Malware? Tear it apart, discover its ins and outs and collect actionable threat data. Cuckoo is the leading open source automated malware analysis system.

Get Cuckoo Sandbox 2.0 now and start fighting malware!

What is it? In three words, Cuckoo Sandbox is a malware analysis system.

In other words, you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.

In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations and the goals of a breach, for better protecting in the future

Cuckoo Sandbox is a free software that automated the task of analyzing any malicious file under Windows, OS X, Linux, and Android.

What can it do? Cuckoo Sandbox is an advanced, extremely modular, and 100% open malware analysis system with infinite application opportunities. By default it is able to:

  • Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
  • Trace API calls and general behavior of the file.
  • Dump and analyze network traffic, even when encrypted.
  • Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.

Even more interestingly, thanks to Cuckoo's extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.

Even if it's not recommended, in case you need to download older versions of Cuckoo, you can find our historical repository here.

The project is also available on our official GitHub repository

In order to clone Cuckoo from GitHub you can use the following command:

git clone git://

Cuckoo Sandbox is developed mostly by volunteers during their free time and we are always on the look for people that can contribute more code and implement some additional cutting-edge features into it.

Beware tho, contributing is not an easy task: we are very picky on the contributions as everything has to fit our coding style and should bring a real added value to the tool.

You need to have good knowledge on the internals of the sandbox, use it, play with it and understand it at its deepest components. After having dissected it enough, you'll surely have some patches or features you want to add.

You can also give a look at our Issue Tracker to get a glance on what we are currently working on and what still has to be done. You should read our documentation as it contains all details on coding style and good practices.


GitHub is our main development platform. Our organization is located here. You will find multiple repositories there, mainly:

All development now happens on master branch, so please consider our GitHub repository as an ongoing development platform, not stable or ready for deployment.

Report a Bug

You can report bugs on our Issue Tracker on GitHub. We really appreciate any bug report, but please before submitting any make sure that:


If you're experiencing an issue and you need help and assistance, please use our community platform. There you can find previously asked questions and most likely already the answer you're looking for. Otherwise you can post your own and get assistance from the community.


We also use IRC a lot for real-time communication. Most of the developers hang out there all the time and some of our users and friends meet up there as well.

Channel: #cuckoosandbox

If you don't have an IRC client give a look at irssi or Pidgin or you can use the webchat.

Some basic IRC commands are:

The Cuckoo Sandbox Developers Team is an elite squad of selected hackers spending their nights drinking caffeine derivates, hacking the Gibson and committing code. For press purposes, a group picture is available here.

Claudio nex Guarnieri

Creator & Lead Developer

Claudio is our Willy Wonka, the undisputed dictator of the project. He writes code that doesn't work and he expects others to fix it. He likes long walks on the beach, reading a good book and messing with cybercrooks and cyberspooks. For an extreme abundance of bragging, you can check his bio here.

Alessandro jekil Tanasi

Core Developer

Alessandro is our grumpy old master craftsman. He sleeps with a paper roll printout of our issue tracker and he's determined to keep our code decent. He created HostMap, contributes to sqlmap and runs SecDocs. He firmly believes that his death will be caused by an overdose of exception handling.

Jurriaan skier Bremer

Core Developer

Jurriaan is the youngest conscript of the group. He develops Cuckoo's Windows analysis core, dreams of JMPs and PUSH RETs and blogs about new ways of subverting systems. He can occasionally be found spreading terror with the rest of the De Eindbazen team. Rumours abound that he may have a girlfriend.

Mark rep Schloesser

Core Developer

Mark is our German coding machine. He sees the Matrix, he thinks it sucks and he's probably gonna re-implement it in Python. On his way to rewrite the world, he still fights for German hackers' supremacy with his team 0ldEur0pe. Also a core member of Honeynet. His motto is "less talk, more code".