docker-cuckoo - Cuckoo Sandbox Dockerfile

  •        103

This repository contains a Dockerfile of Cuckoo Sandbox. Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

https://github.com/blacktop/docker-cuckoo

Tags
Implementation
License
Platform

   




Related Projects

cuckoo-droid - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.

  •    Python

Contributed By Check Point Software Technologies LTD. CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application.

multiscanner - Modular file scanning/analysis framework

  •    Javascript

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.

vmcloak - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

  •    Python

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. VMCloak is a tool to fully create and prepare Virtual Machines that can be used by Cuckoo Sandbox. In order to create a new Virtual Machine one should prepare a few configuration values that will be used later on by the tool.

cuckoo - Cuckoo Sandbox main repository

  •    Python

Cuckoo Sandbox main repository

cuckoo-modified - Modified edition of cuckoo

  •    Python

This is a heavily modified version of Cuckoo Sandbox provided under the GPL by Optiv, Inc. December 1st 2015 is my last day at Optiv. I want to thank Optiv for giving me the opportunity to contribute all this work to the rest of the world. Since I will no longer have access to this account, I have created a fork of each of the repos at https://github.com/spender-sandbox/ which you may submit pull requests to that I will respond to quickly.


cfilter - Cuckoo Filter implementation in Go, better than Bloom Filters (unmaintained, unfortunately)

  •    Go

Cuckoo filter is a Bloom filter replacement for approximated set-membership queries. Cuckoo filters support adding and removing items dynamically while achieving even higher performance than Bloom filters. For applications that store many items and target moderately low false positive rates, cuckoo filters have lower space overhead than space-optimized Bloom filters. Some possible use-cases that depend on approximated set-membership queries would be databases, caches, routers, and storage systems where it is used to decide if a given item is in a (usually large) set, with some small false positive probability. Alternatively, given it is designed to be a viable replacement to Bloom filters, it can also be used to reduce the space required in probabilistic routing tables, speed longest-prefix matching for IP addresses, improve network state management and monitoring, and encode multicast forwarding information in packets, among many other applications. Cuckoo filters provide the flexibility to add and remove items dynamically. A cuckoo filter is based on cuckoo hashing (and therefore named as cuckoo filter). It is essentially a cuckoo hash table storing each key's fingerprint. Cuckoo hash tables can be highly compact, thus a cuckoo filter could use less space than conventional Bloom filters, for applications that require low false positive rates (< 3%).

cuckoo-modified - Modified edition of cuckoo

  •    Python

As of 4/26/2017 I'm handing this repo off to others to fork and continue if they wish. Thanks to doomedraven, KillerInstinct, kevross33, SeanKim77, jgajek, keithjjones, pashashocky, Shane-Carr, seanthegeek, garanews, and all the other contributors I forgot to mention. This fork aims to continue the work of the heavily modified version of Cuckoo Sandbox provided under the GPL by Optiv, Inc.

malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction

  •    Javascript

malware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.

cuckoofilter

  •    C++

Cuckoo filter is a Bloom filter replacement for approximated set-membership queries. While Bloom filters are well-known space-efficient data structures to serve queries like "if item x is in a set?", they do not support deletion. Their variances to enable deletion (like counting Bloom filters) usually require much more space. Cuckoo filters provide the flexibility to add and remove items dynamically. A cuckoo filter is based on cuckoo hashing (and therefore named as cuckoo filter). It is essentially a cuckoo hash table storing each key's fingerprint. Cuckoo hash tables can be highly compact, thus a cuckoo filter could use less space than conventional Bloom filters, for applications that require low false positive rates (< 3%).

Limon - Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware

  •    Python

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools. Limon analyzes the malware in a controlled environment, monitors its activities and its child processes to determine the nature and purpose of the malware. It determines the malware's process activity, interaction with the file system, network, it also performs memory analysis and stores the analyzed artifacts for later analysis.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection

  •    C++

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. You can download the latest release here: x86 | x64.

cuckoo - a memory-bound graph-theoretic proof-of-work system

  •    C++

Cuckoo Cycle is the first graph-theoretic proof-of-work, and the most memory bound, yet with instant verification. Unlike Hashcash, Cuckoo Cycle is immune from quantum speedup by Grover's search algorithm. With a 42-line complete specification, Cuckoo Cycle is less than half the size of either SHA256, Blake2b, or SHA3 (Keccak) as used in Bitcoin, Equihash and ethash. Simplicity matters.

Noriben - Noriben - Portable, Simple, Malware Analysis Sandbox

  •    Python

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben allows you to not only run malware similar to a sandbox, but to also log system-wide events while you manually run malware in ways particular to making it run. For example, it can listen as you run malware that requires varying command line options, or user interaction. Or, to watch the system as you step through malware in a debugger.

Cuckoo - Boilerplate-free mocking framework for Swift!

  •    Swift

Cuckoo was created due to lack of a proper Swift mocking framework. We built the DSL to be very similar to Mockito, so anyone using it in Java/Android can immediately pick it up and use it. Cuckoo has two parts. One is the runtime and the other one is an OS X command-line tool simply called CuckooGenerator.

pafish - Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do

  •    C

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open source, you can read the code of all anti-analysis checks. You can also download the executable of the latest stable version.

malice - VirusTotal Wanna Be - Now with 100% more Hipster

  •    Go

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

PVCG Server / Cuckoo

  •    C

PVCGS - (Lib)Purple Virtual Client Gateway Server (a.k.a. Cuckoo) A Libpurple based instant messenger gateway server for accessing the messenger services you are subscribed to from many locations at once.

BoomFilters - Probabilistic data structures for processing continuous, unbounded streams.

  •    Go

Boom Filters are probabilistic data structures for processing continuous, unbounded streams. This includes Stable Bloom Filters, Scalable Bloom Filters, Counting Bloom Filters, Inverse Bloom Filters, Cuckoo Filters, several variants of traditional Bloom filters, HyperLogLog, Count-Min Sketch, and MinHash.Classic Bloom filters generally require a priori knowledge of the data set in order to allocate an appropriately sized bit array. This works well for offline processing, but online processing typically involves unbounded data streams. With enough data, a traditional Bloom filter "fills up", after which it has a false-positive probability of 1.