Cuckooforcanari - Cuckoo Sandbox Local Maltego Transforms
Author : David Bressler (@bostonlink)
Demo Video: http://www.youtube.com/watch?v=1GGArfEijgE
Cuckooforcanari is a Maltego local transform project, built within the Canari Framework that integrates the Cuckoo Sandbox API into maltego entity output. The main goal of this project is to allow security analysts, researchers, investigators, and teams to graphically display a Cuckoo Sandbox file or URL analysis.
src/cuckooforcanaridirectory is where all the magic stuff goes and happens.
src/cuckooforcanari/transformsdirectory is where all the transform modules are located.
src/cuckooforcanari/transforms/commondirectory is where common code for all transforms are stored.
src/cuckooforcanari/transforms/common/entities.pyis where custom entities are defined.
maltego/is where the Maltego entity exports are stored.
src/cuckooforcanari/resources/maltegodirectory is where the
*.machinefiles are stored for auto install and uninstall.
2.0 - Installation
2.1 - Supported Platforms
cuckooforcanari has currently been tested on Mac OS X and Linux.
2.2 - Requirements
cuckooforcanari is supported and tested on Python 2.7.3
The canari framework must be installed to use this package See: https://github.com/allfro/canari
A Cuckoo Sandbox v0.5 or later local network or host installation and have the Cuckoo API running. See: http://docs.cuckoosandbox.org/en/latest/usage/api/#starting-the-api-server
This package depends on the python requests package added requirement to setup.py will automatically download and install the requests package if needed.
2.3 - How to install
Once you have the Canari framework installed and working, follow the directions below to install cuckooforcanari
Install the package:
$ cd cuckooforcanari $ python setup.py install
Then install the canari package by issuing the following:
$ canari create-profile cuckooforcanari
Then do the following (thanks to Nadeem Douba @ndouba):
- Open Maltego.
- Click on the home button (Maltego icon, top-left corner).
- Click on 'Import'.
- Click on 'Import Configuration'.
- Follow prompts.
Once installed you must edit the cuckooforcanari.conf file with local environment settings.
$ vim ~/.canari/cuckooforcanari.conf
All Done!! Have fun!
Rich Popson (@Rastafari0728)
Nadeem Douba (@ndouba)
Cuckoo Sandbox (@cuckoosandbox)