$ brew install pyenv $ if which pyenv > /dev/null; then eval "$(pyenv init -)"; fi $ pyenv install 2.7.11 $ pyenv rehash $ pyenv global 2.7.11
$ easy_install pip $ pip install --upgrade pip
--- requirements.txt 2016-01-12 03:26:34.000000000 +0900 +++ requirements_mod.txt 2016-05-25 18:15:38.000000000 +0900 @@ -2,7 +2,7 @@ beautifulsoup4==4.4.1 cffi==1.2.1 chardet==2.3.0 -cryptography==1.0 +cryptography==1.0.1 Django==1.8.4 dpkt==1.8.6.2 ecdsa==0.13
$ pip install -r requirements.txt
$ brew install homebrew/dupes/tcpdump
sudo chmod 644 /dev/bpf*
$ brew install mongodb
$ pip install yara
ip = 192.168.56.1
port = 2042
tcpdump = /usr/local/sbin/tcpdump
path = /usr/local/bin/VBoxManage
interface = vboxnet0
[cuckoo1] # Specify the label name of the current machine as specified in your # VirtualBox configuration. label = WinXP
platform = windows
ip = 192.168.56.101
key = XXXXXXX
[+] Starting agent on 0.0.0.0:8000 ...
$ ping 192.168.56.101
> ping 192.168.56.1
$python cuckoo.py
.: :: .-. , : .-. ;;.-. .-. .-. ; ; ; ; ;; .' ; ;'; ;' `;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;' Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available. 2016-05-25 20:19:31,585 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-05-25 20:19:33,565 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-05-25 20:19:33,603 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
$ python utils/submit.py /path/to/binary
2016-05-25 21:22:32,893 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.bin" (task #1, options "") 2016-05-25 21:22:32,985 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine cuckoo1 (label=WinXP) 2016-05-25 21:22:32,996 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 28834 (interface=vboxnet0, host=192.168.56.101, pcap=/path/to/cuckoo/storage/analyses/1/dump.pcap) tcpdump: vboxnet0: You don't have permission to capture on that device ((no devices found) /dev/bpf0: Permission denied) 2016-05-25 21:23:49,855 [lib.cuckoo.core.scheduler] ERROR: Timeout hit while for machine WinXP to change status 2016-05-25 21:23:49,868 [lib.cuckoo.core.scheduler] CRITICAL: A critical error has occurred trying to use the machine with name cuckoo1 during an analysis due to which it is no longer in a working state, please report this issue and all of the related environment details to the developers so we can improve this situation. (Note that before we would simply remove this VM from doing any more analyses, but as all the VMs will eventually be depleted that way, hopefully we'll find a better solution now). 2016-05-25 21:23:50,332 [lib.cuckoo.core.scheduler] WARNING: Unable to stop machine WinXP: Trying to stop an already stopped vm WinXP 2016-05-25 21:23:50,444 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path '/path/to/cuckoo/storage/analyses/1/logs'. 2016-05-25 21:23:52,327 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-05-25 21:23:52,362 [modules.processing.network] WARNING: The PCAP file does not exist at path "/path/to/cuckoo/storage/analyses/1/dump.pcap". 2016-05-25 21:23:54,218 [lib.cuckoo.core.scheduler] INFO: Task #1: reports generation completed (path=/path/to/cuckoo/storage/analyses/1) 2016-05-25 21:23:54,235 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed