Skip to content
This repository has been archived by the owner on Feb 23, 2021. It is now read-only.

blacktop/docker-cuckoo

Repository files navigation

cuckoo-logo Dockerfile beta

CircleCI License Docker Stars Docker Pulls Docker Image

This repository contains a Dockerfile of Cuckoo Sandbox.


Notice

  • 🆕 Checkout the new VirtualBox docs here
  • 🚧 WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.

Table of Contents

Dependencies

Image Tags

REPOSITORY          TAG                 SIZE
blacktop/cuckoo     latest              498MB
blacktop/cuckoo     2.0                 498MB
blacktop/cuckoo     modified (WIP)      317.1 MB
blacktop/cuckoo     1.2                 258.6 MB

NOTE: tags latest and *2.0__ contain all of cuckoosandbox/community

  • tag modified is the awesome spender-sandbox version of cuckoo and contains all of spender-sandbox/community-modified

Installation

  1. Install Docker.
  2. Install docker-compose
  3. Download trusted build from public Docker Registry: docker pull blacktop/cuckoo

To Run on OSX

$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)

Or install Docker for Mac

Getting Started

$ git clone https://github.com/blacktop/docker-cuckoo
$ cd docker-cuckoo
$ docker-compose up -d
# For docker-machine
$ curl $(docker-machine ip):8000/cuckoo/status
# For Docker for Mac
$ curl localhost:8000/cuckoo/status
{
  "cpuload": [0.01220703125, 0.03515625, 0.025390625],
  "diskspace": {},
  "hostname": "195855fb100f",
  "machines": {
    "available": 0,
    "total": 0
  },
  "memory": 88.55692015425926,
  "tasks": {
    "completed": 0,
    "pending": 0,
    "reported": 0,
    "running": 0,
    "total": 0
  },
  "version": "2.0-dev"
}

Now Navigate To

cuckoo-dashboard

Documentation

Known Issues

Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. 😉 see the NOTES

If you are getting issues with running elasticsearch you can try running: sysctl -w vm.max_map_count=262144

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Todo

  • Install/Run Cuckoo Sandbox
  • Break mongo out into a separate container using docker-compose
  • Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
  • Create docker-entryporint.sh to use same container as daemon or web app or api or utility, etc
  • Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
  • Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
  • add wait-for-it.sh to wait for postgres before API starts
  • Web reverse proxy via Nginx with SSL
  • Add snort or suricata or both
  • Get modified version of cuckoo to install/run in docker

Credits

Using blacktop/cuckoo with VirtualBox brought to you by the awesome work done by @ilyaglow and remotevbox

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2020 blacktop