Dockerfile-beta

This repository contains a Dockerfile of Cuckoo Sandbox.

🚧 WARNING: Currently only works with remote machinery: esx, vsphere and xenserver.

Table of Contents

• Dependencies
• Image Tags
• Installation
• To Run on OSX
• Getting Started
• Documentation
• Known Issues
• Issues
• Todo
• CHANGELOG
• Contributing
• License

Dependencies

• blacktop/yara:3.5
• blacktop/volatility:2.6

Image Tags

REPOSITORY          TAG                 SIZE
blacktop/cuckoo     latest              367MB
blacktop/cuckoo     2.0                 367MB
blacktop/cuckoo     modified (WIP)      317.1 MB
blacktop/cuckoo     1.2                 258.6 MB

NOTE: * tags latest and 2.0 contain all of cuckoosandbox/community

• tag modified is the awesome spender-sandbox version of cuckoo and contains all of spender-sandbox/community-modified

Installation

1. Install Docker.
2. Install docker-compose
3. Download trusted build from public Docker Registry: docker pull blacktop/cuckoo

To Run on OSX

• Install Homebrew

$ brew tap caskroom/cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env)

Or install Docker for Mac

Getting Started

$ curl -sL https://github.com/blacktop/docker-cuckoo/raw/master/docker-compose.yml > docker-compose.yml
$ docker-compose up -d
# For docker-machine
$ curl $(docker-machine ip):8000/cuckoo/status
# For Docker for Mac
$ curl localhost:8000/cuckoo/status

{
  "cpuload": [
    0.01220703125,
    0.03515625,
    0.025390625
  ],
  "diskspace": {},
  "hostname": "195855fb100f",
  "machines": {
    "available": 0,
    "total": 0
  },
  "memory": 88.55692015425926,
  "tasks": {
    "completed": 0,
    "pending": 0,
    "reported": 0,
    "running": 0,
    "total": 0
  },
  "version": "2.0-dev"
}

Now Navigate To

• With docker-machine : http://$(docker-machine ip)
• With Docker for Mac : http://localhost

Documentation

• Usage
• Available Subcommands
• Running Modified Version
• Tips and Tricks

Known Issues

Currently won't work with VirtualBox, VMWare Workstation/Fusion or KVM/qemu, but I have an idea on how to do it. 😉

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Todo

• Install/Run Cuckoo Sandbox
• Break mongo out into a separate container using docker-compose
• Fix blacktop/yara and blacktop/volatility so I can use them as a base images for this image
• Create docker-entryporint.sh to use same container as daemon or web app or api or utility, etc
• Figure out how to link to a analysis Windows VM (would be great if it was running in another container)
• Correctly link mongo/elasticsearch in confs or document how to do it at runtime (or use docker-entryporint BEST OPTION)
• add wait-for-it.sh to wait for postgres before API starts
• Web reverse proxy via Nginx with SSL
• Add snort or suricata or both
• Get modified version of cuckoo to install/run in docker

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2017 blacktop