Public | Automated Build

Last pushed: 17 days ago
Short Description
Malware Analysis System
Full Description


This repository contains a Dockerfile of Cuckoo Sandbox.


  • :new: Checkout the new VirtualBox docs here
  • :construction: WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.

Table of Contents


Image Tags

REPOSITORY          TAG                 SIZE
blacktop/cuckoo     latest              367MB
blacktop/cuckoo     2.0                 367MB
blacktop/cuckoo     modified (WIP)      317.1 MB
blacktop/cuckoo     1.2                 258.6 MB

NOTE: tags latest and *2.0__ contain all of cuckoosandbox/community

  • tag modified is the awesome spender-sandbox version of cuckoo and contains all of spender-sandbox/community-modified


  1. Install Docker.
  2. Install docker-compose
  3. Download trusted build from public Docker Registry: docker pull blacktop/cuckoo

To Run on OSX

$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)

Or install Docker for Mac

Getting Started

$ git clone
$ cd docker-cuckoo
$ docker-compose up -d
# For docker-machine
$ curl $(docker-machine ip):8000/cuckoo/status
# For Docker for Mac
$ curl localhost:8000/cuckoo/status
  "cpuload": [
  "diskspace": {},
  "hostname": "195855fb100f",
  "machines": {
    "available": 0,
    "total": 0
  "memory": 88.55692015425926,
  "tasks": {
    "completed": 0,
    "pending": 0,
    "reported": 0,
    "running": 0,
    "total": 0
  "version": "2.0-dev"

Now Navigate To


Known Issues

Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. :wink: see the NOTES


Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.


  • [x] Install/Run Cuckoo Sandbox
  • [x] Break mongo out into a separate container using docker-compose
  • [x] Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
  • [x] Create to use same container as daemon or web app or api or utility, etc
  • [ ] Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
  • [x] Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
  • [x] add to wait for postgres before API starts
  • [ ] Web reverse proxy via Nginx with SSL
  • [ ] Add snort or suricata or both
  • [x] Get modified version of cuckoo to install/run in docker


Using blacktop/cuckoo with VirtualBox brought to you by the awesome work done by @ilyaglow and remotevbox




See all contributors on GitHub.

Please update the and submit a Pull Request on GitHub.


MIT Copyright (c) 2015-2017 blacktop

Docker Pull Command
Source Repository