This repository contains a Dockerfile of Cuckoo Sandbox.
🚧 WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.
Table of Contents
REPOSITORY TAG SIZE
blacktop/cuckoo latest 309.7 MB
blacktop/cuckoo 2.0 295.7 MB
blacktop/cuckoo 1.2 238.7 MBNOTE: tags latest and 2.0 contain all of
cuckoosandbox/community
- Install Docker.
- Install docker-compose
- Download trusted build from public Docker Registry:
docker pull blacktop/cuckoo
- Install Homebrew
$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)Or install Docker for Mac
$ curl -sL https://github.com/blacktop/docker-cuckoo/raw/master/docker-compose.yml > docker-compose.yml
$ docker-compose up -d
# Cuckoo API is listening on port 8000 now.
$ curl $(docker-machine ip):8000/cuckoo/status{
"cpuload": [
0.01220703125,
0.03515625,
0.025390625
],
"diskspace": {},
"hostname": "195855fb100f",
"machines": {
"available": 0,
"total": 0
},
"memory": 88.55692015425926,
"tasks": {
"completed": 0,
"pending": 0,
"reported": 0,
"running": 0,
"total": 0
},
"version": "2.0-dev"
}Now navigate to http://$(docker-machine ip)
$ docker run -d --name mongo mongo
$ docker run -d --name postgres -e POSTGRES_PASSWORD=cuckoo postgres
$ docker run -d --name elasticsearch elasticsearch
$ docker run -d -v $(pwd)/conf:/cuckoo/conf:ro \
--link postgres \
-p 8000:1337 \
blacktop/cuckoo api
$ docker run -d -v $(pwd)/conf:/cuckoo/conf:ro \
--link mongo \
--link elasticsearch \
-p 80:31337 \
blacktop/cuckoo webNOTE: If you want to customize the cuckoo configuration before launching you can link the conf folder into the container like is shown above.
Open a web browser and navigate to :
$ docker-machine ip
docker run blacktop/cuckoo daemon # start cuckoo.py
docker run blacktop/cuckoo submit # run utils/submit.py
docker run blacktop/cuckoo process # run utils/process.py
docker run blacktop/cuckoo api # starts RESTFull API
docker run blacktop/cuckoo web # starts web UI
docker run blacktop/cuckoo distributed # runs distributed/app.py
docker run blacktop/cuckoo stats # utils/stats.py
docker run blacktop/cuckoo help # runs cuckoo.py --helpAs a convenience you can add the docker-machine IP to your /etc/hosts file:
$ echo $(docker-machine ip) dockerhost | sudo tee -a /etc/hostsNow you can navigate to http://dockerhost from your host
- Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. 😉
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
- Install/Run Cuckoo Sandbox
- Break mongo out into a separate container using docker-compose
- Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
- Create docker-entryporint.sh to use same container as daemon or web app or api or utility, etc
- Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
- Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
- add wait-for-it.sh to wait for postgres before API starts
- Web reverse proxy via Nginx with SSL
- Add snort or suricata or both
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
MIT Copyright (c) 2015-2016 blacktop