Cuckoo Sandbox

Blog post

Cuckoo Sandbox 2.0.0

Today represents a big day for Cuckoo Sandbox, the leading open source automated malware analysis sandbox. After a years worth of work we're finally releasing a first version of the Cuckoo Package (codename "package"). As with most of our releases this version introduces many improvements, new concepts, stability tweaks, and so much more that we won't be able to go into every detail in this release post.

The Cuckoo Package shapes a new future when it comes to deployment, maintenance, user interaction & experience, and the development cycle of Cuckoo Sandbox itself. It's our biggest improvement on usability & UX so far since our early days in 2010 and as such defines the start of a new era for both the development team as well as our users.

We'll go through the various different improvements by splitting 'em up into three different categories: usability & UX, stability improvements, and misc changes.

Usability & UX

By far the most important step forward of this release is a first start on our goal of simplifying the initial setup for our users. It has been known that installing Cuckoo Sandbox may take up to three days for a novice user. This release is the first in a series of releases that will reduce the setup time to one hour (and in the future this will be including setting up VMs).

From now on, one may install Cuckoo by running $ pip install -U cuckoo. Of course there are still more steps to the installation, but assuming these have been met, installing and upgrading Cuckoo is as simple as running this one command. Note that, if pip install isn't working properly, that it is very important to follow the OS-specific installation steps.

We have put a lot of effort in an attempt to reduce exactly those problems that have been reported by hundreds of our users. By doing so we hope to largely mitigate the following and many more previously common errors:

This release features a lot of updates to the Cuckoo Web Interface and represents a start towards a simplified user experience allowing novice as well as advanced users to get the most out of it. Among many other updates we'd like to highlight the following improvements:

With regards to usability we can inform you on the following topics:

Stability Improvements

This release contains a terrific amount of work on stability tweaks and unit testing. In particular, it features over 600 unit tests which combined perform unit tests over more than 50% of our code base. In addition to that there are also nearly 100 functional tests. This is a great step forward from our previous unit testing, which was practically none. This unit testing will ensure us that future changes won't brick compatibility with older versions of Cuckoo, proof that new features actually work, and allow us to develop and release new features more quickly & consistently.

Naturally this new version isn't just more stable - it also comes with improved (and optional) user support integrated. If an analysis doesn't work as you'd expect it to, simply click on the feedback button and fill out the form as per your concerns. We'll get a copy of the analysis (to the extent that you wish to share it with us) with your message and based on that we're able to relatively quickly investigate the problem, come up with a fix or ETA on when it will be resolved, and stay in contact per email with you to ensure a sound fix on your Cuckoo setup and, by including any bug fixes to the upcoming release, ensure this bug will not happen anymore in the future.

Misc changes

If you have an older setup of Cuckoo Sandbox laying around that contains all of your configuration and analyses then we've got good news for you: in the new version you'll be able to import an existing Cuckoo setup. Cuckoo will apply database migrations as well as configuration migrations (there are, e.g., several changes to cuckoo.conf as well as to the other configuration files) and prepare the new Cuckoo environment with all of your existing analyses. Upgrading your existing setup has never been this easy. Do keep in mind that any code changes that were applied to your local setup are not taken into account during this upgrade. These will have to be applied manually. Please reach out to our team for help on this matter.

There are many, many other smaller and bigger misc improvements part of this release. In all fairness, what else do you expect after a year of development? We're going to quickly list some of these changes for your and our reference:

Upcoming

We have lots of smaller and bigger changes still in the pipeline that will be included in the upcoming release(s). Due to upgrading being much easier from now on (i.e., $ pip install -U cuckoo) we'll be able to push out updates more often - and we'll certainly be doing so. May it be for new features, critical bug fixes, etc.

Following you'll find some of our upcoming ideas, features, and tweaks:

Interested to see your feature requests, add-ons, and more in our upcoming version(s)? See also our contact information below & check out the did you know further down below.

Conclusions

This release brings many new features & functionality to our users. We hope that with the simplified setup & usage patterns a wider user base may be formed due to our project being more accessible & more easily integrated in any current environments.

For feedback & questions, please do not hesitate to seek contact with us on IRC (#cuckoosandbox on irc.freenode.net), our Github repository, or per email. If you're interested to being kept up-to-date with future blog posts, releases, and other announcements, please send us an email as well and we'll be sure to get back to you and allow you to be the first to hear news from our side!

Did you know?

Some facts that one may have missed:

All of this wouldn't have been possible without our great users & sponsors. Thanks to everyone for using and supporting Cuckoo Sandbox - you know who you are.


Discuss on Twitter to @cuckoosandbox or with the hashtag #cuckoosandbox.