoo/private/db_migration/versions/from_20c2_to_200_submit_table.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | """submit table (from Cuckoo 2.0-rc2 to 2.0.0) 6 | 7 | Revision ID: af16beb71aa7 8 | Revises: 4384097916c2 9 | Create Date: 2017-02-07 00:29:30.030173 10 | 11 | """ 12 | 13 | # Revision identifiers, used by Alembic. 14 | revision = "af16beb71aa7" 15 | down_revision = "796174689511" 16 | 17 | from alembic import op 18 | import sqlalchemy as sa 19 | 20 | def upgrade(): 21 | op.create_table( 22 | "submit", 23 | sa.Column("id", sa.Integer(), nullable=False), 24 | sa.Column("tmp_path", sa.Text(), nullable=True), 25 | sa.Column("added", sa.DateTime(), nullable=False), 26 | sa.Column("submit_type", sa.String(length=16), nullable=True), 27 | sa.Column("data", sa.Text(), nullable=True), 28 | sa.PrimaryKeyConstraint("id") 29 | ) 30 | 31 | def downgrade(): 32 | pass 33 | -------------------------------------------------------------------------------- /cuckoo/web/templates/analysis/pages/memory/_netscan.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {% for row in report.analysis.memory.netscan.data|volsort %} 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | {% endfor %} 25 | 26 |
    OffsetPIDLocal AddressLocal PortRemote AddressRemote PortProtocol
    {{row.offset}}{{row.process_id}}{{row.local_address}}{{row.local_port}}{{row.remote_address}}{{row.remote_port}}{{row.protocol}}
    27 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/linux/lib/core/startup.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014-2016 Cuckoo Foundation. 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 | # See the file 'docs/LICENSE' for copying permission. 4 | 5 | import os 6 | import logging 7 | 8 | from lib.common.constants import PATHS 9 | from lib.common.results import NetlogHandler 10 | 11 | log = logging.getLogger() 12 | 13 | def create_folders(): 14 | """Create folders in PATHS.""" 15 | for name, folder in PATHS.items(): 16 | if os.path.exists(folder): 17 | continue 18 | 19 | try: 20 | os.makedirs(folder) 21 | except OSError: 22 | pass 23 | 24 | def init_logging(): 25 | """Initialize logger.""" 26 | formatter = logging.Formatter("%(asctime)s [%(name)s] %(levelname)s: %(message)s") 27 | sh = logging.StreamHandler() 28 | sh.setFormatter(formatter) 29 | log.addHandler(sh) 30 | 31 | nh = NetlogHandler() 32 | nh.setFormatter(formatter) 33 | log.addHandler(nh) 34 | 35 | log.setLevel(logging.DEBUG) 36 | -------------------------------------------------------------------------------- /tests/files/conf/110_plain/processing.conf: -------------------------------------------------------------------------------- 1 | # Enable or disable the available processing modules [on/off]. 2 | # If you add a custom processing module to your Cuckoo setup, you have to add 3 | # a dedicated entry in this file, or it won't be executed. 4 | # You can also add additional options under the section of your module and 5 | # they will be available in your Python class. 6 | 7 | [analysisinfo] 8 | enabled = yes 9 | 10 | [behavior] 11 | enabled = yes 12 | 13 | [debug] 14 | enabled = yes 15 | 16 | [dropped] 17 | enabled = yes 18 | 19 | [memory] 20 | enabled = no 21 | 22 | [network] 23 | enabled = yes 24 | 25 | [static] 26 | enabled = yes 27 | 28 | [strings] 29 | enabled = yes 30 | 31 | [targetinfo] 32 | enabled = yes 33 | 34 | [virustotal] 35 | enabled = yes 36 | # Add your VirusTotal API key here. The default API key, kindly provided 37 | # by the VirusTotal team, should enable you with a sufficient throughput 38 | # and while being shared with all our users, it shouldn't affect your use. 39 | key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088 40 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/windows/modules/packages/python.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2010-2013 Claudio Guarnieri. 2 | # Copyright (C) 2014-2016 Cuckoo Foundation. 3 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 | # See the file 'docs/LICENSE' for copying permission. 5 | 6 | import shlex 7 | 8 | from lib.common.abstracts import Package 9 | 10 | class Python(Package): 11 | """Python analysis package.""" 12 | 13 | PATHS = [ 14 | ("HomeDrive", "Python24", "python.exe"), 15 | ("HomeDrive", "Python25", "python.exe"), 16 | ("HomeDrive", "Python26", "python.exe"), 17 | ("HomeDrive", "Python27", "python.exe"), 18 | ("HomeDrive", "Python32", "python.exe"), 19 | ("HomeDrive", "Python33", "python.exe"), 20 | ("HomeDrive", "Python34", "python.exe"), 21 | ] 22 | 23 | def start(self, path): 24 | python = self.get_path("Python") 25 | arguments = self.options.get("arguments", "") 26 | 27 | args = [path] + shlex.split(arguments) 28 | return self.execute(python, args=args, trigger="file:%s" % path) 29 | -------------------------------------------------------------------------------- /tests/files/conf/040_plain/virtualbox.conf: -------------------------------------------------------------------------------- 1 | [virtualbox] 2 | # Specify which VirtualBox mode you want to run your machines on. 3 | # Can be "gui", "sdl" or "headless". Refer to VirtualBox's official 4 | # documentation to understand the differences. 5 | mode = gui 6 | 7 | # Path to the local installation of the VBoxManage utility. 8 | path = /usr/bin/VBoxManage 9 | 10 | # Specify a comma-separated list of available machines to be used. For each 11 | # specified ID you have to define a dedicated section containing the details 12 | # on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3) 13 | machines = cuckoo1 14 | 15 | [cuckoo1] 16 | # Specify the label name of the current machine as specified in your 17 | # VirtualBox configuration. 18 | label = cuckoo1 19 | 20 | # Specify the operating system platform used by current machine 21 | # [windows/darwin/linux]. 22 | platform = windows 23 | 24 | # Specify the IP address of the current machine. Make sure that the IP address 25 | # is valid and that the host machine is able to reach it. If not, the analysis 26 | # will fail. 27 | ip = 192.168.56.101 28 | -------------------------------------------------------------------------------- /tests/files/conf/120_5vms/virtualbox.conf: -------------------------------------------------------------------------------- 1 | [virtualbox] 2 | # Specify which VirtualBox mode you want to run your machines on. 3 | # Can be "gui", "sdl" or "headless". Refer to VirtualBox's official 4 | # documentation to understand the differences. 5 | mode = headless 6 | 7 | # Path to the local installation of the VBoxManage utility. 8 | path = /usr/bin/VBoxManage 9 | 10 | # Specify a comma-separated list of available machines to be used. For each 11 | # specified ID you have to define a dedicated section containing the details 12 | # on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3) 13 | machines = cuckoo1, cuckoo2, cuckoo3, cuckoo4, cuckoo5 14 | 15 | [cuckoo1] 16 | label = cuckoo1 17 | platform = windows 18 | ip = 192.168.56.101 19 | 20 | [cuckoo2] 21 | label = cuckoo2 22 | platform = windows 23 | ip = 192.168.56.102 24 | 25 | [cuckoo3] 26 | label = cuckoo3 27 | platform = windows 28 | ip = 192.168.56.103 29 | 30 | [cuckoo4] 31 | label = cuckoo4 32 | platform = windows 33 | ip = 192.168.56.104 34 | 35 | [cuckoo5] 36 | label = cuckoo5 37 | platform = windows 38 | ip = 192.168.56.105 39 | -------------------------------------------------------------------------------- /stuff/suricata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Install Suricata. 4 | # $ sudo apt-get install software-properties-common 5 | # $ sudo add-apt-repository ppa:oisf/suricata-stable 6 | # $ sudo apt-get update 7 | # $ sudo apt-get install suricata 8 | # 9 | # Setup Suricata configuration. 10 | # 11 | # In /etc/default/suricata, set RUN to "no". 12 | # 13 | # In /etc/suricata/suricata.yaml apply the following changes; 14 | # * Set "unix-command.enabled" to "yes". 15 | # * Set "unix-command.filename" to "cuckoo.socket". 16 | # * Set "outputs.eve-log.enabled" to "yes". 17 | # * Set "run-as.user to "your cuckoo user" 18 | # * Set "run-as.group to "your cuckoo user group" 19 | # * TODO More items. 20 | # 21 | # Add "@reboot /opt/cuckoo/utils/suricata.sh" to the root crontab. 22 | 23 | . /etc/default/cuckoo 24 | 25 | # Do we want to run Suricata in the background? 26 | if [ "$SURICATA" -eq 0 ]; then 27 | exit 28 | fi 29 | 30 | mkdir /var/run/suricata 31 | chown cuckoo:cuckoo /var/run/suricata 32 | 33 | suricata --unix-socket -D 34 | 35 | while [ ! -e /var/run/suricata/cuckoo.socket ]; do 36 | sleep 1 37 | done 38 | -------------------------------------------------------------------------------- /cuckoo/data/analyzer/darwin/lib/dtrace/common.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2015 Dmitry Rodionov 3 | # This software may be modified and distributed under the terms 4 | # of the MIT license. See the LICENSE file for details. 5 | 6 | from os import path 7 | from time import sleep 8 | 9 | def sanitize_path(raw_path): 10 | """ Replace spaces with backslashes+spaces """ 11 | return raw_path.replace(" ", "\\ ") 12 | 13 | def path_for_script(script): 14 | """ Return the full path for the given script """ 15 | return path.join(current_directory(), script) 16 | 17 | def current_directory(): 18 | return path.dirname(path.abspath(__file__)) 19 | 20 | def filelines(source_file): 21 | """ A generator that returns lines of the file. 22 | If there're no new lines it waits until the file is updated. 23 | """ 24 | # Go to the end of the file 25 | source_file.seek(0, 2) 26 | while True: 27 | line = source_file.readline() 28 | if not line: 29 | # Sleep briefly 30 | sleep(0.1) 31 | continue 32 | yield line 33 | --------------------------------------------------------------------------------