This is 2 of a 4 part series on the installation of Cuckoo Sandbox.
Part 2 will focus on installing additional functionality to the Host Operating System for the Cuckoo Sandbox.
Video Instructions
Cuckoo Sandbox Installation Part 2
Steps
All commands are Italicize. To install the software open a terminal and copy & paste the commands. During the installation of the various software you will be prompted with the options of "Yes/No" type "Yes or Y" to all prompts.
1. Install Django-based web interface [1]
Video Instructions
Cuckoo Sandbox Installation Part 2
Steps
All commands are Italicize. To install the software open a terminal and copy & paste the commands. During the installation of the various software you will be prompted with the options of "Yes/No" type "Yes or Y" to all prompts.
1. Install Django-based web interface [1]
- sudo apt-get install mongodb
- sudo apt-get install tcpdump
- sudo apt-get install libcap2-bin
- sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
- getcap /usr/sbin/tcpdump
- sudo apt install git
- git clone https://github.com/volatilityfoundation/volatility.git
- Navigate to the volatility folder
- cd /home/YourUserName/volatility
- sudo python setup.py install
- Distorm3
- Download Distorm3
- Navigate to the Downloads folder
- tar -xvzf distorm-3.4.0.tar.gz
- Navigate to the distorm-3.4.0 folder
- cd /home/YourUserName/Downloads/distorm-3.4.0
- sudo python setup.py install
- Yara [3]
- Install autoreconf
- sudo apt-get install autoconf
- Install libtool-bin
- sudo apt-get install libtool-bin
- Download Yara
- Navigate to the Downloads folder
- tar -xvzf yara-3.5.0.tar.gz
- Navigate to the yara-3.5.0 folder
- cd /home/YourUserName/Downloads/yara-3.5.0
- ./bootstrap.sh
- ./configure --with-crypto --enable-magic --enable-cuckoo
- make
- sudo make install
- sudo -H pip install yara-python
- PyCrypto [4]
- Download PyCrypto
- Navigate to the Downloads folder
- tar -xvzf pycrypto-2.6.1.tar.gz
- Navigate to the pycrypto-2.6.1 folder
- cd /home/YourUserName/Downloads/pycrypto-2.6.1
- python setup.py build
- sudo python setup.py install
- Openpyxl [5]
- sudo -H pip install openpyxl
- UJSON [6]
- sudo -H pip install ujson
- IPython [7]
- sudo -H pip install jupyter
- sudo apt-get install python3-pip python3-dev libssl-dev libtiff5-dev libjpeg8-dev zlib1g-dev libwebp-dev
- sudo pip3 install mitmproxy
- mitmproxy
- cd ~/.mitmproxy
- cp mitmproxy-ca-cert.p12 /home/YourUserName/Downloads/cuckoo/analyzer/windows/bin/cert.p12
- mitmdump = /usr/local/bin/mitmdump
References
1. Cuckoo Sandbox Documentation
2. Volatility Documentation
3. Yara Documentation
4. PyCrypto Documentation
5. OpenPyxl Documentation
6. UJSON Documentation
7. IPython Documentation
Social Media
Facebook:
https://www.facebook.com/BDavisCS/
Twitter:
@BDavis_CyberSec
I would like to thank you for that great work. May you provide video for all parts as part one?
ReplyDeleteHow are you doing Fuad Bozaidan? Thank you the encouragement and the question!!! I will be creating videos for the remaining 3 parts of the Cuckoo Sandbox Installation within the next two weeks. Thank you for subscribing and please continue to ask questions and I will do my best to answer them. Stay hungry for knowledge!!!
DeleteThank You For this Awesome Tutorial for installation. I would be waiting for the rest video
Deletehey bdavis I wanted to know if same can be done for cuckoo on android and Is there any similar tutorial
ReplyDeleteif you could explain how same can be done for cuckoo on linux and then android malware analysis it would be grate.
my email lovina37@gmail.com
How are you doing Lovina D'mello? Thank you for asking the question about Linux machines and Android devices being able to have the Cuckoo Sandbox Agent installed. As stated in the Cuckoo Sandbox online installation documentation " This agent is designed to be cross-platform, therefore you should be able to use it on Windows as well as on Linux and OS X." Which means that as long as the guest operating system has python 2.7 installed the Cuckoo Sandbox Agent can be installed. I will try to do a blog post and YouTube video detailing the features in the near feature. I will have to get back to you on the Android device forensic tool sets but in the mean time here is a book on "Android Forensics by Andrew Hoog, ISBN: 978-1597496513, ISBN:1597496510 Once again thank you for asking the question and "Stay Hungry for knowledge!!!"
ReplyDeleteSecurity testing is must. Everybody wants security at every level of his working. as explained above failures are happened but if we test time to time then it will improve. So it depend on us how much we are serious about this.
DeletePower System Dynamic State Estimation Motivations,Definitions, Methodologies and Future Work Project For CSE
Real Time Lateral Movement Detection based on Evidence Reasoning Network for Edge Computing Environment Project For CSE
Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking Project For CSE
A Lightweight and Efficient Secure Hybrid RSA (SHRSA) Messaging Scheme With Four Layered Authentication Stack Project For CSE
A Remote Sensing Image Encryption Scheme Using DNA Bases Probability andTwo Dimensional Logistic Map Project For CSE
Hi BDavis, on a fresh install of Ubuntu, I also needed to install libjansson-dev and libmagic-dev before Yara would install. Also I was not able to find version 3.4 of distorm but 3.3.4 is available on their site. Thanks for the tutorial, I will let you know how it goes through pages 3 and 4.
ReplyDeleteHi while following this step
ReplyDeletesudo pip3 install mitmproxy
getting exceptions
RuntimeError: dictionary changed size during iteration
sys.argv ['-c', 'egg_info', '--egg-base', 'pip-egg-info']
test compiling test_ruamel_yaml
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2273, in _dep_map
return self.__dep_map
File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2344, in __getattr__
raise AttributeError(attr)
AttributeError: _Distribution__dep_map
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "", line 17, in
File "/tmp/pip_build_root/ruamel.yaml/setup.py", line 854, in
main()
File "/tmp/pip_build_root/ruamel.yaml/setup.py", line 843, in main
setup(**kw)
This installation is not shared in ur video..Is it worth installing??
Hi bdavis
ReplyDeleteThank You For this Awesome Tutorial for installation. I want to install the guest with VMcloak.. So, can you please help me if you have any information about this ?
Hi Soukaine
DeleteI would like to know if you found something about installing guest with VMcloak. Please let me know
distorm-3.4.0.tar.gz is not available. can i use distorm-3.3.3.tar.gz?
ReplyDeleteYour article has piqued a lot of positive interest. I can see why since you have done such a good job of making it interesting.
ReplyDeleteCyber security training london
This comment has been removed by the author.
ReplyDeleteNo such file or directory error..
ReplyDelete/home/YourUserName/Downloads/cuckoo/analyzer/windows/bin/cert.p12
I have replaced YourUserName with my own computer name.But,nothing works!
Any help would really be appreciated.
configure: error: please install Jansson library
ReplyDeleteany solution to this error
cyber security company in India,
ReplyDeletecyber security services in India
VAPT company in India
VAPT services in India
cyber forensic in India
I like your post very much. It is very much useful for my research. I hope you to share more info about this. Keep posting Cyber Security Online Training
ReplyDeleteERROR: Command errored out with exit status 1:
ReplyDeletecommand: /usr/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-e55zz_54/cuckoo/setup.py'"'"'; __file__='"'"'/tmp/pip-install-e55zz_54/cuckoo/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-r5v7x4kd
cwd: /tmp/pip-install-e55zz_54/cuckoo/
Complete output (1 lines):
Cuckoo is Python2-only at the moment! Please use Python 2 to install it, i.e., `pip2 install -U cuckoo`.
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
when I use pip install -U cuckoo , I am getting the above error.What should i do?
This is a really fascinating and useful blog. I've read a lot of blogs lately, but your writing style is quite distinct and insightful. If you've read my articles, please go to the next step.
ReplyDeleteCyber Security Course
This is excellent news for me; thank you for sharing it, buddy!
ReplyDeleteCyber Security Interview Questions
Great news . Agile Interview Questions
ReplyDeleteGreat News. Thanx for sharing the news. Best Interior Designers In Noida
ReplyDeleteThank You and I have a dandy supply: How Much Is A Complete House Renovation brick house exterior makeover
ReplyDelete