Public | Automated Build

Last pushed: 5 days ago
Short Description
Malware Analysis System
Full Description

Dockerfile-beta

This repository contains a Dockerfile of Cuckoo Sandbox.

:construction: WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.

Table of Contents

Dependencies

Image Tags

REPOSITORY          TAG                 SIZE
blacktop/cuckoo     latest              367MB
blacktop/cuckoo     2.0                 367MB
blacktop/cuckoo     modified (WIP)      317.1 MB
blacktop/cuckoo     1.2                 258.6 MB

NOTE: tags latest and *2.0 contain all of cuckoosandbox/community

  • tag modified is the awesome spender-sandbox version of cuckoo and contains all of spender-sandbox/community-modified

Installation

  1. Install Docker.
  2. Install docker-compose
  3. Download trusted build from public Docker Registry: docker pull blacktop/cuckoo

To Run on OSX

$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)

Or install Docker for Mac

Getting Started

$ git clone https://github.com/blacktop/docker-cuckoo
$ cd docker-cuckoo
$ docker-compose up -d
# For docker-machine
$ curl $(docker-machine ip):8000/cuckoo/status
# For Docker for Mac
$ curl localhost:8000/cuckoo/status
{
  "cpuload": [
    0.01220703125,
    0.03515625,
    0.025390625
  ],
  "diskspace": {},
  "hostname": "195855fb100f",
  "machines": {
    "available": 0,
    "total": 0
  },
  "memory": 88.55692015425926,
  "tasks": {
    "completed": 0,
    "pending": 0,
    "reported": 0,
    "running": 0,
    "total": 0
  },
  "version": "2.0-dev"
}
Now Navigate To

Documentation

Known Issues

Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. :wink: see the NOTES

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Todo

  • [x] Install/Run Cuckoo Sandbox
  • [x] Break mongo out into a separate container using docker-compose
  • [x] Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
  • [x] Create docker-entryporint.sh to use same container as daemon or web app or api or utility, etc
  • [ ] Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
  • [x] Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
  • [x] add wait-for-it.sh to wait for postgres before API starts
  • [ ] Web reverse proxy via Nginx with SSL
  • [ ] Add snort or suricata or both
  • [x] Get modified version of cuckoo to install/run in docker

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2017 blacktop

Docker Pull Command
Owner
blacktop
Source Repository