Ejemplo n.º 1
def check_configs():
    """Checks if config files exist.
    @raise CuckooStartupError: if config files do not exist.
    configs = [
        os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"),
        os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"),
        os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf")

    for config in configs:
        if not os.path.exists(config):
            raise CuckooStartupError("Config file does not exist at "
                                     "path: {0}".format(config))

    return True
Ejemplo n.º 2
def create_structure():
    """Creates Cuckoo directories."""
    folders = [
        os.path.join("storage", "analyses"),
        os.path.join("storage", "binaries"),
        os.path.join("data", "feeds"),
        os.path.join("data", "guacrecordings"),

        create_folders(root=CUCKOO_ROOT, folders=folders)
    except CuckooOperationalError as e:
        raise CuckooStartupError(
            f"Can't create folders. Ensure that you executed CAPE with proper USER! Maybe should be cape user?. %s",
Ejemplo n.º 3
def check_signatures():
    """Checks if user pulled in community signature modules
    @raise CuckooStartupError: if community signature modules not installed.

    sigpath = os.path.join(CUCKOO_ROOT, "modules", "signatures")
    bad = False

    if os.path.exists(sigpath):
        path, dirs, files = os.walk(sigpath).next()
        if len(files) < 20:
            bad = True
        bad = True

    if bad:
        raise CuckooStartupError("Signature modules are not installed.  Please run: utils/community.py --force --rewrite --all")
Ejemplo n.º 4
def check_configs():
    """Checks if config files exist.
    @raise CuckooStartupError: if config files do not exist.
    configs = (
        "auxiliary.conf", "avd.conf", "cuckoo.conf", "esx.conf", "kvm.conf",
        "memory.conf", "physical.conf", "processing.conf", "qemu.conf",
        "reporting.conf", "virtualbox.conf", "vmware.conf", "vpn.conf",
        "vsphere.conf", "xenserver.conf",

    for config in [os.path.join(CUCKOO_ROOT, "conf", f) for f in configs]:
        if not os.path.exists(config):
            raise CuckooStartupError("Config file does not exist at "
                                     "path: {0}".format(config))

    return True
Ejemplo n.º 5
def init_binaries():
    """Inform the user about the need to periodically look for new analyzer
    binaries. These include the Windows monitor etc."""
    monitor = os.path.join(CUCKOO_ROOT, "data", "monitor", "latest")

    # Checks whether the "latest" symlink is available as well as whether
    # it points to an existing directory.
    if not os.path.exists(monitor):
        raise CuckooStartupError(
            "The binaries used for Windows analysis are updated regularly, "
            "independently from the release line. It appears that you're "
            "not up-to-date. This can happen when you've just installed "
            "Cuckoo or when you've updated your Cuckoo version by pulling "
            "the latest changes from our Git repository. In order to get "
            "up-to-date, please run the following "
            "command: `./utils/community.py -wafb monitor` or "
            "`./utils/community.py -wafb 2.0` if you'd also like to download "
            "over 300 Cuckoo signatures.")
Ejemplo n.º 6
def check_configs():
    """Checks if config files exist.
    @raise CuckooStartupError: if config files do not exist.
    configs = [
        os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"),
        os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"),
        os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf"),

    for config in configs:
        if not os.path.exists(config):
            raise CuckooStartupError("Config file does not exist at path: {0}".format(config))

    if cuckoo.resultserver.ip in ("", "localhost"):
        log.error("Bad resultserver address. You need to listen on virtual machines range. Ex: not")

    return True
Ejemplo n.º 7
def init_yara():
    """Generates index for yara signatures."""

    categories = ("binaries", "urls", "memory", "CAPE", "macro")

    log.debug("Initializing Yara...")

    # Generate root directory for yara rules.
    yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")

    # We divide yara rules in three categories.
    # CAPE adds a fourth

    # Loop through all categories.
    for category in categories:
        # Check if there is a directory for the given category.
        category_root = os.path.join(yara_root, category)
        if not os.path.exists(category_root):
            log.warning("Missing Yara directory: %s?", category_root)

        rules, indexed = {}, []
        for category_root, _, filenames in os.walk(category_root, followlinks=True):
            for filename in filenames:
                if not filename.endswith((".yar", ".yara")):

                filepath = os.path.join(category_root, filename)

                    # TODO Once Yara obtains proper Unicode filepath support we
                    # can remove this check. See also this Github issue:
                    # https://github.com/VirusTotal/yara-python/issues/48
                    assert len(str(filepath)) == len(filepath)
                except (UnicodeEncodeError, AssertionError):
                    log.warning("Can't load Yara rules at %r as Unicode filepaths are " "currently not supported in combination with Yara!", filepath)

                rules["rule_%s_%d" % (category, len(rules))] = filepath

            # Need to define each external variable that will be used in the
        # future. Otherwise Yara will complain.
        externals = {
            "filename": "",

            File.yara_rules[category] = yara.compile(filepaths=rules, externals=externals)
        except yara.Error as e:
            raise CuckooStartupError("There was a syntax error in one or more Yara rules: %s" % e)

        # ToDo for Volatility3 yarascan
        # The memory.py processing module requires a yara file with all of its
        # rules embedded in it, so create this file to remain compatible.
        # if category == "memory":
        #    f = open(os.path.join(yara_root, "index_memory.yar"), "w")
        #    for filename in sorted(indexed):
        #        f.write('include "%s"\n' % os.path.join(category_root, filename))

        indexed = sorted(indexed)
        for entry in indexed:
            if (category, entry) == indexed[-1]:
                log.debug("\t `-- %s %s", category, entry)
                log.debug("\t |-- %s %s", category, entry)
Ejemplo n.º 8
def init_routing():
    """Initialize and check whether the routing information is correct."""

    # Check whether all VPNs exist if configured and make their configuration
    # available through the vpns variable. Also enable NAT on each interface.
    if vpn.vpn.enabled:
        for name in vpn.vpn.vpns.split(","):
            name = name.strip()
            if not name:

            if not hasattr(vpn, name):
                raise CuckooStartupError(
                    "Could not find VPN configuration for %s" % name

            entry = vpn.get(name)
            #add = 1
            #if not rooter("nic_available", entry.interface):
                #raise CuckooStartupError(
                #   "The network interface that has been configured for "
                #    "VPN %s is not available." % entry.name
            #    add = 0
            if not rooter("rt_available", entry.rt_table):
                raise CuckooStartupError(
                    "The routing table that has been configured for "
                    "VPN %s is not available." % entry.name
            vpns[entry.name] = entry

            # Disable & enable NAT on this network interface. Disable it just
            # in case we still had the same rule from a previous run.
            rooter("disable_nat", entry.interface)
            rooter("enable_nat", entry.interface)

            # Populate routing table with entries from main routing table.
            if cuckoo.routing.auto_rt:
                rooter("flush_rttable", entry.rt_table)
                rooter("init_rttable", entry.rt_table, entry.interface)

    # Check whether the default VPN exists if specified.
    if cuckoo.routing.route not in ("none", "internet", "tor", "inetsim"):
        if not vpn.vpn.enabled:
            raise CuckooStartupError(
                "A VPN has been configured as default routing interface for "
                "VMs, but VPNs have not been enabled in vpn.conf"

        if cuckoo.routing.route not in vpns:
            raise CuckooStartupError(
                "The VPN defined as default routing target has not been "
                "configured in vpn.conf."

    # Check whether the dirty line exists if it has been defined.
    if cuckoo.routing.internet != "none":
        if not rooter("nic_available", cuckoo.routing.internet):
            raise CuckooStartupError(
                "The network interface that has been configured as dirty "
                "line is not available."

        if not rooter("rt_available", cuckoo.routing.rt_table):
            raise CuckooStartupError(
                "The routing table that has been configured for dirty "
                "line interface is not available."

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", cuckoo.routing.internet)
        rooter("enable_nat", cuckoo.routing.internet)

        # Populate routing table with entries from main routing table.
        if cuckoo.routing.auto_rt:
            rooter("flush_rttable", cuckoo.routing.rt_table)
            rooter("init_rttable", cuckoo.routing.rt_table,

    # Check if tor interface exists, if yes then enable nat
    if cuckoo.routing.tor and cuckoo.routing.tor_interface:
        if not rooter("nic_available", cuckoo.routing.tor_interface):
            raise CuckooStartupError(
                "The network interface that has been configured as tor "
                "line is not available."

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", cuckoo.routing.tor_interface)
        rooter("enable_nat", cuckoo.routing.tor_interface)

        # Populate routing table with entries from main routing table.
        if cuckoo.routing.auto_rt:
            rooter("flush_rttable", cuckoo.routing.rt_table)
            rooter("init_rttable", cuckoo.routing.rt_table,

    # Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
    #if cuckoo.routing.inetsim_interface and cuckoo.routing.inetsim_interface !=  cuckoo.routing.tor_interface:
    # Check if inetsim interface exists, if yes then enable nat
    if cuckoo.routing.inetsim and cuckoo.routing.inetsim_interface:
        if not rooter("nic_available", cuckoo.routing.inetsim_interface):
            raise CuckooStartupError(
                "The network interface that has been configured as inetsim "
                "line is not available."

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", cuckoo.routing.inetsim_interface)
        rooter("enable_nat", cuckoo.routing.inetsim_interface)

        # Populate routing table with entries from main routing table.
        if cuckoo.routing.auto_rt:
            rooter("flush_rttable", cuckoo.routing.rt_table)
            rooter("init_rttable", cuckoo.routing.rt_table,
Ejemplo n.º 9
def check_python_version():
    """Checks if Python version is supported by Cuckoo.
    @raise CuckooStartupError: if version is not supported.
    if sys.version_info[:2] < (3, 6):
        raise CuckooStartupError("You are running an incompatible version of Python, please use >= 3.6")
Ejemplo n.º 10
def init_routing():
    """Initialize and check whether the routing information is correct."""

    # Check whether all VPNs exist if configured and make their configuration
    # available through the vpns variable. Also enable NAT on each interface.

    if routing.socks5.enabled:
        for name in routing.socks5.proxies.split(","):
            name = name.strip()
            if not name:

            if not hasattr(routing, name):
                raise CuckooStartupError("Could not find socks5 configuration for %s" % name)

            entry = routing.get(name)
            socks5s[entry.name] = entry

    if routing.vpn.enabled:
        for name in routing.vpn.vpns.split(","):
            name = name.strip()
            if not name:

            if not hasattr(routing, name):
                raise CuckooStartupError("Could not find VPN configuration for %s" % name)

            entry = routing.get(name)
            # add = 1
            # if not rooter("nic_available", entry.interface):
            # raise CuckooStartupError(
            #   "The network interface that has been configured for "
            #    "VPN %s is not available." % entry.name
            # )
            #    add = 0
            if not rooter("rt_available", entry.rt_table):
                raise CuckooStartupError("The routing table that has been configured for VPN %s is not available." % entry.name)
            vpns[entry.name] = entry

            # Disable & enable NAT on this network interface. Disable it just
            # in case we still had the same rule from a previous run.
            rooter("disable_nat", entry.interface)
            rooter("enable_nat", entry.interface)

            # Populate routing table with entries from main routing table.
            if routing.routing.auto_rt:
                rooter("flush_rttable", entry.rt_table)
                rooter("init_rttable", entry.rt_table, entry.interface)

    # If we are storage and webgui only but using as default route one of the workers exitnodes
    if repconf.distributed.master_storage_only:

    # Check whether the default VPN exists if specified.
    if routing.routing.route not in ("none", "internet", "tor", "inetsim"):
        if not routing.vpn.enabled:
            raise CuckooStartupError(
                "A VPN has been configured as default routing interface for VMs, but VPNs have not been enabled in routing.conf"

        if routing.routing.route not in vpns and routing.routing.route not in socks5s:
            raise CuckooStartupError(
                "The VPN/Socks5 defined as default routing target has not been configured in routing.conf. You should use name field"

    # Check whether the dirty line exists if it has been defined.
    if routing.routing.internet != "none":
        if not rooter("nic_available", routing.routing.internet):
            raise CuckooStartupError("The network interface that has been configured as dirty line is not available.")

        if not rooter("rt_available", routing.routing.rt_table):
            raise CuckooStartupError("The routing table that has been configured for dirty line interface is not available.")

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", routing.routing.internet)
        rooter("enable_nat", routing.routing.internet)

        # Populate routing table with entries from main routing table.
        if routing.routing.auto_rt:
            rooter("flush_rttable", routing.routing.rt_table)
            rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)

    # Check if tor interface exists, if yes then enable nat
    if routing.tor.enabled and routing.tor.interface:
        if not rooter("nic_available", routing.tor.interface):
            raise CuckooStartupError("The network interface that has been configured as tor line is not available.")

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", routing.tor.interface)
        rooter("enable_nat", routing.tor.interface)

        # Populate routing table with entries from main routing table.
        if routing.routing.auto_rt:
            rooter("flush_rttable", routing.routing.rt_table)
            rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)

    # Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
    # if routing.inetsim.interface and cuckoo.routing.inetsim_interface !=  routing.tor.interface:
    # Check if inetsim interface exists, if yes then enable nat
    if routing.inetsim.enabled and routing.inetsim.interface:
        if not rooter("nic_available", routing.inetsim.interface):
            raise CuckooStartupError("The network interface that has been configured as inetsim line is not available.")

        # Disable & enable NAT on this network interface. Disable it just
        # in case we still had the same rule from a previous run.
        rooter("disable_nat", routing.inetsim.interface)
        rooter("enable_nat", routing.inetsim.interface)

        # Populate routing table with entries from main routing table.
        if routing.routing.auto_rt:
            rooter("flush_rttable", routing.routing.rt_table)
            rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
Ejemplo n.º 11
 def checkConfigs():
     '''check for config file and define variables'''
     config = os.path.join(CUCKOO_ROOT,"cuckooinbox","cuckooinbox.conf")
     if not os.path.exists(config):
         raise CuckooStartupError("Config file does not exist at path: %s" % config)