Cuckoo install
While the main distrubution of cuckoo has some lack of features, I usually install the "Cuckoo modified" version that brings a lot of features already availble.
THere are two good implemenations of the modified version.
One from Brad Accuvant and another from Spender.
Below text follows the installation of Brad's version.
First start by getting a fresh install of (in my case) Ubuntu 16.10.
I usually install it within a VWarea VM with 500GB HD, 2 CPUs and 8 GB RAM.
# Using an autoinstall
# sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
# wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
# wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
# sudo apt update && sudo apt install virtualbox-5.1
wget -O - https://raw.githubusercontent.com/buguroo/cuckooautoinstall/master/cuckooautoinstall.bash | bash
# or git clone https://github.com/buguroo/cuckooautoinstall.git
# or prepare the OS the usual way
sudo apt-get install pythonsudo apt-get install mongodbsudo apt-get install python-sqlalchemy python-bsonsudo pip install sqlalchemy bsonsudo apt-get install python-dpkt python-jinja2 python-magic python-pymongo python-gridfs python-libvirt python-bottle python-pefile python-chardet swig libssl-dev clamav-daemon python-geoip geoip-database mono-utilssudo pip install jinja2 pymongo bottle pefile django chardet pygal m2crypto clamd django-ratelimit pycrypto weasyprint rarfile jsbeautifier python-whoissudo apt-get install wkhtmltopdf xvfb xfonts-100dpisudo pip install cybox==2.1.0.9 sudo pip install maec==4.1.0.11sudo apt-get install tcpdumpsudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdumpsudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt update && sudo apt install virtualbox-5.1
# Create a user
sudo adduser cuckoosudo usermod -a -G vboxusers cuckoosudo usermod -a -G libvirtd cuckoo
# clone the cuckoo
git clone https://github.com/spender-sandbox/cuckoo-modified.git
sudo apt-get install python-dpkt python-jinja2 python-magic python-pymongo python-libvirt python-bottle python-pefile python-chardet swig libssl-dev clamav-daemon python-geoip geoip-database mono-utils
Following Bruno Guerreiro
Taken from the "history" of my bash:
apt update
apt-get -f install
sudo apt-get install python python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg-dev
apt install mongodb
apt search virtualbox
apt install virtualbox-dkms
adduser cuckoo
usermod -a -G vboxusers cuckoo
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
apt-get install libcap2-bin
apt search volatility
apt install volatility
cd /opt
git clone https://github.com/cuckoosandbox/cuckoo.git
cd cuckoo/
./utils/community.py -wafb monitor
./utils/community.py -waf;
./cuckoo.py
pip install sqlalchemy
./cuckoo.py
pip install -r requirements.txt
./cuckoo.py
virtualbox
VBoxManage List natnetworks
VBoxManage List natnets
VBoxManage list natnets
VBoxManage list
vi /etc/group
cd /opt/cuckoo/
chmod -R 775 *
chown -R cuckoo:cuckoo .
apt search mitmdump
apt install mitmproxy
which mitmdump
cd /opt/cuckoo/conf/
vi auxiliary.conf
vi reporting.conf
vi virtualbox.conf
cd /home/mpauli/VirtualBox\ VMs/
cd WindowsXP/
apt-get install cifs-utils
mount -t cifs //10.123.64.64/Download/ /mnt -o user=[my-user],password=xxxx
# Get the Andoid feature for Cuckoo
apt get android-sdk/