Metadata-Version: 2.0
Name: cuckoomodifiedutils
Version: 1.0.2
Summary: A simple module for the API of the Brad Spengler fork of Cuckoo.
Home-page: https://github.com/seanthegeek/cuckoo-modified-utils
Author: Sean Whalen
Author-email: whalenster@gmail.com
License: Apache 2.0
Keywords: ActiveDirectory,WindowsServer,authentication,LDAP
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Topic :: Security
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Requires-Dist: requests

# cuckoo-modified-utils
Useful scripts for [Brad Spengler's fork of Cuckoo](https://github.com/spender-sandbox/cuckoo-modified)

## Requirements

- [`requests`](https://pypi.python.org/pypi/requests/) - HTTP for humans
- [`pyldfire`](https://pypi.python.org/pypi/pyldfire/) - A python module for the Wildfire API (required for
`wildfire-to-cuckoo.py` only)
- `cuckoo.py` - A basic module for interacting with the Cuckoo API (included in this repository)

## Command line scripts

Each one of these scripts will submit one or more samples to a Cuckoo sandbox, and track the task as the sample is
being analyzed. When submitting individual files, the scripts will notify you of any existing reports before submitting
a new task.

You'll need to edit each of these scripts to set the Cuckoo hostname, username, and password. There are also options for proxies and SSL certificate verification.

    usage: submit-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
                               [--procmemdump]
                               sample [sample ...]

    Submits files or a URL to Cuckoo

    positional arguments:
      sample             One or more filenames or globs, or a single URL

    optional arguments:
      -h, --help         show this help message and exit
      -v, --version      show program's version number and exit
      --tags TAGS        Comma separated tags for selecting an analysis VM
      --options OPTIONS  Comma separated option=value pairs
      --tor              Enable Tor during analysis
      --procmemdump      Dump and analyze process memory

--------------------------------------------------------------------------------

    usage: tor-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS] [--tor]
                            [--procmemdump] [--user-agent USER_AGENT]
                            URL

    Downloads a file via Tor, through a privoxy chain, and sends it to Cuckoo

    positional arguments:
      URL                   URL of the sample

    optional arguments:
      -h, --help            show this help message and exit
      -v, --version         show program's version number and exit
      --tags TAGS           Comma separated tags for selecting an analysis VM
      --options OPTIONS     Comma separated option=value pairs
      --tor                 Enable Tor during analysis
      --procmemdump         Dump and analyze process memory
      --user-agent USER_AGENT
                            The user agent to spoof. Default: Mozilla/5.0
                            (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0;
                            InfoPath.2; .NET CLR 2.0.50727; WOW64)

-----------------------------------------------------------------------------

    usage: wildfire-to-cuckoo.py [-h] [-v] [--tags TAGS] [--options OPTIONS]
                                 [--tor] [--procmemdump]
                                 hash [filename]

    Downloads a sample from Palo Alto Network's Wildfire service and sends it to
    Cuckoo. Requires pyldfire - https://github.com/seanthegeek/pyldfire

    positional arguments:
      hash               A MD5, SHA1, or SHA256 hash of a sample
      filename           The filename of the sample

    optional arguments:
      -h, --help         show this help message and exit
      -v, --version      show program's version number and exit
      --tags TAGS        Comma separated tags for selecting an analysis VM
      --options OPTIONS  Comma separated option=value pairs
      --tor              Enable Tor during analysis
      --procmemdump      Dump and analyze process memory



