Download cuckoo
git clone git://github.com/cuckoosandbox/cuckoo.git
Installing Python libraries
1. Install basic dependencies:
sudo dnf install python python-pip python-devel libffi-devel openssl-devel libxml2-devel libxslt-devel libjpeg-devel redhat-rpm-config
2. To use the Django-based web interface install MongoDB:
sudo dnf install mongodb
Install Virtualenv
"virtualenv is a tool to create isolated Python environments. virtualenv creates a folder which contains all the necessary executables to use the packages that a Python project would need."2
1. Install virtualenv:
pip install virtualenv
2. Create a virtual environment for a project:
cd cuckoo/
virtualenv venv
3. To begin using the virtual environment, it needs to be activated:
source venv/bin/activate
Install further dependencies
nano requirements.txt (change six==1.90 to six==1.10, add bson==0.4.3 and distorm3==3.3.4 to the end of the file and save it with ctrl + o, exit nano with ctrl + x)
sudo pip install -r requirements.txt
Install tcpdump
"In order to dump the network activity performed by the malware during execution, you'll need a network sniffer properly configured to capture the traffic and dump it to a file.
By default Cuckoo adopts tcpdump, the prominent open source solution."1 Install tcpdump:
sudo dnf install tcpdump
"Tcpdump requires root privileges, but since you don't want Cuckoo to run as root you'll have to set specific Linux capabilities to the binary:"1
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
Installing Volatility
"Volatility is an optional tool to do forensic analysis on memory dumps. In combination with Cuckoo, it can automatically provide additional visibility into deep modifications in the operating system as well as detect the presence of rootkit technology that escaped the monitoring domain of Cuckoo's analyzer."1
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility/
chmod +x setup.py
./setup.py install
Cuckoo Configuration (Host + Guest)
https://cuckoo.readthedocs.io/en/0.4.1/
Bring up VirtualBox virtual interface
VBoxManage hostonlyif create
sudo ip link set vboxnet0 up
sudo ip addr add 192.168.56.1/24 dev vboxnet0
Running Cuckoo
./cuckoo.py
Updating Cuckoo
./utils/community.py -waf