Cuckoo 3 is a Python 3 open source automated malware analysis system.
License: European Union Public License 1.2
Cuckoo 3 is a Python 3 open source automated malware analysis system.
For setup instructions, please refer to our documentation.
This is a development version, we do not recommend its use in production.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Get the following error when running install.sh
ERROR: Could not find a version that satisfies the requirement Cuckoo-common>=0.1.1 (from cuckoo) (from versions: 0.1.0)
ERROR: No matching distribution found for Cuckoo-common>=0.1.1
Latest version for cuckoo-common seems to be 0.1.0
With cuckoo 2, it was possible to let it run on proxmox (see https://www.trustedsec.com/blog/working-with-proxmox/) - i'd love to get cuckoo 3 to work with proxmox as well.
I'll set up a new VM and start working on it asap - feel free to contact me if you are interested in that feature as well.
Does cuckoo3 support analysis of memory dumps using volatility? I can't see any mention of it in the code, so guessing not.
So, is there any intention to support it? Is there a roadmap/todo list, or similar, that can be referred to to better undestand the plans and what is and isn't there yet?
I am trying to install Linux agent in Cuckoo3. There is no documentation for that in Cuckoo3 repo. So I'm currently referring to the one documented in the Cuckoo2.7 repo. Has anyone tried installation Linux in Cuckoo3 ?
after doing all things, cuckoo --debug returns the following error:
by the way, cuckoomigrate database all had some errors which said it didn't find some files called version
I followed this link
ERROR [cuckoo.common.log]: Failure during Cuckoo startup: Failed to load config file /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Error in config file: /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Invalid YAML in /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. while scanning a simple key
in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 32, column 1
could not find expected ':'
in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 34, column 1
Fix - Change '=' to ':'
Will a cuckoo3 online demo be provided? Just like cuckoo-python2: https://cuckoo.cert.ee/
Dear Cert-ee
I love that you guys rebooted the project. Thank you very much for this rewrite!
I am trying to enable the statistics function on the sandbox. Now I read from the old Cuckoo2 that it was created to use mongoDB as database, to enable the statisctics feature. In the config files of this cuckoo3 I see Elasticsearch mentioned a lot.
My question is: To enable the Statistics function on cuckoo3. Do I need MongoDB or Elasticsearch or Both? And how does cuckoo use the DB exactly?
Kind Regards
Juriën de Jong
Sometimes cuckoo fails to run and analyze a file. After some time, the file's status is set to failed. Next when I upload a new file to analyze, cuckoo uploads that file and then in the terminal the cuckoo.sheduler module states that "no available machines". Why is it saying so and how to debug this issue ?
Im meeting an error when im trying to acess the local webserver. im getting that all the static used in the website is not found. Any fix for this
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/css/theme.css
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/hashrouter.js
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/ui.js
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/chart.min.js
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/luxon.min.js
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/chartjs-adapter-luxon.min.js
[21/Apr/2023 17:16:42] "GET /static/js/hashrouter.js HTTP/1.1" 404 179
[21/Apr/2023 17:16:42] "GET /static/js/luxon.min.js HTTP/1.1" 404 179
[21/Apr/2023 17:16:42] "GET /static/css/theme.css HTTP/1.1" 404 179
[21/Apr/2023 17:16:42] "GET /static/js/chartjs-adapter-luxon.min.js HTTP/1.1" 404 179
[21/Apr/2023 17:16:42] "GET /static/js/chart.min.js HTTP/1.1" 404 179
[21/Apr/2023 17:16:42] "GET /static/js/ui.js HTTP/1.1" 404 179
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/js/statistics.js
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/images/logo.png
2023-04-21 17:16:42 WARN [django.request]: Not Found: /static/images/cef_logo_2.png
Hello All,
I install cuckoo3 as the documentation and after running cuckoo -d, I got this error
ERROR [cuckoo.runprocessing]: Failed to import plugins for worker. worker=post0 importpath=cuckoo.processing.post.eventconsumer abstractclass=<class 'cuckoo.processing.abtracts.EventConsumer'> error=Failed to import: cuckoo.processing.post.eventconsumer.patternsigs. Error: No module named 'hyperscan._hyperscan'
ERROR [cuckoo.runprocessing]: Worker setup failed. See worker logs. workername=post0
ERROR [cuckoo.runprocessing]: Worker disconnected unexpectedly. workername=post0
I run the install.sh many times and all dependence installed without any error
I run pip list to check the version and this is the list
Package Version Location
aiohttp 3.8.4
aiohttp-sse 2.1.0
aiohttp-sse-client 0.2.1
aiosignal 1.3.1
alembic 1.7.7
asgiref 3.6.0
async-timeout 4.0.2
attrs 23.1.0
backports.zoneinfo 0.2.1
Brotli 1.0.9
capstone 3.0.5
certifi 2022.12.7
cffi 1.15.1
charset-normalizer 3.1.0
click 8.1.3
colorama 0.3.7
colorclass 2.2.2
cryptography 38.0.4
Cuckoo 3.0.1 /opt/cuckoo3/core
Cuckoo-common 0.1.1 /opt/cuckoo3/common
Cuckoo-machineries 0.1.0 /opt/cuckoo3/machineries
Cuckoo-node 0.1.1 /opt/cuckoo3/node
Cuckoo-processing 0.1.1 /opt/cuckoo3/processing
Cuckoo-web 0.1.2 /opt/cuckoo3/web
Deprecated 1.2.13
Django 4.2
django-ipware 5.0.0
django-rest-framework 0.1.0
djangorestframework 3.14.0
dpkt 1.9.8
easygui 0.98.3
ecdsa 0.18.0
elasticsearch 7.17.9
elasticsearch-dsl 7.4.1
frozenlist 1.3.3
future 0.18.3
ghp-import 2.1.0
greenlet 2.0.2
HTTPReplay 1.0.1
hyperscan 0.3.2
idna 3.4
importlib-metadata 6.4.1
importlib-resources 5.12.0
ipaddress 1.0.23
Jinja2 3.1.2
jsbeautifier 1.6.2
jsonschema 4.17.3
Mako 1.2.4
Markdown 3.3.7
MarkupSafe 2.1.2
mergedeep 1.3.4
mkdocs 1.4.2
mkdocs-include-markdown-plugin 4.0.4
msoffcrypto-tool 5.0.1
multidict 6.0.4
olefile 0.46
oletools 0.60.1
packaging 23.1
pcodedmp 1.2.6
peepdf 0.4.2
pefile 2022.5.30
Pillow 3.2.0
pip 20.0.2
pkg-resources 0.0.0
pkgutil-resolve-name 1.3.10
protobuf 3.20.3
psutil 5.9.4
publicsuffixlist 0.9.4
pycparser 2.21
pycryptodome 3.17
pymisp 2.4.170
pyparsing 2.4.7
pyrsistent 0.19.3
python-dateutil 2.8.2
python-magic 0.4.12
pythonaes 1.0
pytz 2023.3
PyYAML 6.0
pyyaml-env-tag 0.1
requests 2.28.2
roach 1.0
setuptools 58.0.0
SFlock 1.0.3
six 1.16.0
SQLAlchemy 1.4.47
sqlparse 0.4.3
suricatactl 0.0.1.dev3
tabulate 0.8.10
tlslite-ng 0.7.6
typing-extensions 4.5.0
urllib3 1.26.15
uWSGI 2.0.21
VMCloak 1.0
vt-py 0.6.3
watchdog 3.0.0
wheel 0.40.0
wrapt 1.15.0
yara-python 4.2.3
yarl 1.8.2
zipp 3.15.0
there is anyone can help me to fix this issue
Thanks
When starting cuckoo:
DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/machineries/qemu.yaml
Process post0:
Traceback (most recent call last):
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1910, in _execute_context
self.dialect.do_execute(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 736, in do_execute
cursor.execute(statement, parameters)
sqlite3.OperationalError: table safelists already exists
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/home/cuckoo/cuckoo3/core/cuckoo/runprocessing.py", line 114, in start
self.initialize_workrunners()
File "/home/cuckoo/cuckoo3/core/cuckoo/runprocessing.py", line 128, in initialize_workrunners
PreProcessingRunner.init_once()
File "/home/cuckoo/cuckoo3/processing/cuckoo/processing/worker.py", line 313, in init_once
init_safelist_db()
File "/home/cuckoo/cuckoo3/common/cuckoo/common/startup.py", line 152, in init_safelist_db
safelistdb.initialize(
File "/home/cuckoo/cuckoo3/common/cuckoo/common/db.py", line 176, in initialize
tablebaseclass.metadata.create_all(engine)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/schema.py", line 4930, in create_all
bind._run_ddl_visitor(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 3238, in _run_ddl_visitor
conn._run_ddl_visitor(visitorcallable, element, **kwargs)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2221, in _run_ddl_visitor
visitorcallable(self.dialect, self, **kwargs).traverse_single(element)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/visitors.py", line 524, in traverse_single
return meth(obj, **kw)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/ddl.py", line 855, in visit_metadata
self.traverse_single(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/visitors.py", line 524, in traverse_single
return meth(obj, **kw)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/ddl.py", line 899, in visit_table
self.connection.execute(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1385, in execute
return meth(self, multiparams, params, _EMPTY_EXECUTION_OPTS)
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/sql/ddl.py", line 80, in _execute_on_connection
return connection._execute_ddl(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1477, in _execute_ddl
ret = self._execute_context(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1953, in _execute_context
self._handle_dbapi_exception(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2134, in _handle_dbapi_exception
util.raise_(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 211, in raise_
raise exception
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1910, in _execute_context
self.dialect.do_execute(
File "/home/cuckoo/venv/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 736, in do_execute
cursor.execute(statement, parameters)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) table safelists already exists
[SQL:
CREATE TABLE safelists (
id INTEGER NOT NULL,
name VARCHAR(64) NOT NULL,
valuetype VARCHAR(32),
value TEXT NOT NULL,
regex BOOLEAN NOT NULL,
platform VARCHAR(32) NOT NULL,
description TEXT,
source TEXT,
PRIMARY KEY (id)
)
]
(Background on this error at: https://sqlalche.me/e/14/e3q8)
2023-07-06 18:19:00 ERROR [cuckoo.common.log]: Failure during Cuckoo startup: One or more processing workers failed to start
2023-07-06 18:19:00 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function main.<locals>._stopmsg at 0x7f7a6ae251f0>
Stopping Cuckoo..
I got this error when I submit the file to the serrver, it returns "Tasks(s) pending" state with a score of 10 but when I click onto it return a page with an "Server Error (500)".
(venv) cuckoo@cuckoo-sandbox:~$ cuckoo web --host 192.168.xxx.xx --port 8080
Performing system checks...
Traceback (most recent call last):
File "/opt/cuckoo3/venv/bin/cuckoo", line 11, in
load_entry_point('Cuckoo', 'console_scripts', 'cuckoo')()
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1130, in call
return self.main(*args, **kwargs)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1635, in invoke
rv = super().invoke(ctx)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/opt/cuckoo3/core/cuckoo/main.py", line 424, in web
start_web(host, port, autoreload=autoreload)
File "/opt/cuckoo3/web/cuckoo/web/web/startup.py", line 132, in start_web
execute_from_command_line(args)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line
utility.execute()
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/base.py", line 402, in run_from_argv
self.execute(*args, **cmd_options)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/commands/runserver.py", line 74, in execute
super().execute(*args, **options)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/base.py", line 448, in execute
output = self.handle(*args, **options)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/commands/runserver.py", line 111, in handle
self.run(**options)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/commands/runserver.py", line 120, in run
self.inner_run(None, **options)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/commands/runserver.py", line 134, in inner_run
self.check(display_num_errors=True)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/management/base.py", line 475, in check
all_issues = checks.run_checks(
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/checks/registry.py", line 88, in run_checks
new_errors = check(app_configs=app_configs, databases=databases)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/checks/urls.py", line 14, in check_url_config
return check_resolver(resolver)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/core/checks/urls.py", line 24, in check_resolver
return check_method()
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/urls/resolvers.py", line 494, in check
for pattern in self.url_patterns:
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/utils/functional.py", line 57, in get
res = instance.dict[self.name] = self.func(instance)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/urls/resolvers.py", line 715, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/utils/functional.py", line 57, in get
res = instance.dict[self.name] = self.func(instance)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/urls/resolvers.py", line 708, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/opt/cuckoo3/web/cuckoo/web/web/urls.py", line 24, in
path("api/", include("cuckoo.web.uiapi.urls")),
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/urls/conf.py", line 38, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/opt/cuckoo3/web/cuckoo/web/uiapi/urls.py", line 7, in
path("analyses/", include("uiapi.analyses.urls")),
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/django/urls/conf.py", line 38, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/opt/cuckoo3/web/cuckoo/web/uiapi/analyses/urls.py", line 7, in
from . import views
File "/opt/cuckoo3/web/cuckoo/web/uiapi/analyses/views.py", line 118
)
^
SyntaxError: invalid syntax
views.py line 115-118:
def get(self, request, analysis_id):
if not cfg(
"web.yaml", "web", "downloads", "submitted_file", subpkg="web"
)
I follow the insstruction and type
cuckoo createcwd
but the terminal show this error
root@sandbox:/opt/cuckoo3# cuckoo createcwd
^[[FTraceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 568, in _build_master
ws.require(requires)
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 886, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 777, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (python-dateutil 2.7.3 (/usr/lib/python3/dist-packages), Requirement.parse('python-dateutil<3.0.0,>=2.8.2'), {'pymisp'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/cuckoo", line 33, in
sys.exit(load_entry_point('Cuckoo', 'console_scripts', 'cuckoo')())
File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1130, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/opt/cuckoo3/core/cuckoo/main.py", line 123, in create_cwd
cuckoocwd.set(cwd_path)
File "/opt/cuckoo3/common/cuckoo/common/storage.py", line 243, in set
outdated = self.discover_outdated_versions()
File "/opt/cuckoo3/common/cuckoo/common/storage.py", line 187, in discover_outdated_versions
from pkg_resources import parse_version
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 3243, in
def _initialize_master_working_set():
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 3226, in _call_aside
f(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 3255, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 570, in _build_master
return cls._build_from_requirements(requires)
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 583, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/local/lib/python3.8/dist-packages/pkg_resources/init.py", line 777, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (python-dateutil 2.7.3 (/usr/lib/python3/dist-packages), Requirement.parse('python-dateutil<3.0.0,>=2.8.2'), {'pymisp'})
Can someone help me please :(
Is it possible to include on the repository the sources of tmstage.exe and the threemon.sys driver?
That way it's easier for the community to improve cuckoo monitoring and even adapt the monitor for other operating systems.
Thanks!
Hello, when trying to install this cuckoo3, I have problem with python pip package "click"
INFO: pip is looking at multiple versions of cuckoo-processing to determine which version is compatible with other requirements. This could take a while.
ERROR: Cannot install httpreplay==1.0 and roach==1.0 because these package versions have conflicting dependencies.
The conflict is caused by:
httpreplay 1.0 depends on click<7.2 and >=7.0.0
roach 1.0 depends on click>=8.1.2
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
Install of ./processing failed
Now, I don't know which version of click is correct.
My installation is on clean Ubuntu 22.04 LTS
Python: 3.10.4
PIP: 22.0.2
PS: I use venv of course.
static analysis is skipped if the file extension is on capital letters
Steps to reproduce the behavior:
get a PE-file and change the .exe-extension to .EXE,
submit the modified file
after analysis: no static analysis result, like "PE file", are shown in the report.
Expected behavior:
Some users/developers set a capitalize extension on their files.
Therefore static analysis shouldn't be case sensitive on the extension
and normally perform the analysis.
Cuckoo 3.0.1, Ubuntu 20.04
Fix:
on this line add lower() after filename
I run this command and it show this:
vmcloak --debug init --win7x64 --hddsize 128 --cpus 1 --ramsize 2048 --network 192.168.30.0/24 --vm qemu --ip 192.168.30.3 --iso-mount /mnt/win7x64 win7base br0
Can anyone help me please :(
It seems that there's no api call trace in report.json. Are there xchat channel available for chatting?
After running ./install.sh from cuckoo home directory (using venv), it installs all the requirements.
After that, when I run cuckoo createcwd and I get the error message
(venv) cuckoo@cuckoo3:/opt/cuckoo3$ cuckoo createcwd
Traceback (most recent call last):
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/pkg_resources/__init__.py", line 568, in _build_master
ws.require(__requires__)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/pkg_resources/__init__.py", line 886, in require
needed = self.resolve(parse_requirements(requirements))
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/pkg_resources/__init__.py", line 777, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (urllib3 2.0.2 (/opt/cuckoo3/venv/lib/python3.8/site-packages), Requirement.parse('urllib3<2,>=1.21.1'), {'elasticsearch'})
how to add linux in vms of cuckoo?
Does anyone know how to fix this? Thanks.
2023-05-30 14:56:24 INFO [cuckoo.startup]: Starting Cuckoo. cwd=/root/.cuckoocwd
2023-05-30 14:56:24 INFO [cuckoo.startup]: Loading configurations
2023-05-30 14:56:24 ERROR [cuckoo.common.log]: Failure during Cuckoo startup: Cuckoo database (cuckoodb) requires migration(s). sqlite:////root/.cuckoocwd/cuckoo.db. Found version: 'No version table'. Latest version: ''.
Stopping Cuckoo..
Failure during Cuckoo startup: Cuckoo database (cuckoodb) requires migration(s). sqlite:////root/.cuckoocwd/cuckoo.db. Found version: 'No version table'. Latest version: ''.
proxmoxer can timeout while calling ProxmoxAPI as the timeout time is pretty short.
When I run "cuckoo -d" I got this error that it shows 0 machine. Can anyone help me please?
There seems to be an incompatibility between the requirements of 2 dependency: cuckoo-processing and roach.
Logs when running install.sh
INFO: pip is looking at multiple versions of <Python from Requires-Python> to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of cuckoo-processing to determine which version is compatible with other requirements. This could take a while.
ERROR: Cannot install cuckoo-processing==0.1.0 and roach==1.0 because these package versions have conflicting dependencies.
The conflict is caused by:
cuckoo-processing 0.1.0 depends on pefile<2023.0.0 and >=2022.5.30
roach 1.0 depends on pefile<2019.5.0 and >=2019.4.18
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
Any plan to support docker deployment? It'll much easier to deploy it on the other architecture, and so on, thank you.
I got this error when running ./install.sh, can anyone help me please :(
2023-06-26 17:20:50 INFO [cuckoo.startup]: Starting Cuckoo. cwd=/home/zer0py2c/.cuckoocwd
2023-06-26 17:20:50 INFO [cuckoo.startup]: Loading configurations
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/cuckoo.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/analysissettings.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/identification.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/virustotal.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/misp.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/intelmq.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/elasticsearch.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/suricata.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/processing/post.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/web/web.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/zer0py2c/.cuckoocwd/conf/machineries/kvm.yaml
2023-06-26 17:20:50 DEBUG [cuckoo.startup]: Initializing database
2023-06-26 17:20:50 DEBUG [cuckoo.startup]: Initializing task queue
Traceback (most recent call last):
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/sql/base.py", line 1156, in getattr
return self._index[key]
KeyError: 'scheduled'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/sql/base.py", line 1580, in entity_namespace_key
return getattr(ns, key)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/sql/base.py", line 1158, in getattr
util.raise(AttributeError(key), replace_context=err)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 198, in raise_
raise exception
AttributeError: scheduled
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/main.py", line 76, in main
start_cuckoo(ctx.loglevel, cancel_abandoned=cancel_abandoned)
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/startup.py", line 409, in start_cuckoo
task_queue = make_task_queue()
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/startup.py", line 290, in make_task_queue
return TaskQueue(Paths.queuedb())
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/taskqueue.py", line 212, in init
self._init_counts()
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/taskqueue.py", line 226, in _init_counts
self._counts.unscheduled = tq.count_unscheduled()
File "/home/zer0py2c/cuckoo3-main/core/cuckoo/taskqueue.py", line 180, in count_unscheduled
return self._ses.query(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 1733, in filter_by
clauses = [
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 1734, in
entity_namespace_key(from_entity, key) == value
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/sql/base.py", line 1582, in entity_namespace_key
util.raise(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 198, in raise
raise exception
sqlalchemy.exc.InvalidRequestError: Entity namespace for "count(qeueudtasks.id)" has no property "scheduled"
2023-06-26 17:20:50 ERROR [cuckoo.common.log]: Unexpected failure during Cuckoo startup: Entity namespace for "count(qeueudtasks.id)" has no property "scheduled"
2023-06-26 17:20:50 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function main.._stopmsg at 0x7f19f25d74c0>
Stopping Cuckoo..
2023-06-26 17:20:50 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<bound method DBMS.cleanup of <cuckoo.common.db.DBMS object at 0x7f19f0a316a0>>
2023-06-26 17:20:50 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function stop_queue_listener at 0x7f19f25d2430>
Unexpected failure during Cuckoo startup: Entity namespace for "count(qeueudtasks.id)" has no property "scheduled"
Hello, when I run a task after the test time has expired, I get the following error:
ERROR [cuckoo.processing.worker]: Fatal error during event usage. error=a bytes-like object is required
Traceback (most recent call last):
File "/opt/cuckoo3/processing/cuckoo/processing/worker.py", line 388, in start
self._read_events()
File "/opt/cuckoo3/processing/cuckoo/processing/worker.py", line 384, in _read_events
consumer.use_event(event)
File "/opt/cuckoo3/processing/cuckoo/processing/post/eventconsumer/patternsigs.py", line 92, in use_event
event.pattern_scan(self.scanner, self.taskctx)
File "/opt/cuckoo3/processing/cuckoo/processing/event/events.py", line 160, in pattern_scan
pattern_scanner.scan(
File "/opt/cuckoo3/processing/cuckoo/processing/signatures/pattern.py", line 1025, in scan
scandb.scan(
TypeError: a bytes-like object is required
2022-10-19 08:33:40 ERROR [cuckoo.control]: Task post stage failed. task_id=20221019-SW3A0J_1
I got this error when running "cuckoo -d"
My hyperscan version is 0.4.0, and I tried to fix it like issue 32 but it does not work, can anyone help me please?
Hi,
We currently have an issue with our Cuckoo 3 PoC.
We are unable to run url submission.
Traceback (most recent call last):
File "/xxxx/yyyyy/cuckoo3/core/cuckoo/control.py", line 458, in run
worktracker.run_work()
File "/xxxx/yyyyy/cuckoo3/core/cuckoo/control.py", line 421, in run_work
self._func(self, **self._func_kwargs)
File "/xxxx/yyyyy/cuckoo3/core/cuckoo/control.py", line 272, in set_next_state
handle_pre_done(worktracker)
File "/xxxx/yyyyy/cuckoo3/core/cuckoo/control.py", line 151, in handle_pre_done
analyses.determine_final_platforms(analysis, pre)
File "/xxxx/yyyyy/cuckoo3/common/cuckoo/common/analyses.py", line 343, in determine_final_platforms
platforms = _platforms_from_target(analysis, pre)
File "/xxxx/yyyyy/cuckoo3/common/cuckoo/common/analyses.py", line 257, in _platforms_from_target
if autotag and pre.target.machine_tags:
File "/xxxx/yyyyy/cuckoo3/common/cuckoo/common/strictcontainer.py", line 281, in __getattr__
return super().__getattribute__(item)
AttributeError: 'TargetURL' object has no attribute 'machine_tags'
Note : In the web interface, analysis stays "Pending pre"
Do you have any quick fix for this ? We use tags with vms but maybe we have to implement something specific on url analysis ?
Thank you !
There are two instances in the docs where a python version is specified.
So which one is it? and shouldn't support for python3.6 be dropped as It's EOL?
Hi .
How can i add linux vm to cuckoo ? I need it please help me
while running samples the cuckoo daemon shows warnings multiple times:
2022-01-05 09:01:54 WARN [cuckoo.node.resultserver]: Task result cancelled during initialization. task_id=20220105-60BCND_1 error=No protocol header specified
Is that important?
Also, I found the cuckoo3 is running much slower than the original cuckoo2, and even the samples process has terminated, the daemon was still waiting.
Will Cuckoo 3 be deployable in ESXi hosts as its predecessor did?
Apologies in advance for the picture
I was installing via the install.sh, ran into issues with hyperscan
i did a:
python3 -m pip install -UI pip
python3 -m pip install hyperscan
ERROR [cuckoo.common.log]: Failure during Cuckoo startup: Failed to load config file /home/cuckoosb/.cuckoocwd/conf/web/web.yaml. Error in config file: /home/cuckoosb/.cuckoocwd/conf/web/web.yaml. Missing required key user
.cuckoocwd/conf/web/web.yaml
# Remote storage usage is the retrieval of analysis reports etc from
# a remote Cuckoo 'long term storage' host.
remote_storage:
enabled: False
api_url: Null
# API key does not need administrator privileges
api_key: Null
elasticsearch:
# The Elasticsearch settings must be configured to be able to use any of
# the features in this section.
# Enable or disable the Cuckoo web results search functionality
web_search:
enabled: False
# Enable or disable Cuckoo web results statistics. Detected family, behavior
# graphs, amount of submissions, etc.
statistics:
enabled: False
# All enabled charts types and the time ranges over which they
# should display data. Available range: daily, weekly, monthly, yearly.
# Available chart examples: families_bar, families_line, targettypes_bar,
# categories_bar, categories_line, submissions_line
charts:
- chart_type: submissions_line
time_range: yearly
- chart_type: submissions_line
time_range: monthly
- chart_type: families_bar
time_range: weekly
- chart_type: families_line
time_range: weekly
- chart_type: targettypes_bar
time_range: monthly
- chart_type: categories_bar
time_range: monthly
# The Elasticsearch hosts where results are reported to during processing.
# Should be one ore more host:port combinations.
hosts:
- http://127.0.0.1:9200
indices:
# The names to use when searching Elasticsearch. Each name must be unique
# and should also be used in reporting.
names:
analyses: analyses
tasks: tasks
events: events
# The max result window that will be used in searches. The Elasticsearch default is 10000. This
# window has impact in how far back you can search with queries that match a large amount of documents.
max_result_window: 10000
# Specific web features that can be disabled/enabled
web:
downloads:
# Enable/disable submitted file downloading.
submitted_file: Null
# A list of strings representing the subnets or ipaddresses that can download
allowed_subnets: Null
(venv) cuckoosb@perm-cuckoosb:~$ ^C
(venv) cuckoosb@perm-cuckoosb:~$ sudo nano .cuckoocwd/conf/web/web.yaml
(venv) cuckoosb@perm-cuckoosb:~$ sudo nano .cuckoocwd/conf/web/web.yaml
(venv) cuckoosb@perm-cuckoosb:~$ cat .cuckoocwd/conf/web/web.yaml
# Remote storage usage is the retrieval of analysis reports etc from
# a remote Cuckoo 'long term storage' host.
remote_storage:
enabled: False
api_url: Null
# API key does not need administrator privileges
api_key: Null
elasticsearch:
# The Elasticsearch settings must be configured to be able to use any of
# the features in this section.
# Enable or disable the Cuckoo web results search functionality
web_search:
enabled: False
# Enable or disable Cuckoo web results statistics. Detected family, behavior
# graphs, amount of submissions, etc.
statistics:
enabled: False
# All enabled charts types and the time ranges over which they
# should display data. Available range: daily, weekly, monthly, yearly.
# Available chart examples: families_bar, families_line, targettypes_bar,
# categories_bar, categories_line, submissions_line
charts:
- chart_type: submissions_line
time_range: yearly
- chart_type: submissions_line
time_range: monthly
- chart_type: families_bar
time_range: weekly
- chart_type: families_line
time_range: weekly
- chart_type: targettypes_bar
time_range: monthly
- chart_type: categories_bar
time_range: monthly
# The Elasticsearch hosts where results are reported to during processing.
# Should be one ore more host:port combinations.
hosts:
- http://127.0.0.1:9200
indices:
# The names to use when searching Elasticsearch. Each name must be unique
# and should also be used in reporting.
names:
analyses: analyses
tasks: tasks
events: events
# The max result window that will be used in searches. The Elasticsearch default is 10000. This
# window has impact in how far back you can search with queries that match a large amount of documents.
max_result_window: 10000
# Specific web features that can be disabled/enabled
web:
downloads:
# Enable/disable submitted file downloading.
submitted_file: Enable
# A list of strings representing the subnets or ipaddresses that can download
allowed_subnets: Null
cuckoo createcwd:
Traceback (most recent call last):
File "/opt/cuckoo3/common/cuckoo/common/config.py", line 550, in render_config_from_dict
rendered = template.render(values_dict)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/jinja2/environment.py", line 1301, in render
self.environment.handle_exception()
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/jinja2/environment.py", line 936, in handle_exception
raise rewrite_traceback_stack(source=source)
File "<template>", line 32, in top-level template code
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/jinja2/environment.py", line 485, in getattr
return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'processing' is undefined
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/cuckoo3/venv/bin/cuckoo", line 33, in <module>
sys.exit(load_entry_point('Cuckoo', 'console_scripts', 'cuckoo')())
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/opt/cuckoo3/venv/lib/python3.8/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/opt/cuckoo3/core/cuckoo/main.py", line 125, in create_cwd
create_configurations()
File "/opt/cuckoo3/common/cuckoo/common/startup.py", line 202, in create_configurations
config.render_config_from_typeloaders(
File "/opt/cuckoo3/common/cuckoo/common/config.py", line 532, in render_config_from_typeloaders
render_config_from_dict(template_path, values, write_to)
File "/opt/cuckoo3/common/cuckoo/common/config.py", line 552, in render_config_from_dict
raise ConfigurationError(f"Failed to render template. {e}")
cuckoo.common.config.ConfigurationError: Failed to render template. 'processing' is undefined
I am done installing the requirements to run Cuckoo but I cant locate the install.sh script. Is there any comand to be run after installing system requirements?
There seems to be an issue with conflicting dependancies when running install.sh
cuckoo==3.0.0 seems to require sqlalchemy <1.4, >=1.3.13
cuckoo-common==0.1.0 seems to require sqlalchemy <1.5, >=1.4
because of these two different version assignemnts, you can not satisfy the dependancy requirements of both cuckoo-common and cuckoo 3 at the same time.
After installed cuckoo3, there is no cuckoo.db in $CWD. It shows that I need to run" cuckoomigrate database all". But this script shows No such file or directory: 'alembic'
Errors when starting cuckoo
File .../conf/processing/irma.yaml:
2023-07-06 09:17:46 INFO [cuckoo.startup]: Starting Cuckoo. cwd=/home/cuckoo/.cuckoocwd 2023-07-06 09:17:46 INFO [cuckoo.startup]: Loading configurations 2023-07-06 09:17:46 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/cuckoo.yaml 2023-07-06 09:17:46 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/analysissettings.yaml 2023-07-06 09:17:46 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/processing/identification.yaml 2023-07-06 09:17:46 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/processing/virustotal.yaml 2023-07-06 09:17:46 DEBUG [cuckoo.common.startup]: Loading config. confpath=/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml 2023-07-06 09:17:46 ERROR [cuckoo.common.log]: Failure during Cuckoo startup: Failed to load config file /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Error in config file: /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Invalid YAML in /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. while scanning a simple key in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 13, column 1 could not find expected ':' in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 15, column 1 2023-07-06 09:17:46 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function main.<locals>._stopmsg at 0x7fbe43cc51f0> Stopping Cuckoo.. 2023-07-06 09:17:46 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function stop_queue_listener at 0x7fbe43cbc160> Failure during Cuckoo startup: Failed to load config file /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Error in config file: /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Invalid YAML in /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. while scanning a simple key in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 13, column 1 could not find expected ':' in "/home/cuckoo/.cuckoocwd/conf/processing/irma.yaml", line 15, column 1
Changing 'timeout = 60' to 'timeout: 60' seems to fix it.
Still getting a second error:
2023-07-06 09:13:24 ERROR [cuckoo.common.log]: Failure during Cuckoo startup: Failed to load config file /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Error in config file: /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Missing required key submitter 2023-07-06 09:13:24 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function main.<locals>._stopmsg at 0x7f1d410311f0> Stopping Cuckoo.. 2023-07-06 09:13:24 DEBUG [cuckoo.common.shutdown]: Calling shutdown method. method=<function stop_queue_listener at 0x7f1d41028160> Failure during Cuckoo startup: Failed to load config file /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Error in config file: /home/cuckoo/.cuckoocwd/conf/processing/irma.yaml. Missing required key submitter
after running, the UI is not working.
cuckoo web --host 192.168.30.1 --port 8080 command respond:
and this is the front:
Used the guide at https://reversingfun.com/posts/cuckoo-3-installation-guide/
When submitting an exe for analysis, the system spins up as many VMs as configured, and runs the exe for the alloted time. Screenshots are made as expected and the pcap files are all uploaded to the analyses folder on cuckoocwd.
But post analysis just stops. The webpage shows "Task(s) pending" forever and the logs don't show why it doesn't do anything.
Below is the output of cuckoo --verbose.
2023-04-21 13:10:13 DEBUG [cuckoo.node.resultserver]: Screenshot upload ended. newfile=26924.jpg size=48.3KiB task_id=20230421-DIZ1RT_1
2023-04-21 13:10:25 DEBUG [cuckoo.node.taskrunner]: Task run timeout reached. timeout=30 task_id=20230421-DIZ1RT_1
2023-04-21 13:10:25 DEBUG [cuckoo.node.taskrunner]: Requesting machine stop. machine=win10vm_4 task_id=20230421-DIZ1RT_1
2023-04-21 13:10:25 DEBUG [cuckoo.node.machinery]: Machine action request. machine=win10vm_4 action=<function stop at 0x7f2139b62dc0>
2023-04-21 13:10:25 DEBUG [cuckoo.node.machinery]: Starting work. machine=win10vm_4 action=<function stop at 0x7f2139b62dc0>
2023-04-21 13:10:26 DEBUG [cuckoo.common.netcapture]: Stopping tcpdump process. pid=2891
2023-04-21 13:10:26 DEBUG [cuckoo.common.netcapture]: Reading tcpdump process stderr. Process has not exited yet. Waiting for it to exit. pid=2891 timeout=60
2023-04-21 13:10:26 DEBUG [cuckoo.node.machinery]: Updating machine state. machine=win10vm_4 newstate=poweroff
2023-04-21 13:10:27 DEBUG [cuckoo.node.taskrunner]: Asking resultserver to unmap IP-task. ip=192.168.30.23 task_id=20230421-DIZ1RT_1
2023-04-21 13:10:27 DEBUG [cuckoo.node.taskrunner]: Sending task done state to state controller. task_id=20230421-DIZ1RT_1
2023-04-21 13:10:27 INFO [cuckoo.node.taskrunner]: Task completed. task_id=20230421-DIZ1RT_1
2023-04-21 13:10:27 DEBUG [cuckoo.node.resultserver]: File upload ended. newfile='logs/threemon.pb' size=72.4KiB task_id=20230421-DIZ1RT_1
2023-04-21 13:10:27 DEBUG [cuckoo.control]: Queueing task for post analysis processing. task_id=20230421-DIZ1RT_1
2023-04-21 13:10:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:11:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:12:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:13:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:14:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:15:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:16:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:17:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:18:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:19:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:20:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:21:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
2023-04-21 13:22:27 DEBUG [cuckoo.scheduler]: No new tasks(s)
Sometimes my cuckoo3 analysis failed, the debug log as follows:
2023-07-05 15:24:18 DEBUG [cuckoo.processing.worker]: Using event consumers. event_consumers=[<cuckoo.processing.post.eventconsumer.eventlogs.EventJSONFiles object at 0x7f99041f2b20>, <cuckoo.processing.post.eventconsumer.patternsigs.PatternFinder object at 0x7f99041f2b80>, <cuckoo.processing.post.eventconsumer.injection.ProcessInjection object at 0x7f99041f2c40>, <cuckoo.processing.post.eventconsumer.suspicious.SuspiciousEventScoring object at 0x7f99041f2ca0>] task_id=20230705-GMILGY_1
2023-07-05 15:24:18 DEBUG [cuckoo.processing.worker]: Chose translator for logfile. logfile=threemon.pb translator_class=<class 'cuckoo.processing.event.translate.threemon.reader.ThreemonReader'> task_id=20230705-GMILGY_1
2023-07-05 15:24:18 DEBUG [cuckoo.processing.worker]: Running processing plugin. plugin=Pcapreader stage=post task_id=20230705-GMILGY_1
2023-07-05 15:24:19 ERROR [cuckoo.processing.worker]: Failure during processing. error=Failed to run plugin Pcapreader. xpress task_id=20230705-GMILGY_1
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/worker.py", line 197, in _run_processing_instances
data = instance.start()
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/post/network.py", line 312, in start
for flow, ts, proto, sent, recv in r.process():
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/reader.py", line 130, in process
self.tcp and self.tcp.process(ts, ip, packet)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 143, in process
s.process(ts, tcp, to_server)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 423, in process
self.states[self.state](self, ts, tcp, to_server)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 342, in state_conn
self.parent.handle(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 724, in handle
while self.states[self.state](self, s, ts):
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 678, in state_stream
self.parent.handle(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 285, in handle
super(HttpsProtocol, self).handle(s, ts, protocol, sent, recv, tlsinfo)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 262, in handle
s, ts, protocols[protocol], req, self.parse_response(ts, recv),
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 198, in parse_response
raise UnknownHttpEncoding(content_encoding)
httpreplay.exceptions.UnknownHttpEncoding: xpress
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/worker.py", line 231, in _handle_processing
_run_processing_instances(processing_instances, ctx)
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/worker.py", line 205, in _run_processing_instances
raise PluginError(
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/worker.py", line 197, in _run_processing_instances
data = instance.start()
File "/usr/local/lib/python3.8/dist-packages/Cuckoo_processing-0.1.1-py3.8.egg/cuckoo/processing/post/network.py", line 312, in start
for flow, ts, proto, sent, recv in r.process():
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/reader.py", line 130, in process
self.tcp and self.tcp.process(ts, ip, packet)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 143, in process
s.process(ts, tcp, to_server)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 423, in process
self.states[self.state](self, ts, tcp, to_server)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 342, in state_conn
self.parent.handle(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 724, in handle
while self.states[self.state](self, s, ts):
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/transport.py", line 678, in state_stream
self.parent.handle(
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 285, in handle
super(HttpsProtocol, self).handle(s, ts, protocol, sent, recv, tlsinfo)
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 262, in handle
s, ts, protocols[protocol], req, self.parse_response(ts, recv),
File "/home/zer0py2c/.local/lib/python3.8/site-packages/httpreplay/protoparsers.py", line 198, in parse_response
raise UnknownHttpEncoding(content_encoding)
cuckoo.processing.errors.PluginError: Failed to run plugin Pcapreader. xpress
2023-07-05 15:24:19 ERROR [cuckoo.control]: Task post stage failed. task_id=20230705-GMILGY_1
when processing ./install.sh,it reports that there is a conflict version of cryptography.
cuckoo-processing require >3.3.2
but sflock require <= 3.2
At the moment I just change the minimal version for cuckoo-processing to 3.2 but I'm not sure whether this works.
I am wondering if Cuckoo3 has the ability to work in a AWS environment. Would this be something that i can set up with the current system?
this line is checking url, it should check if there is file check file, if it's url check url.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.