def breakpoint(self):
set_event()
self.handler.suspend_machine()
print yellow("Run hh() for help")
set_bp = self.set_bp
set_volshell_bp = self.set_volshell_bp
import pdb;pdb.set_trace()
self.handler.resume_machine()
clear_event()
def logo():
"""Cuckoo asciiarts.
@return: asciiarts array.
"""
logos = []
logos.append("""
),-. /
Cuckoo Sandbox <(a `---','
no chance for malwares! ( `-, ._> )
) _>.___/
_/""")
logos.append("""
.-----------------.
| Cuckoo Sandbox? |
| OH NOES! |\\ '-.__.-'
'-----------------' \\ /oo |--.--,--,--.
\\_.-'._i__i__i_.'
\"\"\"\"\"\"\"\"\"""")
print((color(random.choice(logos), random.randrange(31, 37))))
print()
print((" Cuckoo Sandbox %s" % yellow(CUCKOO_VERSION)))
print(" www.cuckoosandbox.org")
print(" Copyright (c) 2010-2015")
print()
print(" CAPE: Config and Payload Extraction")
print(" github.com/kevoreilly/CAPEv2")
print()
sys.stdout.flush()
def check_version():
"""Checks version of Cuckoo."""
cfg = Config()
if not cfg.cuckoo.version_check:
return
print(" Checking for updates...")
url = "http://api.cuckoosandbox.org/checkversion.php"
data = urllib.urlencode({"version": CUCKOO_VERSION})
try:
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
except (urllib2.URLError, urllib2.HTTPError):
print(red(" Failed! ") + "Unable to establish connection.\n")
return
try:
r = json.loads(response.read())
except ValueError:
print(red(" Failed! ") + "Invalid response.\n")
return
if not r["error"]:
if r["response"] == "NEW_VERSION" and r["current"] != "1.2":
msg = "Cuckoo Sandbox version %s is available now." % r["current"]
print(red(" Outdated! ") + msg)
elif r["current"] == "1.2":
print(yellow(" Okay! ") + "You are running a development version.")
else:
print(
green(" Good! ") + "You have the latest version "
"available.\n")
def check_version():
"""Checks version of Cuckoo."""
cfg = Config()
if not cfg.cuckoo.version_check:
return
print(" Checking for updates...")
url = "http://api.cuckoosandbox.org/checkversion.php"
data = urllib.urlencode({"version": CUCKOO_VERSION})
try:
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
except (urllib2.URLError, urllib2.HTTPError):
print(red(" Failed! ") + "Unable to establish connection.\n")
return
try:
r = json.loads(response.read())
except ValueError:
print(red(" Failed! ") + "Invalid response.\n")
return
if not r["error"]:
if r["response"] == "NEW_VERSION" and r["current"] != "1.2":
msg = "Cuckoo Sandbox version %s is available now." % r["current"]
print(red(" Outdated! ") + msg)
elif r["current"] == "1.2":
print(yellow(" Okay! ") + "You are running a development version.")
else:
print(green(" Good! ") + "You have the latest version "
"available.\n")
def install(enabled, force, rewrite):
(temp, source) = download_archive()
folders = {
"signatures": os.path.join("modules", "signatures"),
"processing": os.path.join("modules", "processing"),
"reporting": os.path.join("modules", "reporting"),
"machinemanagers": os.path.join("modules", "machinemanagers"),
"windows": os.path.join("analyzer", "windows", "bin"),
}
for category in enabled:
folder = folders[category]
print("\nInstalling {0}".format(colors.cyan(category.upper())))
origin = os.path.join(source, folder)
if not os.path.isdir(origin):
print " No candidates available, continuing."
continue
for file_name in os.listdir(origin):
if file_name == ".gitignore":
continue
destination = os.path.join(CUCKOO_ROOT, folder, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
shutil.copy(os.path.join(origin, file_name), destination)
print("File \"{0}\" {1}".format(file_name,
colors.green("installed")))
shutil.rmtree(temp)
def install(enabled, force, rewrite, filepath):
(temp, source) = download_archive(filepath)
folders = {
"feeds": os.path.join("modules", "feeds"),
"signatures": os.path.join("modules", "signatures"),
"processing": os.path.join("modules", "processing"),
"reporting": os.path.join("modules", "reporting"),
"machinery": os.path.join("modules", "machinery")
}
for category in enabled:
folder = folders.get(category, False)
if not folder:
continue
print("\nInstalling {0}".format(colors.cyan(category.upper())))
origin = os.path.join(source, folder)
for file_name in os.listdir(origin):
if file_name == ".gitignore":
continue
destination = os.path.join(CUCKOO_ROOT, folder, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
shutil.copy(os.path.join(origin, file_name), destination)
print("File \"{0}\" {1}".format(file_name,
colors.green("installed")))
shutil.rmtree(temp)
def installdir(src, dst, force, rewrite, origin=[]):
for file_name in os.listdir(src):
if file_name == ".gitignore":
continue
destination = os.path.join(dst, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
srcpath = os.path.join(src, file_name)
if os.path.islink(srcpath):
if os.path.lexists(destination):
try:
shutil.rmtree(destination)
except OSError:
os.unlink(destination)
os.symlink(os.readlink(srcpath), destination)
print "Symbolic link \"%s/%s\" -> \"%s\" %s" % (
"/".join(origin), file_name, os.readlink(srcpath),
colors.green("installed"))
elif os.path.isdir(srcpath):
installdir(srcpath, destination, force, rewrite,
origin + [file_name])
else:
if not os.path.isdir(os.path.dirname(destination)):
os.makedirs(os.path.dirname(destination))
shutil.copy(srcpath, destination)
print "File \"%s/%s\" %s" % ("/".join(origin), file_name,
colors.green("installed"))
def installdir(src, dst, force, rewrite, origin=[]):
for file_name in os.listdir(src):
if file_name == ".gitignore":
continue
destination = os.path.join(dst, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
srcpath = os.path.join(src, file_name)
if os.path.islink(srcpath):
if os.path.lexists(destination):
try:
shutil.rmtree(destination)
except OSError:
os.unlink(destination)
os.symlink(os.readlink(srcpath), destination)
print "Symbolic link \"%s/%s\" -> \"%s\" %s" % (
"/".join(origin), file_name, os.readlink(srcpath),
colors.green("installed"))
elif os.path.isdir(srcpath):
installdir(srcpath, destination, force, rewrite,
origin + [file_name])
else:
if not os.path.isdir(os.path.dirname(destination)):
os.makedirs(os.path.dirname(destination))
shutil.copy(srcpath, destination)
print "File \"%s/%s\" %s" % (
"/".join(origin), file_name, colors.green("installed"))
def check_status(_id):
"""Periodically check whether all URL analysis is finished."""
try:
while True:
time.sleep(5)
task_status = task_done(tid)
if task_status == False:
print(bold(yellow("Task Not Done")) + ": still processing URLs")
if task_status == True:
print (bold(green("Task Completed"))+ ": All URLs done have been analyzed")
break
except KeyboardInterrupt:
return
def emit(self, record):
colored = copy.copy(record)
if record.levelname == "WARNING":
colored.msg = yellow(record.msg)
elif record.levelname == "ERROR" or record.levelname == "CRITICAL":
colored.msg = red(record.msg)
else:
if "analysis procedure completed" in record.msg:
colored.msg = cyan(record.msg)
else:
colored.msg = record.msg
logging.StreamHandler.emit(self, colored)
def emit(self, record):
colored = copy.copy(record)
if record.levelname == "WARNING":
colored.msg = yellow(record.msg)
elif record.levelname == "ERROR" or record.levelname == "CRITICAL":
colored.msg = red(record.msg)
else:
if "analysis procedure completed" in record.msg:
colored.msg = cyan(record.msg)
else:
colored.msg = record.msg
logging.StreamHandler.emit(self, colored)
def check_version():
"""Checks version of Cuckoo."""
cfg = Config()
if not cfg.cuckoo.version_check:
return
print(" Checking for updates...")
url = "http://api.cuckoosandbox.org/checkversion.php"
data = urllib.urlencode({"version": CUCKOO_VERSION})
try:
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
except (urllib2.URLError, urllib2.HTTPError, httplib.BadStatusLine):
print(red(" Failed! ") + "Unable to establish connection.\n")
return
try:
response_data = json.loads(response.read())
except ValueError:
print(red(" Failed! ") + "Invalid response.\n")
return
stable_version = response_data["current"]
if CUCKOO_VERSION.endswith("-dev"):
print(
yellow(
" You are running a development version! Current stable is {}."
.format(stable_version)))
else:
if LooseVersion(CUCKOO_VERSION) < LooseVersion(stable_version):
msg = "Cuckoo Sandbox version {} is available now.".format(
stable_version)
print(red(" Outdated! ") + msg)
else:
print(
green(" Good! ") + "You have the latest version "
"available.\n")
def install(enabled, force, rewrite):
(temp, source) = download_archive()
folders = {"signatures" : os.path.join("modules", "signatures")}
for category in enabled:
folder = folders[category]
print("\nInstalling %s" % colors.cyan(category.upper()))
origin = os.path.join(source, folder)
for file_name in os.listdir(origin):
destination = os.path.join(ROOT, folder, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"%s\" already exists, %s" % (file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file \"%s\"? [yes/no] " % file_name)
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
shutil.copy(os.path.join(origin, file_name), destination)
print("File \"%s\" %s" % (file_name, colors.green("installed")))
shutil.rmtree(temp)
def installdir(src, dst, force, rewrite, origin=[]):
for file_name in os.listdir(src):
if file_name == ".gitignore":
continue
destination = os.path.join(dst, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
srcpath = os.path.join(src, file_name)
if os.path.isdir(srcpath):
installdir(srcpath, destination, force, rewrite,
origin + [file_name])
else:
shutil.copy(srcpath, destination)
print("File \"{0}/{1}\" {2}".format("/".join(origin),
file_name,
colors.green("installed")))
def check_version():
"""Checks version of Cuckoo."""
cfg = Config()
if not cfg.cuckoo.version_check:
return
print(" Checking for updates...")
url = "http://api.cuckoosandbox.org/checkversion.php"
data = urllib.urlencode({"version": CUCKOO_VERSION})
try:
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
except (urllib2.URLError, urllib2.HTTPError):
print(red(" Failed! ") + "Unable to establish connection.\n")
return
try:
response_data = json.loads(response.read())
except ValueError:
print(red(" Failed! ") + "Invalid response.\n")
return
stable_version = response_data["current"]
if CUCKOO_VERSION.endswith("-dev"):
print(yellow(" You are running a development version! Current stable is {}.".format(
stable_version)))
else:
if LooseVersion(CUCKOO_VERSION) < LooseVersion(stable_version):
msg = "Cuckoo Sandbox version {} is available now.".format(
stable_version)
print(red(" Outdated! ") + msg)
else:
print(green(" Good! ") + "You have the latest version "
"available.\n")
def installdir(src, dst, force, rewrite, origin=[]):
for file_name in os.listdir(src):
if file_name == ".gitignore":
continue
destination = os.path.join(dst, file_name)
if not rewrite:
if os.path.exists(destination):
print("File \"{0}\" already exists, "
"{1}".format(file_name, colors.yellow("skipped")))
continue
install = False
if not force:
while 1:
choice = raw_input("Do you want to install file "
"\"{0}\"? [yes/no] ".format(file_name))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
srcpath = os.path.join(src, file_name)
if os.path.isdir(srcpath):
installdir(srcpath, destination, force, rewrite,
origin + [file_name])
else:
shutil.copy(srcpath, destination)
print("File \"{0}/{1}\" {2}".format("/".join(origin),
file_name,
colors.green("installed")))
def install(enabled, force, rewrite, filepath):
if filepath and os.path.exists(filepath):
data = open(filepath, "rb").read()
else:
print("Downloading modules from {0}".format(URL))
try:
http = urllib3.PoolManager()
data = http.request("GET", URL).data
t = tarfile.TarFile.open(fileobj=BytesIO(data), mode="r:gz")
except Exception as e:
print("ERROR: Unable to download archive: %s" % e)
sys.exit(-1)
folders = {
"feeds": "modules/feeds",
"signatures": "modules/signatures",
"processing": "modules/processing",
"reporting": "modules/reporting",
"machinery": "modules/machinery",
"analyzer": "analyzer",
"data": "data",
}
members = t.getmembers()
directory = members[0].name.split("/")[0]
for category in enabled:
folder = folders.get(category, False)
if not folder:
continue
print("\nInstalling {0}".format(colors.cyan(category.upper())))
# E.g., "community-master/modules/signatures".
name_start = "%s/%s" % (directory, folder)
for member in members:
if not member.name.startswith(
name_start) or name_start == member.name:
continue
filepath = os.path.join(CUCKOO_ROOT, folder,
member.name[len(name_start) + 1:])
if member.name.endswith(".gitignore"):
continue
if member.isdir():
if not os.path.exists(filepath):
os.mkdir(filepath)
continue
if not rewrite:
if os.path.exists(filepath):
print('File "{}" already exists, {}'.format(
filepath, colors.yellow("skipped")))
continue
install = False
dest_file = os.path.basename(filepath)
if not force:
while 1:
choice = input(
'Do you want to install file "{}"? [yes/no] '.format(
dest_file))
if choice.lower() == "yes":
install = True
break
elif choice.lower() == "no":
break
else:
continue
else:
install = True
if install:
if not os.path.exists(os.path.dirname(filepath)):
os.makedirs(os.path.dirname(filepath))
print('File "{}" {}'.format(filepath,
colors.green("installed")))
open(filepath, "wb").write(t.extractfile(member).read())
def logo():
"""Cuckoo asciiarts.
@return: asciiarts array.
"""
logos = []
logos.append("""
_|
_|_|_| _| _| _|_|_| _| _| _|_| _|_|
_| _| _| _| _|_| _| _| _| _|
_| _| _| _| _| _| _| _| _| _|
_|_|_| _|_|_| _|_|_| _| _| _|_| _|_|""")
logos.append("""
__
.----..--.--..----.| |--..-----..-----.
| __|| | || __|| < | _ || _ |
|____||_____||____||__|__||_____||_____|""")
logos.append("""
.:
::
.-. , : .-. ;;.-. .-. .-.
; ; ; ; ;; .' ; ;'; ;'
`;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;'""")
logos.append("""
eeee e e eeee e e eeeee eeeee
8 8 8 8 8 8 8 8 8 88 8 88
8e 8e 8 8e 8eee8e 8 8 8 8
88 88 8 88 88 8 8 8 8 8
88e8 88ee8 88e8 88 8 8eee8 8eee8""")
logos.append("""
_____________________________________/\/\_______________________________
___/\/\/\/\__/\/\__/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
___/\/\/\/\____/\/\/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
________________________________________________________________________""")
logos.append("""
_______ _ _ _______ _ _ _____ _____
| | | | |____/ | | | |
|_____ |_____| |_____ | \\_ |_____| |_____|""")
logos.append("""
_
____ _ _ ____| | _ ___ ___
/ ___) | | |/ ___) |_/ ) _ \ / _ \\
( (___| |_| ( (___| _ ( |_| | |_| |
\\____)____/ \\____)_| \\_)___/ \\___/""")
logos.append("""
______ __ __ ______ ___ ___ ______ ______
/_____/\\ /_/\\/_/\\ /_____/\\ /___/\\/__/\\ /_____/\\ /_____/\\
\\:::__\\/ \\:\\ \\:\\ \\\\:::__\\/ \\::.\\ \\\\ \\ \\\\:::_ \\ \\\\:::_ \\ \\
\\:\\ \\ __\\:\\ \\:\\ \\\\:\\ \\ __\\:: \\/_) \\ \\\\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\ \\/_/\\\\:\\ \\:\\ \\\\:\\ \\/_/\\\\:. __ ( ( \\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\_\\ \\ \\\\:\\_\\:\\ \\\\:\\_\\ \\ \\\\: \\ ) \\ \\ \\:\\_\\ \\ \\\\:\\_\\ \\ \\
\\_____\\/ \\_____\\/ \\_____\\/ \\__\\/\\__\\/ \\_____\\/ \\_____\\/"""
)
logos.append("""
sSSs .S S. sSSs .S S. sSSs_sSSs sSSs_sSSs
d%%SP .SS SS. d%%SP .SS SS. d%%SP~YS%%b d%%SP~YS%%b
d%S' S%S S%S d%S' S%S S&S d%S' `S%b d%S' `S%b
S%S S%S S%S S%S S%S d*S S%S S%S S%S S%S
S&S S&S S&S S&S S&S .S*S S&S S&S S&S S&S
S&S S&S S&S S&S S&S_sdSSS S&S S&S S&S S&S
S&S S&S S&S S&S S&S~YSSY%b S&S S&S S&S S&S
S&S S&S S&S S&S S&S `S% S&S S&S S&S S&S
S*b S*b d*S S*b S*S S% S*b d*S S*b d*S
S*S. S*S. .S*S S*S. S*S S& S*S. .S*S S*S. .S*S
SSSbs SSSbs_sdSSS SSSbs S*S S& SSSbs_sdSSS SSSbs_sdSSS
YSSP YSSP~YSSY YSSP S*S SS YSSP~YSSY YSSP~YSSY
SP
Y""")
logos.append("""
_______ _____ _____
/::\\ \\ /\\ \\ /\\ \\
/::::\\ \\ /::\\____\\ /::\\ \\
/::::::\\ \\ /::::| | /::::\\ \\
/::::::::\\ \\ /:::::| | /::::::\\ \\
/:::/~~\\:::\\ \\ /::::::| | /:::/\\:::\\ \\
/:::/ \\:::\\ \\ /:::/|::| | /:::/ \\:::\\ \\
/:::/ / \\:::\\ \\ /:::/ |::| | /:::/ \\:::\\ \\
/:::/____/ \\:::\\____\\ /:::/ |::|___|______ /:::/ / \\:::\\ \\
|:::| | |:::| | /:::/ |::::::::\\ \\ /:::/ / \\:::\\ ___\\
|:::|____| |:::| |/:::/ |:::::::::\\____\\/:::/____/ ___\\:::| |
\\:::\\ \\ /:::/ / \\::/ / ~~~~~/:::/ /\\:::\\ \\ /\\ /:::|____|
\\:::\\ \\ /:::/ / \\/____/ /:::/ / \\:::\\ /::\\ \\::/ /
\\:::\\ /:::/ / /:::/ / \\:::\\ \\:::\\ \\/____/
\\:::\\__/:::/ / /:::/ / \\:::\\ \\:::\\____\\
\\::::::::/ / /:::/ / \\:::\\ /:::/ /
\\::::::/ / /:::/ / \\:::\\/:::/ /
\\::::/ / /:::/ / \\::::::/ /
\\::/____/ /:::/ / \\::::/ /
~~ \\::/ / \\::/____/
\\/____/
it's Cuckoo!""")
logos.append("""
_ _ _ _ _ _
/\\ \\ /\\_\\ /\\ \\ /\\_\\ /\\ \\ /\\ \\
/ \\ \\ / / / _ / \\ \\ / / / _ / \\ \\ / \\ \\
/ /\\ \\ \\ \\ \\ \\__ /\\_\\ / /\\ \\ \\ / / / /\\_\\ / /\\ \\ \\ / /\\ \\ \\
/ / /\\ \\ \\ \\ \\___\\ / / // / /\\ \\ \\ / / /__/ / / / / /\\ \\ \\ / / /\\ \\ \\
/ / / \\ \\_\\ \\__ / / / // / / \\ \\_\\ / /\\_____/ / / / / \\ \\_\\ / / / \\ \\_\\
/ / / \\/_/ / / / / / // / / \\/_/ / /\\_______/ / / / / / // / / / / /
/ / / / / / / / // / / / / /\\ \\ \\ / / / / / // / / / / /
/ / /________ / / /___/ / // / /________ / / / \\ \\ \\ / / /___/ / // / /___/ / /
/ / /_________\\/ / /____\\/ // / /_________\\/ / / \\ \\ \\ / / /____\\/ // / /____\\/ /
\\/____________/\\/_________/ \\/____________/\\/_/ \\_\\_\\\\/_________/ \\/_________/"""
)
logos.append("""
),-. /
Cuckoo Sandbox <(a `---','
no chance for malwares! ( `-, ._> )
) _>.___/
_/""")
logos.append("""
.-----------------.
| Cuckoo Sandbox? |
| OH NOES! |\\ '-.__.-'
'-----------------' \\ /oo |--.--,--,--.
\\_.-'._i__i__i_.'
\"\"\"\"\"\"\"\"\"""")
print((color(random.choice(logos), random.randrange(31, 37))))
print()
print((" Cuckoo Sandbox %s" % yellow(CUCKOO_VERSION)))
print(" www.cuckoosandbox.org")
print(" Copyright (c) 2010-2015")
print()
print(" CAPE: Config and Payload Extraction")
print(" github.com/kevoreilly/CAPEv2")
print()
sys.stdout.flush()
def main():
parser = argparse.ArgumentParser()
parser.add_argument("target",
type=str,
nargs="?",
help="URL, path to the file or folder to analyze")
parser.add_argument("-d",
"--debug",
action="store_true",
help="Enable debug logging")
parser.add_argument(
"--remote",
type=str,
action="store",
default=None,
help="Specify IP:port to a Cuckoo API server to submit remotely",
required=False)
parser.add_argument("--url",
action="store_true",
default=False,
help="Specify whether the target is an URL",
required=False)
parser.add_argument("--package",
type=str,
action="store",
default="",
help="Specify an analysis package",
required=False)
parser.add_argument("--custom",
type=str,
action="store",
default="",
help="Specify any custom value",
required=False)
parser.add_argument("--owner",
type=str,
action="store",
default="",
help="Specify the task owner",
required=False)
parser.add_argument("--timeout",
type=int,
action="store",
default=0,
help="Specify an analysis timeout",
required=False)
parser.add_argument(
"-o",
"--options",
type=str,
action="store",
default="",
help=
"Specify options for the analysis package (e.g. \"name=value,name2=value2\")",
required=False)
parser.add_argument(
"--priority",
type=int,
action="store",
default=1,
help="Specify a priority for the analysis represented by an integer",
required=False)
parser.add_argument(
"--machine",
type=str,
action="store",
default="",
help="Specify the identifier of a machine you want to use",
required=False)
parser.add_argument(
"--platform",
type=str,
action="store",
default="",
help=
"Specify the operating system platform you want to use (windows/darwin/linux)",
required=False)
parser.add_argument(
"--memory",
action="store_true",
default=False,
help="Enable to take a memory dump of the analysis machine",
required=False)
parser.add_argument(
"--enforce-timeout",
action="store_true",
default=False,
help="Enable to force the analysis to run for the full timeout period",
required=False)
parser.add_argument("--clock",
type=str,
action="store",
default=None,
help="Set virtual machine clock",
required=False)
parser.add_argument(
"--tags",
type=str,
action="store",
default=None,
help="Specify tags identifier of a machine you want to use",
required=False)
parser.add_argument("--baseline",
action="store_true",
default=None,
help="Run a baseline analysis",
required=False)
parser.add_argument("--max",
type=int,
action="store",
default=None,
help="Maximum samples to add in a row",
required=False)
parser.add_argument("--pattern",
type=str,
action="store",
default=None,
help="Pattern of files to submit",
required=False)
parser.add_argument("--shuffle",
action="store_true",
default=False,
help="Shuffle samples before submitting them",
required=False)
parser.add_argument("--unique",
action="store_true",
default=False,
help="Only submit new samples, ignore duplicates",
required=False)
parser.add_argument("--quiet",
action="store_true",
default=False,
help="Only print text on failure",
required=False)
parser.add_argument("--PIN",
help="\033[91mForce PINDemonium \o/ \033[0m",
action='store_true',
required=False)
try:
args = parser.parse_args()
except IOError as e:
parser.error(e)
return False
print(args.target)
if args.target:
if FileEntropy(args.target) > 7.5:
print(
green(
"We detected high entropy on the file. Trying to unpack.\n"
))
args.PIN = True
else:
print(FileEntropy(args.target), args.target)
# Add PINDemonium as an option
if args.PIN:
args.package = 'exePIN'
Pin = PINParser()
print(
"\033[91m\n\t\t Please specify arguments for PIN. If no arguments are specified, it will run with default args within 10 secs. \n\t\t Here is a reminder : \033[0m\n"
)
# We use a timeout in case the file is automatically sent so the analysis is not stuck on waiting for arguments.
Pin.Help()
print("\n\t\tPress enter to continue")
i, o, e = select.select([sys.stdin], [], [], 10)
if (i):
sys.stdin.readline()
sys.stdout.write(">>> ")
Args = Pin.Parse(raw_input())
args.package = args.package + ";" + Args
else:
print("Timeout, launching analysis with default args.")
if not args.baseline and not args.target:
print "No file or URL has been specified!"
exit(1)
# If the quiet flag has been set, then we also disable the "warning"
# level of the logging module. (E.g., when pydeep has not been installed,
# there will be a warning message, because Cuckoo can't resolve the
# ssdeep hash of this particular sample.)
if args.debug:
logging.basicConfig(level=logging.DEBUG)
else:
logging.basicConfig()
if args.quiet:
logging.disable(logging.WARNING)
db = Database()
if args.url:
target = to_unicode(args.target)
if args.remote:
if not HAVE_REQUESTS:
print(
bold(red("Error")) +
": you need to install python-requests (`pip install requests`)"
)
return False
url = "http://{0}/tasks/create/url".format(args.remote)
data = dict(url=target,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
custom=args.custom,
owner=args.owner,
tags=args.tags)
try:
response = requests.post(url, data=data)
except Exception as e:
print(
bold(red("Error")) + ": unable to send URL: {0}".format(e))
return False
json = response.json()
task_id = json["task_id"]
else:
task_id = db.add_url(target,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
custom=args.custom,
owner=args.owner,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
clock=args.clock,
tags=args.tags)
if task_id:
if not args.quiet:
print(
bold(green("Success")) +
u": URL \"{0}\" added as task with ID {1}".format(
target, task_id))
else:
print(bold(red("Error")) + ": adding task to database")
elif args.baseline:
if args.remote:
print "Remote baseline support has not yet been implemented."
exit(1)
task_id = db.add_baseline(args.timeout, args.owner, args.machine,
args.memory)
if task_id:
if not args.quiet:
print(
bold(green("Success")) +
u": Baseline analysis added as task with ID {0}".format(
task_id))
else:
print(bold(red("Error")) + ": adding task to database")
else:
target = to_unicode(args.target)
# Get absolute path to deal with relative.
path = to_unicode(os.path.abspath(target))
if not os.path.exists(path):
print(
bold(red("Error")) +
u": the specified file/folder does not exist at path \"{0}\"".
format(path))
return False
files = []
if os.path.isdir(path):
for dirname, dirnames, filenames in os.walk(path):
for file_name in filenames:
file_path = os.path.join(dirname, file_name)
if os.path.isfile(file_path):
if args.pattern:
if fnmatch.fnmatch(file_name, args.pattern):
files.append(to_unicode(file_path))
else:
files.append(to_unicode(file_path))
else:
files.append(path)
if args.shuffle:
random.shuffle(files)
else:
files = sorted(files)
for file_path in files:
if not File(file_path).get_size():
if not args.quiet:
print(
bold(
yellow("Empty") +
": sample {0} (skipping file)".format(file_path)))
continue
if args.max is not None:
# Break if the maximum number of samples has been reached.
if not args.max:
break
args.max -= 1
if args.remote:
if not HAVE_REQUESTS:
print(
bold(red("Error")) +
": you need to install python-requests (`pip install requests`)"
)
return False
url = "http://{0}/tasks/create/file".format(args.remote)
files = dict(file=open(file_path, "rb"),
filename=os.path.basename(file_path))
data = dict(package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
custom=args.custom,
owner=args.owner,
tags=args.tags)
try:
response = requests.post(url, files=files, data=data)
except Exception as e:
print(
bold(red("Error")) +
": unable to send file: {0}".format(e))
return False
json = response.json()
task_id = json["task_id"]
else:
if args.unique:
sha256 = File(file_path).get_sha256()
if not db.find_sample(sha256=sha256) is None:
msg = ": Sample {0} (skipping file)".format(file_path)
if not args.quiet:
print(bold(yellow("Duplicate")) + msg)
continue
task_id = db.add_path(
file_path=file_path,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
custom=args.custom,
owner=args.owner,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
clock=args.clock,
tags=args.tags,
)
if task_id:
if not args.quiet:
print(
bold(green("Success")) +
u": File \"{0}\" added as task with ID {1}".format(
file_path, task_id))
else:
print(bold(red("Error")) + ": adding task to database")
def logo():
"""Cuckoo asciiarts.
@return: asciiarts array.
"""
logos = []
logos.append("""
_|
_|_|_| _| _| _|_|_| _| _| _|_| _|_|
_| _| _| _| _|_| _| _| _| _|
_| _| _| _| _| _| _| _| _| _|
_|_|_| _|_|_| _|_|_| _| _| _|_| _|_|""")
logos.append("""
__
.----..--.--..----.| |--..-----..-----.
| __|| | || __|| < | _ || _ |
|____||_____||____||__|__||_____||_____|""")
logos.append("""
.:
::
.-. , : .-. ;;.-. .-. .-.
; ; ; ; ;; .' ; ;'; ;'
`;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;'""")
logos.append("""
eeee e e eeee e e eeeee eeeee
8 8 8 8 8 8 8 8 8 88 8 88
8e 8e 8 8e 8eee8e 8 8 8 8
88 88 8 88 88 8 8 8 8 8
88e8 88ee8 88e8 88 8 8eee8 8eee8""")
logos.append("""
_____________________________________/\/\_______________________________
___/\/\/\/\__/\/\__/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
___/\/\/\/\____/\/\/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
________________________________________________________________________""")
logos.append("""
_______ _ _ _______ _ _ _____ _____
| | | | |____/ | | | |
|_____ |_____| |_____ | \\_ |_____| |_____|""")
logos.append("""
_
____ _ _ ____| | _ ___ ___
/ ___) | | |/ ___) |_/ ) _ \ / _ \\
( (___| |_| ( (___| _ ( |_| | |_| |
\\____)____/ \\____)_| \\_)___/ \\___/""")
logos.append("""
______ __ __ ______ ___ ___ ______ ______
/_____/\\ /_/\\/_/\\ /_____/\\ /___/\\/__/\\ /_____/\\ /_____/\\
\\:::__\\/ \\:\\ \\:\\ \\\\:::__\\/ \\::.\\ \\\\ \\ \\\\:::_ \\ \\\\:::_ \\ \\
\\:\\ \\ __\\:\\ \\:\\ \\\\:\\ \\ __\\:: \\/_) \\ \\\\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\ \\/_/\\\\:\\ \\:\\ \\\\:\\ \\/_/\\\\:. __ ( ( \\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\_\\ \\ \\\\:\\_\\:\\ \\\\:\\_\\ \\ \\\\: \\ ) \\ \\ \\:\\_\\ \\ \\\\:\\_\\ \\ \\
\\_____\\/ \\_____\\/ \\_____\\/ \\__\\/\\__\\/ \\_____\\/ \\_____\\/""")
logos.append("""
sSSs .S S. sSSs .S S. sSSs_sSSs sSSs_sSSs
d%%SP .SS SS. d%%SP .SS SS. d%%SP~YS%%b d%%SP~YS%%b
d%S' S%S S%S d%S' S%S S&S d%S' `S%b d%S' `S%b
S%S S%S S%S S%S S%S d*S S%S S%S S%S S%S
S&S S&S S&S S&S S&S .S*S S&S S&S S&S S&S
S&S S&S S&S S&S S&S_sdSSS S&S S&S S&S S&S
S&S S&S S&S S&S S&S~YSSY%b S&S S&S S&S S&S
S&S S&S S&S S&S S&S `S% S&S S&S S&S S&S
S*b S*b d*S S*b S*S S% S*b d*S S*b d*S
S*S. S*S. .S*S S*S. S*S S& S*S. .S*S S*S. .S*S
SSSbs SSSbs_sdSSS SSSbs S*S S& SSSbs_sdSSS SSSbs_sdSSS
YSSP YSSP~YSSY YSSP S*S SS YSSP~YSSY YSSP~YSSY
SP
Y""")
logos.append("""
_______ _____ _____
/::\\ \\ /\\ \\ /\\ \\
/::::\\ \\ /::\\____\\ /::\\ \\
/::::::\\ \\ /::::| | /::::\\ \\
/::::::::\\ \\ /:::::| | /::::::\\ \\
/:::/~~\\:::\\ \\ /::::::| | /:::/\\:::\\ \\
/:::/ \\:::\\ \\ /:::/|::| | /:::/ \\:::\\ \\
/:::/ / \\:::\\ \\ /:::/ |::| | /:::/ \\:::\\ \\
/:::/____/ \\:::\\____\\ /:::/ |::|___|______ /:::/ / \\:::\\ \\
|:::| | |:::| | /:::/ |::::::::\\ \\ /:::/ / \\:::\\ ___\\
|:::|____| |:::| |/:::/ |:::::::::\\____\\/:::/____/ ___\\:::| |
\\:::\\ \\ /:::/ / \\::/ / ~~~~~/:::/ /\\:::\\ \\ /\\ /:::|____|
\\:::\\ \\ /:::/ / \\/____/ /:::/ / \\:::\\ /::\\ \\::/ /
\\:::\\ /:::/ / /:::/ / \\:::\\ \\:::\\ \\/____/
\\:::\\__/:::/ / /:::/ / \\:::\\ \\:::\\____\\
\\::::::::/ / /:::/ / \\:::\\ /:::/ /
\\::::::/ / /:::/ / \\:::\\/:::/ /
\\::::/ / /:::/ / \\::::::/ /
\\::/____/ /:::/ / \\::::/ /
~~ \\::/ / \\::/____/
\\/____/
it's Cuckoo!""")
logos.append("""
_ _ _ _ _ _
/\\ \\ /\\_\\ /\\ \\ /\\_\\ /\\ \\ /\\ \\
/ \\ \\ / / / _ / \\ \\ / / / _ / \\ \\ / \\ \\
/ /\\ \\ \\ \\ \\ \\__ /\\_\\ / /\\ \\ \\ / / / /\\_\\ / /\\ \\ \\ / /\\ \\ \\
/ / /\\ \\ \\ \\ \\___\\ / / // / /\\ \\ \\ / / /__/ / / / / /\\ \\ \\ / / /\\ \\ \\
/ / / \\ \\_\\ \\__ / / / // / / \\ \\_\\ / /\\_____/ / / / / \\ \\_\\ / / / \\ \\_\\
/ / / \\/_/ / / / / / // / / \\/_/ / /\\_______/ / / / / / // / / / / /
/ / / / / / / / // / / / / /\\ \\ \\ / / / / / // / / / / /
/ / /________ / / /___/ / // / /________ / / / \\ \\ \\ / / /___/ / // / /___/ / /
/ / /_________\\/ / /____\\/ // / /_________\\/ / / \\ \\ \\ / / /____\\/ // / /____\\/ /
\\/____________/\\/_________/ \\/____________/\\/_/ \\_\\_\\\\/_________/ \\/_________/""")
logos.append("""
),-. /
Cuckoo Sandbox <(a `---','
no chance for malwares! ( `-, ._> )
) _>.___/
_/""")
logos.append("""
.-----------------.
| Cuckoo Sandbox? |
| OH NOES! |\\ '-.__.-'
'-----------------' \\ /oo |--.--,--,--.
\\_.-'._i__i__i_.'
\"\"\"\"\"\"\"\"\"""")
logos.append("""
.----------------. .----------------. .----------------. .----------------. .----------------. .----------------.
| .--------------. || .--------------. || .--------------. || .--------------. || .--------------. || .--------------. |
| | ______ | || | _____ _____ | || | ______ | || | ___ ____ | || | ____ | || | ____ | |
| | .' ___ | | || ||_ _||_ _|| || | .' ___ | | || | |_ ||_ _| | || | .' `. | || | .' `. | |
| | / .' \_| | || | | | | | | || | / .' \_| | || | | |_/ / | || | / .--. \ | || | / .--. \ | |
| | | | | || | | ' ' | | || | | | | || | | __'. | || | | | | | | || | | | | | | |
| | \ `.___.'\ | || | \ `--' / | || | \ `.___.'\ | || | _| | \ \_ | || | \ `--' / | || | \ `--' / | |
| | `._____.' | || | `.__.' | || | `._____.' | || | |____||____| | || | `.____.' | || | `.____.' | |
| | | || | | || | | || | | || | | || | | |
| '--------------' || '--------------' || '--------------' || '--------------' || '--------------' || '--------------' |
'----------------' '----------------' '----------------' '----------------' '----------------' '----------------'
.-----------------. .----------------. .----------------. .----------------. .----------------.
| .--------------. || .--------------. || .--------------. || .--------------. || .--------------. |
| | ____ _____ | || | ____ ____ | || | ____ | || | _____ _____ | || | __ | |
| ||_ \|_ _| | || | |_ _||_ _| | || | .' `. | || ||_ _||_ _|| || | / \ | |
| | | \ | | | || | \ \ / / | || | / .--. \ | || | | | /\ | | | || | / /\ \ | |
| | | |\ \| | | || | \ \/ / | || | | | | | | || | | |/ \| | | || | / ____ \ | |
| | _| |_\ |_ | || | _| |_ | || | \ `--' / | || | | /\ | | || | _/ / \ \_ | |
| ||_____|\____| | || | |______| | || | `.____.' | || | |__/ \__| | || ||____| |____|| |
| | | || | | || | | || | | || | | |
| '--------------' || '--------------' || '--------------' || '--------------' || '--------------' |
'----------------' '----------------' '----------------' '----------------' '----------------' """)
logos.append("""
8 8888 ,o888888o. `8.`888b ,8' .8. 8 888888888o 8 8888888888 8 8888 d888888o.
8 8888 . 8888 `88. `8.`888b ,8' .888. 8 8888 `88. 8 8888 8 8888 .`8888:' `88.
8 8888 ,8 8888 `8b `8.`888b ,8' :88888. 8 8888 `88 8 8888 8 8888 8.`8888. Y8
8 8888 88 8888 `8b `8.`888b .b ,8' . `88888. 8 8888 ,88 8 8888 8 8888 `8.`8888.
8 8888 88 8888 88 `8.`888b 88b ,8' .8. `88888. 8 8888. ,88' 8 888888888888 8 8888 `8.`8888.
8 8888 88 8888 88 `8.`888b .`888b,8' .8`8. `88888. 8 8888888888 8 8888 8 8888 `8.`8888.
88. 8 8888 88 8888 ,8P `8.`888b8.`8888' .8' `8. `88888. 8 8888 `88. 8 8888 8 8888 `8.`8888.
`88. 8 888' `8 8888 ,8P `8.`888`8.`88' .8' `8. `88888. 8 8888 88 8 8888 8 8888 8b `8.`8888.
`88o. 8 88' ` 8888 ,88' `8.`8' `8,`' .888888888. `88888. 8 8888 ,88' 8 8888 8 8888 `8b. ;8.`8888
`Y888888 ' `8888888P' `8.` `8' .8' `8. `88888. 8 888888888P 8 888888888888 8 888888888888 `Y8888P ,88P'
,o888888o. 8 8888 88 ,o888888o. 8 8888 ,88' ,o888888o. ,o888888o.
8888 `88. 8 8888 88 8888 `88. 8 8888 ,88'. 8888 `88. . 8888 `88.
,8 8888 `8. 8 8888 88 ,8 8888 `8. 8 8888 ,88',8 8888 `8b ,8 8888 `8b
88 8888 8 8888 88 88 8888 8 8888 ,88' 88 8888 `8b 88 8888 `8b
88 8888 8 8888 88 88 8888 8 8888 ,88' 88 8888 88 88 8888 88
88 8888 8 8888 88 88 8888 8 8888 88' 88 8888 88 88 8888 88
88 8888 8 8888 88 88 8888 8 888888< 88 8888 ,8P 88 8888 ,8P
`8 8888 .8' ` 8888 ,8P `8 8888 .8' 8 8888 `Y8. `8 8888 ,8P `8 8888 ,8P
8888 ,88' 8888 ,d8P 8888 ,88' 8 8888 `Y8. ` 8888 ,88' ` 8888 ,88'
`8888888P' `Y88888P' `8888888P' 8 8888 `Y8. `8888888P' `8888888P'
""")
logos.append("""
jow ls u koo
XXX . .
X.X . .
..X . .
..X . .
..X . .
... . .
jowabels cuckoo
""")
logos.append("""
_________ _______ _______ ______ _______ _ _______ _______ _______ _ _______ _______
\__ _/( ___ )|\ /|( ___ )( ___ \ ( ____ \( \ ( ____ \ ( ____ \|\ /|( ____ \| \ /\( ___ )( ___ )
) ( | ( ) || ) ( || ( ) || ( ) )| ( \/| ( | ( \/ | ( \/| ) ( || ( \/| \ / /| ( ) || ( ) |
| | | | | || | _ | || (___) || (__/ / | (__ | | | (_____ | | | | | || | | (_/ / | | | || | | |
| | | | | || |( )| || ___ || __ ( | __) | | (_____ ) | | | | | || | | _ ( | | | || | | |
| | | | | || || || || ( ) || ( \ \ | ( | | ) | | | | | | || | | ( \ \ | | | || | | |
|\_) ) | (___) || () () || ) ( || )___) )| (____/\| (____/Y\____) | | (____/\| (___) || (____/\| / \ \| (___) || (___) |
(____/ (_______)(_______)|/ \||/ \___/ (_______/(_______|_______) (_______/(_______)(_______/|_/ \/(_______)(_______)
""")
logos.append("""
o o o
O O O
o O o
o o O
.oOo O o .oOo O o .oOo. .oOo. OoOo. .oOo. o .oOo
O o O O OoO O o O o O o OooO' O `Ooo.
o O o o o O o O o O o O O o O
`OoO' `OoO'o `OoO' O o `OoO' `OoO' `OoO' `OoO' Oo `OoO'
""")
print(color(random.choice(logos), random.randrange(31, 37)))
print
print(" Cuckoo Sandbox %s" % yellow(CUCKOO_VERSION))
print(" www.cuckoosandbox.org")
print(" Copyright (c) 2010-2015")
print
sys.stdout.flush()
def hh():
print yellow("Use the set_bp function to set a new BP, or set_volshell_bp to set a volshell BP")
def main():
parser = argparse.ArgumentParser()
parser.add_argument("target", type=str, help="URL, path to the file or folder to analyze")
parser.add_argument("--remote", type=str, action="store", default=None, help="Specify IP:port to a Cuckoo API server to submit remotely", required=False)
parser.add_argument("--user", type=str, action="store", default=None, help="Username for Basic Auth", required=False)
parser.add_argument("--password", type=str, action="store", default=None, help="Password for Basic Auth", required=False)
parser.add_argument("--sslnoverify", action="store_true", default=False, help="Do not validate SSL cert", required=False)
parser.add_argument("--ssl", action="store_true", default=False, help="Use SSL/TLS for remote", required=False)
parser.add_argument("--url", action="store_true", default=False, help="Specify whether the target is an URL", required=False)
parser.add_argument("--package", type=str, action="store", default="", help="Specify an analysis package", required=False)
parser.add_argument("--custom", type=str, action="store", default="", help="Specify any custom value", required=False)
parser.add_argument("--timeout", type=int, action="store", default=0, help="Specify an analysis timeout", required=False)
parser.add_argument("--options", type=str, action="store", default="", help="Specify options for the analysis package (e.g. \"name=value,name2=value2\")", required=False)
parser.add_argument("--priority", type=int, action="store", default=1, help="Specify a priority for the analysis represented by an integer", required=False)
parser.add_argument("--machine", type=str, action="store", default="", help="Specify the identifier of a machine you want to use", required=False)
parser.add_argument("--platform", type=str, action="store", default="", help="Specify the operating system platform you want to use (windows/darwin/linux)", required=False)
parser.add_argument("--memory", action="store_true", default=False, help="Enable to take a memory dump of the analysis machine", required=False)
parser.add_argument("--enforce-timeout", action="store_true", default=False, help="Enable to force the analysis to run for the full timeout period", required=False)
parser.add_argument("--clock", type=str, action="store", default=None, help="Set virtual machine clock", required=False)
parser.add_argument("--tags", type=str, action="store", default=None, help="Specify tags identifier of a machine you want to use", required=False)
parser.add_argument("--max", type=int, action="store", default=None, help="Maximum samples to add in a row", required=False)
parser.add_argument("--pattern", type=str, action="store", default=None, help="Pattern of files to submit", required=False)
parser.add_argument("--shuffle", action="store_true", default=False, help="Shuffle samples before submitting them", required=False)
parser.add_argument("--unique", action="store_true", default=False, help="Only submit new samples, ignore duplicates", required=False)
parser.add_argument("--quiet", action="store_true", default=False, help="Only print text on failure", required=False)
try:
args = parser.parse_args()
except IOError as e:
parser.error(e)
return False
# If the quiet flag has been set, then we also disable the "warning"
# level of the logging module. (E.g., when pydeep has not been installed,
# there will be a warning message, because Cuckoo can't resolve the
# ssdeep hash of this particular sample.)
if args.quiet:
logging.disable(logging.WARNING)
db = Database()
target = to_unicode(args.target)
if args.url:
if args.remote:
if not HAVE_REQUESTS:
print(bold(red("Error")) + ": you need to install python-requests (`pip install requests`)")
return False
if args.ssl:
url = "https://{0}/tasks/create/url".format(args.remote)
else:
url = "http://{0}/tasks/create/url".format(args.remote)
data = dict(
url=target,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
custom=args.custom,
tags=args.tags
)
try:
if args.user and args.password:
if args.ssl:
if args.sslnoverify:
verify = False
else:
verify = True
response = requests.post(url, auth=(args.user,args.password), data=data,verify=verify)
else:
response = requests.post(url, auth=(args.user,args.password), data=data)
else:
if args.ssl:
if args.sslnoverify:
verify = False
else:
verify = True
response = requests.post(url, data=data,verify=verify)
else:
response = requests.post(url, data=data)
except Exception as e:
print(bold(red("Error")) + ": unable to send URL: {0}".format(e))
return False
json = response.json()
task_id = json["task_id"]
else:
task_id = db.add_url(target,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
custom=args.custom,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
clock=args.clock,
tags=args.tags)
if task_id:
if not args.quiet:
print(bold(green("Success")) + u": URL \"{0}\" added as task with ID {1}".format(target, task_id))
else:
print(bold(red("Error")) + ": adding task to database")
else:
# Get absolute path to deal with relative.
path = to_unicode(os.path.abspath(target))
if not os.path.exists(path):
print(bold(red("Error")) + u": the specified file/folder does not exist at path \"{0}\"".format(path))
return False
files = []
if os.path.isdir(path):
for dirname, dirnames, filenames in os.walk(path):
for file_name in filenames:
file_path = os.path.join(dirname, file_name)
if os.path.isfile(file_path):
if args.pattern:
if fnmatch.fnmatch(file_name, args.pattern):
files.append(to_unicode(file_path))
else:
files.append(to_unicode(file_path))
else:
files.append(path)
if args.shuffle:
random.shuffle(files)
for file_path in files:
if not File(file_path).get_size():
if not args.quiet:
print(bold(yellow("Empty") + ": sample {0} (skipping file)".format(file_path)))
continue
if not args.max is None:
# Break if the maximum number of samples has been reached.
if not args.max:
break
args.max -= 1
if args.remote:
if not HAVE_REQUESTS:
print(bold(red("Error")) + ": you need to install python-requests (`pip install requests`)")
return False
if args.ssl:
url = "https://{0}/tasks/create/file".format(args.remote)
else:
url = "http://{0}/tasks/create/file".format(args.remote)
files = dict(
file=open(file_path, "rb"),
filename=os.path.basename(file_path)
)
data = dict(
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
custom=args.custom,
tags=args.tags
)
try:
if args.user and args.password:
if args.ssl:
if args.sslnoverify:
verify = False
else:
verify = True
response = requests.post(url, auth=(args.user,args.password), files=files,data=data,verify=verify)
else:
response = requests.post(url, auth=(args.user,args.password), files=files,data=data)
else:
if args.ssl:
if args.sslnoverify:
verify = False
else:
verify = True
response = requests.post(url, files=files, data=data, verify=verify)
else:
response = requests.post(url, files=files, data=data)
except Exception as e:
print(bold(red("Error")) + ": unable to send file: {0}".format(e))
return False
json = response.json()
task_id = json["task_id"]
else:
if args.unique:
sha256 = File(file_path).get_sha256()
if not db.find_sample(sha256=sha256) is None:
msg = ": Sample {0} (skipping file)".format(file_path)
if not args.quiet:
print(bold(yellow("Duplicate")) + msg)
continue
task_id = db.add_path(file_path=file_path,
package=args.package,
timeout=args.timeout,
options=args.options,
priority=args.priority,
machine=args.machine,
platform=args.platform,
custom=args.custom,
memory=args.memory,
enforce_timeout=args.enforce_timeout,
clock=args.clock,
tags=args.tags)
if task_id:
if not args.quiet:
print(bold(green("Success")) + u": File \"{0}\" added as task with ID {1}".format(file_path, task_id))
else:
print(bold(red("Error")) + ": adding task to database")
def logo():
"""Cuckoo asciiarts.
@return: asciiarts array.
"""
logos = []
logos.append("""
_|
_|_|_| _| _| _|_|_| _| _| _|_| _|_|
_| _| _| _| _|_| _| _| _| _|
_| _| _| _| _| _| _| _| _| _|
_|_|_| _|_|_| _|_|_| _| _| _|_| _|_|""")
logos.append("""
__
.----..--.--..----.| |--..-----..-----.
| __|| | || __|| < | _ || _ |
|____||_____||____||__|__||_____||_____|""")
logos.append("""
.:
::
.-. , : .-. ;;.-. .-. .-.
; ; ; ; ;; .' ; ;'; ;'
`;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;'""")
logos.append("""
eeee e e eeee e e eeeee eeeee
8 8 8 8 8 8 8 8 8 88 8 88
8e 8e 8 8e 8eee8e 8 8 8 8
88 88 8 88 88 8 8 8 8 8
88e8 88ee8 88e8 88 8 8eee8 8eee8""")
logos.append("""
_____________________________________/\/\_______________________________
___/\/\/\/\__/\/\__/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
_/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
___/\/\/\/\____/\/\/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
________________________________________________________________________""")
logos.append("""
_______ _ _ _______ _ _ _____ _____
| | | | |____/ | | | |
|_____ |_____| |_____ | \\_ |_____| |_____|""")
logos.append("""
_
____ _ _ ____| | _ ___ ___
/ ___) | | |/ ___) |_/ ) _ \ / _ \\
( (___| |_| ( (___| _ ( |_| | |_| |
\\____)____/ \\____)_| \\_)___/ \\___/""")
logos.append("""
______ __ __ ______ ___ ___ ______ ______
/_____/\\ /_/\\/_/\\ /_____/\\ /___/\\/__/\\ /_____/\\ /_____/\\
\\:::__\\/ \\:\\ \\:\\ \\\\:::__\\/ \\::.\\ \\\\ \\ \\\\:::_ \\ \\\\:::_ \\ \\
\\:\\ \\ __\\:\\ \\:\\ \\\\:\\ \\ __\\:: \\/_) \\ \\\\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\ \\/_/\\\\:\\ \\:\\ \\\\:\\ \\/_/\\\\:. __ ( ( \\:\\ \\ \\ \\\\:\\ \\ \\ \\
\\:\\_\\ \\ \\\\:\\_\\:\\ \\\\:\\_\\ \\ \\\\: \\ ) \\ \\ \\:\\_\\ \\ \\\\:\\_\\ \\ \\
\\_____\\/ \\_____\\/ \\_____\\/ \\__\\/\\__\\/ \\_____\\/ \\_____\\/""")
logos.append("""
sSSs .S S. sSSs .S S. sSSs_sSSs sSSs_sSSs
d%%SP .SS SS. d%%SP .SS SS. d%%SP~YS%%b d%%SP~YS%%b
d%S' S%S S%S d%S' S%S S&S d%S' `S%b d%S' `S%b
S%S S%S S%S S%S S%S d*S S%S S%S S%S S%S
S&S S&S S&S S&S S&S .S*S S&S S&S S&S S&S
S&S S&S S&S S&S S&S_sdSSS S&S S&S S&S S&S
S&S S&S S&S S&S S&S~YSSY%b S&S S&S S&S S&S
S&S S&S S&S S&S S&S `S% S&S S&S S&S S&S
S*b S*b d*S S*b S*S S% S*b d*S S*b d*S
S*S. S*S. .S*S S*S. S*S S& S*S. .S*S S*S. .S*S
SSSbs SSSbs_sdSSS SSSbs S*S S& SSSbs_sdSSS SSSbs_sdSSS
YSSP YSSP~YSSY YSSP S*S SS YSSP~YSSY YSSP~YSSY
SP
Y""")
logos.append("""
_______ _____ _____
/::\\ \\ /\\ \\ /\\ \\
/::::\\ \\ /::\\____\\ /::\\ \\
/::::::\\ \\ /::::| | /::::\\ \\
/::::::::\\ \\ /:::::| | /::::::\\ \\
/:::/~~\\:::\\ \\ /::::::| | /:::/\\:::\\ \\
/:::/ \\:::\\ \\ /:::/|::| | /:::/ \\:::\\ \\
/:::/ / \\:::\\ \\ /:::/ |::| | /:::/ \\:::\\ \\
/:::/____/ \\:::\\____\\ /:::/ |::|___|______ /:::/ / \\:::\\ \\
|:::| | |:::| | /:::/ |::::::::\\ \\ /:::/ / \\:::\\ ___\\
|:::|____| |:::| |/:::/ |:::::::::\\____\\/:::/____/ ___\\:::| |
\\:::\\ \\ /:::/ / \\::/ / ~~~~~/:::/ /\\:::\\ \\ /\\ /:::|____|
\\:::\\ \\ /:::/ / \\/____/ /:::/ / \\:::\\ /::\\ \\::/ /
\\:::\\ /:::/ / /:::/ / \\:::\\ \\:::\\ \\/____/
\\:::\\__/:::/ / /:::/ / \\:::\\ \\:::\\____\\
\\::::::::/ / /:::/ / \\:::\\ /:::/ /
\\::::::/ / /:::/ / \\:::\\/:::/ /
\\::::/ / /:::/ / \\::::::/ /
\\::/____/ /:::/ / \\::::/ /
~~ \\::/ / \\::/____/
\\/____/
it's Cuckoo!""")
logos.append("""
_ _ _ _ _ _
/\\ \\ /\\_\\ /\\ \\ /\\_\\ /\\ \\ /\\ \\
/ \\ \\ / / / _ / \\ \\ / / / _ / \\ \\ / \\ \\
/ /\\ \\ \\ \\ \\ \\__ /\\_\\ / /\\ \\ \\ / / / /\\_\\ / /\\ \\ \\ / /\\ \\ \\
/ / /\\ \\ \\ \\ \\___\\ / / // / /\\ \\ \\ / / /__/ / / / / /\\ \\ \\ / / /\\ \\ \\
/ / / \\ \\_\\ \\__ / / / // / / \\ \\_\\ / /\\_____/ / / / / \\ \\_\\ / / / \\ \\_\\
/ / / \\/_/ / / / / / // / / \\/_/ / /\\_______/ / / / / / // / / / / /
/ / / / / / / / // / / / / /\\ \\ \\ / / / / / // / / / / /
/ / /________ / / /___/ / // / /________ / / / \\ \\ \\ / / /___/ / // / /___/ / /
/ / /_________\\/ / /____\\/ // / /_________\\/ / / \\ \\ \\ / / /____\\/ // / /____\\/ /
\\/____________/\\/_________/ \\/____________/\\/_/ \\_\\_\\\\/_________/ \\/_________/""")
logos.append("""
),-. /
Cuckoo Sandbox <(a `---','
no chance for malwares! ( `-, ._> )
) _>.___/
_/""")
logos.append("""
.-----------------.
| Cuckoo Sandbox? |
| OH NOES! |\\ '-.__.-'
'-----------------' \\ /oo |--.--,--,--.
\\_.-'._i__i__i_.'
\"\"\"\"\"\"\"\"\"""")
print(color(random.choice(logos), random.randrange(31, 37)))
print
print(" Cuckoo Sandbox %s" % yellow(CUCKOO_VERSION))
print(" www.cuckoosandbox.org")
print(" Copyright (c) 2010-2015")
print
sys.stdout.flush()
