ansible-cuckoo-virtualbox

Ansible role to deploy a Cuckoo sandbox host based on Ubuntu 20.04, which uses VirtualBox VMs as sandbox guests, from scratch.

As a valuable addition to the standard Cuckoo install, Malconfscan and the corresponding Cuckoo patch Malconfscan with Cuckoo are incorporated for painless install of fully working sandbox to extract malware configuration data.

Usage

1. Insert the IP of your target machine to the inventory ./roles/cuckoo-virtualbox/inventory/hosts and make sure, that it is accessible via passwordless SSH.
2. Edit the variables inside ./roles/cuckoo-virtalbox/defaults/main.yml to match your environment. Furtheron make sure to place your .ova inside roles/cuckoo-virtualbox/files and adapt the global variables cuckoo_appliance and cuckoo_vm_label (the label used by Cuckoo and vboxmanage) accordingly. It be
3. Use ansible-playbook to run the setup process

   ansible-playbook -i inventory/hosts playbooks/playbook.yml --ask-become-pass -vvv
       

4. Make necessary modifications of the config files inside /home/{{ cuckoo_user }}/.cuckoo/conf/ and be happy about the painless setup of your cuckoo sandbox!

Note: The necessary MongoDB is not installed with this role, because it seems to be more convenient to host it on a separate box. Edit the variables mongodb_ip and mongodb_port inside ./roles/cuckoo-virtalbox/defaults/main.yml to let those point to your database.