def main():
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
parser = argparse.ArgumentParser()
parser.add_argument("-q",
"--quiet",
help="Display only error messages",
action="store_true",
required=False)
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument(
"-v",
"--version",
action="version",
version="You are running Cuckoo Sandbox {0}".format(CUCKOO_VERSION))
parser.add_argument("-a",
"--artwork",
help="Show artwork",
action="store_true",
required=False)
args = parser.parse_args()
if args.artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if args.quiet:
log.setLevel(logging.WARN)
elif args.debug:
log.setLevel(logging.DEBUG)
init_modules()
init_tasks()
Resultserver()
try:
sched = Scheduler()
sched.start()
except KeyboardInterrupt:
sched.stop()
def cuckoo_init(quiet=False, debug=False, artwork=False, test=False):
cur_path = os.getcwd()
os.chdir(CUCKOO_ROOT)
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
if artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if quiet:
log.setLevel(logging.WARN)
elif debug:
log.setLevel(logging.DEBUG)
init_modules()
init_tasks()
# This is just a temporary hack, we need an actual test suite to integrate
# with Travis-CI.
if test:
return
Resultserver()
os.chdir(cur_path)
def launch_analysis(self):
"""Start analysis."""
succeeded = False
dead_machine = False
log.info("Starting analysis of %s \"%s\" (task=%d)",
self.task.category.upper(), self.task.target, self.task.id)
# Initialize the the analysis folders.
if not self.init_storage():
return False
if self.task.category == "file":
# Check whether the file has been changed for some unknown reason.
# And fail this analysis if it has been modified.
if not self.check_file():
return False
# Store a copy of the original file.
if not self.store_file():
return False
# Acquire analysis machine.
try:
self.acquire_machine()
except CuckooOperationalError as e:
log.error("Cannot acquire machine: {0}".format(e))
return False
# Generate the analysis configuration file.
options = self.build_options()
# At this point we can tell the Resultserver about it.
try:
Resultserver().add_task(self.task, self.machine)
except Exception as e:
machinery.release(self.machine.label)
self.errors.put(e)
aux = RunAuxiliary(task=self.task, machine=self.machine)
aux.start()
try:
# Mark the selected analysis machine in the database as started.
guest_log = Database().guest_start(self.task.id,
self.machine.name,
self.machine.label,
machinery.__class__.__name__)
# Start the machine.
machinery.start(self.machine.label)
except CuckooMachineError as e:
log.error(str(e), extra={"task_id": self.task.id})
dead_machine = True
else:
try:
# Initialize the guest manager.
guest = GuestManager(self.machine.name, self.machine.ip, self.machine.platform)
# Start the analysis.
guest.start_analysis(options)
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
else:
# Wait for analysis completion.
try:
guest.wait_for_completion()
succeeded = True
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
succeeded = False
finally:
# Stop Auxiliary modules.
aux.stop()
# Take a memory dump of the machine before shutting it off.
if self.cfg.cuckoo.memory_dump or self.task.memory:
try:
machinery.dump_memory(self.machine.label,
os.path.join(self.storage, "memory.dmp"))
except NotImplementedError:
log.error("The memory dump functionality is not available "
"for the current machine manager")
except CuckooMachineError as e:
log.error(e)
try:
# Stop the analysis machine.
machinery.stop(self.machine.label)
except CuckooMachineError as e:
log.warning("Unable to stop machine %s: %s",
self.machine.label, e)
# Mark the machine in the database as stopped. Unless this machine
# has been marked as dead, we just keep it as "started" in the
# database so it'll not be used later on in this session.
Database().guest_stop(guest_log)
# After all this, we can make the Resultserver forget about the
# internal state for this analysis task.
Resultserver().del_task(self.task, self.machine)
if dead_machine:
# Remove the guest from the database, so that we can assign a
# new guest when the task is being analyzed with another
# machine.
Database().guest_remove(guest_log)
# Remove the analysis directory that has been created so
# far, as launch_analysis() is going to be doing that again.
shutil.rmtree(self.storage)
# This machine has turned dead, so we throw an exception here
# which informs the AnalysisManager that it should analyze
# this task again with another available machine.
raise CuckooDeadMachine()
try:
# Release the analysis machine. But only if the machine has
# not turned dead yet.
machinery.release(self.machine.label)
except CuckooMachineError as e:
log.error("Unable to release machine %s, reason %s. "
"You might need to restore it manually",
self.machine.label, e)
return succeeded
def launch_analysis(self):
"""Start analysis."""
succeeded = False
dead_machine = False
log.info("Starting analysis of %s \"%s\" (task=%d)",
self.task.category.upper(), self.task.target, self.task.id)
# Initialize the the analysis folders.
if not self.init_storage():
return False
if self.task.category == "file":
# Check whether the file has been changed for some unknown reason.
# And fail this analysis if it has been modified.
if not self.check_file():
return False
# Store a copy of the original file.
if not self.store_file():
return False
# Acquire analysis machine.
try:
self.acquire_machine()
except CuckooOperationalError as e:
log.error("Cannot acquire machine: {0}".format(e))
return False
# Generate the analysis configuration file.
options = self.build_options()
# At this point we can tell the Resultserver about it.
try:
Resultserver().set_machinery(machinery)
Resultserver().add_task(self.task, self.machine)
except Exception as e:
machinery.release(self.machine.label)
self.errors.put(e)
aux = RunAuxiliary(task=self.task, machine=self.machine)
aux.start()
try:
# Mark the selected analysis machine in the database as started.
guest_log = Database().guest_start(self.task.id, self.machine.name,
self.machine.label,
machinery.__class__.__name__)
# Start the machine.
# machinery.start(self.machine.label)
except CuckooMachineError as e:
log.error(str(e), extra={"task_id": self.task.id})
dead_machine = True
else:
try:
# Initialize the guest manager.
guest = GuestManager(self.machine.name, self.machine.ip,
self.machine.platform)
# Start the analysis.
guest.start_analysis(options)
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
# Wait for analysis completion.
time_taken_for_analysis = 0
try:
guest.wait_for_completion(self.machine, self.storage,
machinery)
succeeded = True
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
succeeded = False
finally:
"""
log.info("Taking last dump before terminating...")
mem_dir = os.path.join(self.storage, "memory", "dumps")
try:
os.makedirs(mem_dir)
except:
pass
if len (os.listdir(mem_dir)) == 0:
dump_dir = '1'
else:
dump_dir = str(int(max(os.listdir(mem_dir))) + 1)
try:
os.makedirs(os.path.join(mem_dir, dump_dir))
except:
pass
dump_path = os.path.join(mem_dir, dump_dir, "memory.dmp")
machinery.dump_memory(self.machine.label, dump_path)
info_dict = {"trigger": {"name" : "End", "args": {}}, "time" : str(time_taken_for_analysis)}
json.dump(info_dict, file(os.path.join(mem_dir, dump_dir, "info.json"),"wb"), sort_keys=False, indent=4)
"""
# Stop Auxiliary modules.
aux.stop()
try:
# Stop the analysis machine.
machinery.stop(self.machine.label)
machinery.start(self.machine.label)
except CuckooMachineError as e:
log.warning("Unable to stop machine %s: %s",
self.machine.label, e)
# Mark the machine in the database as stopped. Unless this machine
# has been marked as dead, we just keep it as "started" in the
# database so it'll not be used later on in this session.
Database().guest_stop(guest_log)
# After all this, we can make the Resultserver forget about the
# internal state for this analysis task.
Resultserver().del_task(self.task, self.machine)
if dead_machine:
# Remove the guest from the database, so that we can assign a
# new guest when the task is being analyzed with another
# machine.
Database().guest_remove(guest_log)
# Remove the analysis directory that has been created so
# far, as launch_analysis() is going to be doing that again.
shutil.rmtree(self.storage)
# This machine has turned dead, so we throw an exception here
# which informs the AnalysisManager that it should analyze
# this task again with another available machine.
raise CuckooDeadMachine()
try:
# Release the analysis machine. But only if the machine has
# not turned dead yet.
machinery.release(self.machine.label)
except CuckooMachineError as e:
log.error(
"Unable to release machine %s, reason %s. "
"You might need to restore it manually",
self.machine.label, e)
return succeeded
def launch_analysis(self):
"""Start analysis."""
sniffer = None
succeeded = False
log.info("Starting analysis of %s \"%s\" (task=%d)",
self.task.category.upper(), self.task.target, self.task.id)
# Initialize the the analysis folders.
if not self.init_storage():
return False
if self.task.category == "file":
# Store a copy of the original file.
if not self.store_file():
return False
# Generate the analysis configuration file.
options = self.build_options()
# Acquire analysis machine.
machine = self.acquire_machine()
# At this point we can tell the Resultserver about it
try:
Resultserver().add_task(self.task, machine)
except Exception as e:
mmanager.release(machine.label)
self.errors.put(e)
# If enabled in the configuration, start the tcpdump instance.
if self.cfg.sniffer.enabled:
sniffer = Sniffer(self.cfg.sniffer.tcpdump)
sniffer.start(interface=self.cfg.sniffer.interface,
host=machine.ip,
file_path=os.path.join(self.storage, "dump.pcap"))
try:
# Mark the selected analysis machine in the database as started.
guest_log = Database().guest_start(self.task.id, machine.name,
machine.label,
mmanager.__class__.__name__)
# Start the machine.
mmanager.start(machine.label)
except CuckooMachineError as e:
log.error(str(e), extra={"task_id": self.task.id})
# Stop the sniffer.
if sniffer:
sniffer.stop()
return False
else:
try:
# Initialize the guest manager.
guest = GuestManager(machine.name, machine.ip,
machine.platform)
# Start the analysis.
guest.start_analysis(options)
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
# Stop the sniffer.
if sniffer:
sniffer.stop()
return False
else:
# Wait for analysis completion.
try:
guest.wait_for_completion()
succeeded = True
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
succeeded = False
finally:
# Stop the sniffer.
if sniffer:
sniffer.stop()
# Take a memory dump of the machine before shutting it off.
if self.cfg.cuckoo.memory_dump or self.task.memory:
try:
mmanager.dump_memory(
machine.label, os.path.join(self.storage,
"memory.dmp"))
except NotImplementedError:
log.error("The memory dump functionality is not available "
"for current machine manager")
except CuckooMachineError as e:
log.error(e)
try:
# Stop the analysis machine.
mmanager.stop(machine.label)
except CuckooMachineError as e:
log.warning("Unable to stop machine %s: %s", machine.label, e)
# Market the machine in the database as stopped.
Database().guest_stop(guest_log)
try:
# Release the analysis machine.
mmanager.release(machine.label)
except CuckooMachineError as e:
log.error(
"Unable to release machine %s, reason %s. "
"You might need to restore it manually", machine.label, e)
# after all this, we can make the Resultserver forget about it
Resultserver().del_task(self.task, machine)
return succeeded