An easy to setup Cuckoo environment for GNU/Linux malware analysis.
You're lazy and you have been struggling with setting up Cuckoo in the past ? Well you came to the right place : I have done all the hard work for you.
First, make sure you have VirtualBox and Vagrant installed.
Then, clone this repository :
$ git clone https://github.com/ShellCode33/LinuxMalwareHuntingBox.git
And run the setup script :
$ ./setup.sh
This setup script will create a virtual machine (using VirtualBox through Vagrant) with the Cuckoo agent (and other stuff) deployed inside. It will also install the Cuckoo managing tool inside a Python virtual environment on your host machine, and generate a clean configuration working with your setup.
Everytime you want to manage Cuckoo, you have to join the Python virtual environment :
$ . venv/bin/activate
Then the cuckoo command will be available.
To start the manager :
$ cuckoo --cwd cuckoo/
To send binaries to the manager (in another shell) :
$ cuckoo --cwd cuckoo/ submit /path/to/binary
Note the usage of --cwd. By default cuckoo will find its configuration in ~/.cuckoo, but the configuration inside the cuckoo/ folder has been specially crafted to work with the guest VM.
Of course you can customise the cuckoo configuration folder to fit your needs. You might also want to configure tcpdump to be usable as a non-root user to enable network analysis.
If you're having the following error :
CuckooCriticalError: Unable to bind ResultServer on 192.168.42.1:2042 [Errno 99] Cannot assign requested address.
It's because you have no interface associated to that network, to fix that, just start the VM with the following command :
vagrant up
It should also up your interface.