Malware? Tear it apart, discover its ins and outs and collect actionable threat data. Cuckoo is the leading open source automated malware analysis system.
What is it? In three words, Cuckoo Sandbox is a malware analysis system.
In other words, you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.
In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations and the goals of a breach, for better protecting in the future
Cuckoo Sandbox is a free software that automated the task of analyzing any malicious file under Windows, OS X, Linux, and Android.
What can it do? Cuckoo Sandbox is an advanced, extremely modular, and 100% open malware analysis system with infinite application opportunities. By default it is able to:
- Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
- Trace API calls and general behavior of the file.
- Dump and analyze network traffic, even when encrypted.
- Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.
Even more interestingly, thanks to Cuckoo's extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.
Even if it's not recommended, in case you need to download older versions of Cuckoo, you can find our historical repository here.
The project is also available on our official GitHub repository
In order to clone Cuckoo from GitHub you can use the following command:
git clone git://github.com/cuckoosandbox/cuckoo.git
Cuckoo Sandbox is developed mostly by volunteers during their free time and we are always on the look for people that can contribute more code and implement some additional cutting-edge features into it.
Beware tho, contributing is not an easy task: we are very picky on the contributions as everything has to fit our coding style and should bring a real added value to the tool.
You need to have good knowledge on the internals of the sandbox, use it, play with it and understand it at its deepest components. After having dissected it enough, you'll surely have some patches or features you want to add.
You can also give a look at our Issue Tracker to get a glance on what we are currently working on and what still has to be done. You should read our documentation as it contains all details on coding style and good practices.
GitHub is our main development platform. Our organization is located here. You will find multiple repositories there, mainly:
- Cuckoo, the main repository where we commit our progress on the project.
- Monitor, a separated repository used to develop the Windows analysis core, if you're interested in the internals of our hooking system.
- Community, which is intended to be a repository open to the community where you can find modules and signatures developed by our users.
All development now happens on master branch, so please consider our GitHub repository as an ongoing development platform, not stable or ready for deployment.
Report a Bug
You can report bugs on our Issue Tracker on GitHub. We really appreciate any bug report, but please before submitting any make sure that:
- It actually is a Cuckoo bug and not a mistake or a misconfiguration on your side.
- Ask on the community platform a confirmation for the bug.
- You collected all the required logs and information needed to replicate the bug and contextualize it.
- You formulate the bug report in a clean and readable way.
If you're experiencing an issue and you need help and assistance, please use our community platform. There you can find previously asked questions and most likely already the answer you're looking for. Otherwise you can post your own and get assistance from the community.
We also use IRC a lot for real-time communication. Most of the developers hang out there all the time and some of our users and friends meet up there as well.
If you don't have an IRC client give a look at irssi or Pidgin or you can use the webchat.
Some basic IRC commands are:
/join #channel to join a channel
/part #channel to leave a channel
/nick Nickname to change your nickname
/query Someone to communicate privately with someone
/who to see a list of people in the channel
/help show available ocmmands
The Cuckoo Sandbox Developers Team is an elite squad of selected hackers spending their nights drinking caffeine derivates, hacking the Gibson and committing code. For press purposes, a group picture is available here.
Claudio nex Guarnieri
Creator & Lead Developer
Claudio is our Willy Wonka, the undisputed dictator of the project. He writes code that doesn't work and he expects others to fix it. He likes long walks on the beach, reading a good book and messing with cybercrooks and cyberspooks. For an extreme abundance of bragging, you can check his bio here.
Alessandro jekil Tanasi
Alessandro is our grumpy old master craftsman. He sleeps with a paper roll printout of our issue tracker and he's determined to keep our code decent. He created HostMap, contributes to sqlmap and runs SecDocs. He firmly believes that his death will be caused by an overdose of exception handling.
Jurriaan skier Bremer
Jurriaan is the youngest conscript of the group. He develops Cuckoo's Windows analysis core, dreams of JMPs and PUSH RETs and blogs about new ways of subverting systems. He can occasionally be found spreading terror with the rest of the De Eindbazen team. Rumours abound that he may have a girlfriend.
Mark rep Schloesser
Mark is our German coding machine. He sees the Matrix, he thinks it sucks and he's probably gonna re-implement it in Python. On his way to rewrite the world, he still fights for German hackers' supremacy with his team 0ldEur0pe. Also a core member of Honeynet. His motto is "less talk, more code".