$ brew install pyenv $ if which pyenv > /dev/null; then eval "$(pyenv init -)"; fi $ pyenv install 2.7.11 $ pyenv rehash $ pyenv global 2.7.11
$ easy_install pip $ pip install --upgrade pip
--- requirements.txt 2016-01-12 03:26:34.000000000 +0900 +++ requirements_mod.txt 2016-05-25 18:15:38.000000000 +0900 @@ -2,7 +2,7 @@ beautifulsoup4==4.4.1 cffi==1.2.1 chardet==2.3.0 -cryptography==1.0 +cryptography==1.0.1 Django==1.8.4 dpkt==1.8.6.2 ecdsa==0.13
$ pip install -r requirements.txt
$ brew install homebrew/dupes/tcpdump
$ sudo chmod 644 /dev/bpf*
$ brew install mongodb
$ pip install yara
ip = 192.168.56.1
port = 2042
tcpdump = /usr/local/sbin/tcpdump
path = /usr/local/bin/VBoxManage
interface = vboxnet0
[cuckoo1] # Specify the label name of the current machine as specified in your # VirtualBox configuration. label = WinXP
platform = windows
ip = 192.168.56.101
key = XXXXXXX
VBoxManage failed starting the machine in HEADLESS mode: VBoxManage: error: Failed to load unit 'HGCM' (VERR_SSM_UNEXPECTED_DATA) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
VBoxManage failed starting the machine in HEADLESS mode: VBoxManage: error: Failed to load unit 'vga' (VERR_SSM_LOADED_TOO_MUCH) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
[+] Starting agent on 0.0.0.0:8000 ...
$ ping 192.168.56.101
> ping 192.168.56.1
$python cuckoo.py
.: :: .-. , : .-. ;;.-. .-. .-. ; ; ; ; ;; .' ; ;'; ;' `;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;' Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available. 2016-05-25 20:19:31,585 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-05-25 20:19:33,565 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-05-25 20:19:33,603 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
$ python utils/submit.py /path/to/binary
2016-05-26 19:48:46,707 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.exe" (task #12, options "") 2016-05-26 19:48:46,769 [lib.cuckoo.core.scheduler] INFO: File already exists at "/path/to/cuckoo/storage/binaries/e37e5e39cc971ca0c196605371d0699b6c1f135378da9d454227e02977571e0f" 2016-05-26 19:48:46,799 [lib.cuckoo.core.scheduler] INFO: Task #12: acquired machine cuckoo1 (label=WinXP) 2016-05-26 19:48:46,806 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 12759 (interface=vboxnet0, host=192.168.56.101, pcap=/path/to/cuckoo/storage/analyses/12/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-05-26 19:48:50,893 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2016-05-26 19:49:33,692 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\\is32bit.exe', '-f', u'C:\\DOCUME~1\\sent\\LOCALS~1\\Temp\\test.exe']' returned non-zero exit status 1 236 packets captured 8521 packets received by filter 0 packets dropped by kernel 2016-05-26 19:49:39,519 [lib.cuckoo.core.scheduler] INFO: Task #12: reports generation completed (path=/path/to/cuckoo/storage/analyses/12) 2016-05-26 19:49:39,532 [lib.cuckoo.core.scheduler] INFO: Task #12: analysis procedure completed