Dockerfile beta

This repository contains a Dockerfile of Cuckoo Sandbox.

Notice

• 🆕 Checkout the new VirtualBox docs here
• 🚧 WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.

Table of Contents

• !cuckoo-logo Dockerfile beta
  • Notice
  • Dependencies
  • Image Tags
  • Installation
  • To Run on OSX
  • Getting Started
    • Now Navigate To
  • Documentation
  • Known Issues
  • Issues
  • Todo
  • Credits
  • CHANGELOG
  • Contributing
  • License

Dependencies

• blacktop/yara:3.7
• blacktop/volatility:2.6

Image Tags

REPOSITORY          TAG                 SIZE
blacktop/cuckoo     latest              498MB
blacktop/cuckoo     2.0                 498MB
blacktop/cuckoo     modified (WIP)      317.1 MB
blacktop/cuckoo     1.2                 258.6 MB

NOTE: tags latest and *2.0__ contain all of cuckoosandbox/community

• tag modified is the awesome spender-sandbox version of cuckoo and contains all of spender-sandbox/community-modified

Installation

1. Install Docker.
2. Install docker-compose
3. Download trusted build from public Docker Registry: docker pull blacktop/cuckoo

To Run on OSX

• Install Homebrew

$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)

Or install Docker for Mac

Getting Started

$ git clone https://github.com/blacktop/docker-cuckoo
$ cd docker-cuckoo
$ docker-compose up -d
# For docker-machine
$ curl $(docker-machine ip):8000/cuckoo/status
# For Docker for Mac
$ curl localhost:8000/cuckoo/status

{
  "cpuload": [0.01220703125, 0.03515625, 0.025390625],
  "diskspace": {},
  "hostname": "195855fb100f",
  "machines": {
    "available": 0,
    "total": 0
  },
  "memory": 88.55692015425926,
  "tasks": {
    "completed": 0,
    "pending": 0,
    "reported": 0,
    "running": 0,
    "total": 0
  },
  "version": "2.0-dev"
}

Now Navigate To

• With docker-machine : http://$(docker-machine ip)
• With Docker for Mac : http://localhost

Documentation

• Usage
• Available Subcommands
• Running Modified Version
• Running with VirtualBox
• Tips and Tricks

Known Issues

Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. 😉 see the NOTES

If you are getting issues with running elasticsearch you can try running: sysctl -w vm.max_map_count=262144

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Todo

• Install/Run Cuckoo Sandbox
• Break mongo out into a separate container using docker-compose
• Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
• Create docker-entryporint.sh to use same container as daemon or web app or api or utility, etc
• Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
• Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
• add wait-for-it.sh to wait for postgres before API starts
• Web reverse proxy via Nginx with SSL
• Add snort or suricata or both
• Get modified version of cuckoo to install/run in docker

Credits

Using blacktop/cuckoo with VirtualBox brought to you by the awesome work done by @ilyaglow and remotevbox

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2020 blacktop