Cuckoo Sandbox Book¶
Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
This guide will explain how to set up Cuckoo, use it, and customize it.
Using the new Cuckoo Package?¶
There are various big improvements related to usability in the newly released Cuckoo Package. To get the most out of it, start reading on the different subjects related to it. Following are some of the highlights:
Having troubles?¶
If you’re having troubles you might want to check out the FAQ as it may already have the answers to your questions.
- FAQ
- General Questions
- Troubleshooting
- After upgrade Cuckoo stops to work
- Cuckoo stumbles and produces some error I don’t understand
- Check and restore current snapshot with KVM
- Check and restore current snapshot with VirtualBox
- Unable to bind result server error
- Error during template rendering
- 501 Unsupported Method (‘GET’)
- Permission denied for tcpdump
- DistributionNotFound / No distribution matching the version..
- IOError: [Errno 24] Too many open files
- pkg_resources.ContextualVersionConflict
- ValueError: incomplete format key
- Troubleshooting VM network configuration
- Cuckoo says there’s a version 2.1.0?
- No handlers could be found for logger X in UWSGI log
Otherwise you can ask the developers and/or other Cuckoo users, see Join the discussion.
Contents¶
- Introduction
- Installation
- Preparing the Host
- Preparing the Guest
- Preparing the Guest (Physical Machine)
- Upgrading from a previous release
- Usage
- Starting Cuckoo
- Cuckoo Working Directory Usage
- Submit an Analysis
- Web interface
- REST API
- Starting the API server
- Resources
- /tasks/create/file
- /tasks/create/url
- /tasks/create/submit
- /tasks/list
- /tasks/sample
- /tasks/view
- /tasks/reschedule
- /tasks/delete
- /tasks/report
- /tasks/summary
- /tasks/screenshots
- /tasks/rereport
- /tasks/reboot
- /memory/list
- /memory/get
- /files/view
- /files/get
- /pcap/get
- /machines/list
- /machines/view
- /cuckoo/status
- /vpn/status
- /exit
- Distributed Cuckoo
- Utilities
- Cuckoo Rooter
- Cuckoo Feedback
- Analysis Packages
- Analysis Results
- Clean all Tasks and Samples
- Customization
- Development
- Final Remarks