def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"id",
type=str,
help=
"ID of the analysis to process (auto for continuous processing of unprocessed tasks)."
)
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument("-r",
"--report",
help="Re-generate report",
action="store_true",
required=False)
parser.add_argument(
"-p",
"--parallel",
help="Number of parallel threads to use (auto mode only).",
type=int,
required=False,
default=1)
args = parser.parse_args()
init_logging(debug=args.debug)
init_modules()
if args.id == "auto":
autoprocess(parallel=args.parallel)
else:
process(int(args.id), report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process")
parser.add_argument("-r",
"--report",
help="Re-generate report",
action="store_true",
required=False)
parser.add_argument("-f",
"--failed",
help="Mark the analysis as failed",
action="store_true",
required=False)
args = parser.parse_args()
init_modules()
if args.failed:
results = {"success": False}
else:
results = Processor(args.id).run()
results["success"] = True
if args.report:
Reporter(args.id).run(results)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("instance", type=str, help="Task processing instance.")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-u", "--user", type=str, help="Drop user privileges to this user")
parser.add_argument("-m", "--modules", help="Path to signature and reporting modules - overrides default modules path.", type=str, required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
log.setLevel(logging.DEBUG)
if args.modules:
sys.path.insert(0, args.modules)
init_modules()
try:
# Run the instance.
instance(args.instance)
except KeyboardInterrupt:
log.info("Interrupted by ^C.")
except Exception:
log.exception("Unknown exception!")
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1)
parser.add_argument("-u", "--user", type=str, help="Drop user privileges to this user")
parser.add_argument("-m", "--modules", help="Path to signature and reporting modules - overrides default modules path.", type=str, required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
log.setLevel(logging.DEBUG)
if args.modules:
sys.path.insert(0, args.modules)
init_modules(machinery=False)
if args.id == "auto":
autoprocess(parallel=args.parallel)
else:
task = Database().view_task(int(args.id))
if not task:
process(task={"id": int(args.id), "category": "file", "target": ""}, report=args.report)
else:
process(task=task.to_dict(), report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("instance", type=str, help="Task processing instance.")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-u", "--user", type=str, help="Drop user privileges to this user")
parser.add_argument("-m", "--modules", help="Path to signature and reporting modules - overrides default modules path.", type=str, required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
log.setLevel(logging.DEBUG)
if args.modules:
sys.path.insert(0, args.modules)
init_modules()
try:
# Run the instance.
instance(args.instance)
except KeyboardInterrupt:
log.info("Interrupted by ^C.")
except Exception:
log.exception("Unknown exception!")
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-c", "--caperesubmit", help="Allow CAPE resubmit processing.", action="store_true", required=False)
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-s", "--signatures", help="Re-execute signatures on the report", action="store_true", required=False)
parser.add_argument("-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1)
parser.add_argument("-fp", "--failed-processing", help="reprocess failed processing", action="store_true", required=False, default=False)
parser.add_argument("-mc", "--maxtasksperchild", help="Max children tasks per worker", action="store", type=int, required=False, default=7)
parser.add_argument("-md", "--memory-debugging", help="Enable logging garbage collection related info", action="store_true", required=False, default=False)
args = parser.parse_args()
init_yara()
init_modules()
if args.id == "auto":
init_logging(auto=True, debug=args.debug)
autoprocess(parallel=args.parallel, failed_processing=args.failed_processing, maxtasksperchild=args.maxtasksperchild, memory_debugging=args.memory_debugging)
else:
if not os.path.exists(os.path.join(CUCKOO_ROOT, "storage", "analyses", args.id)):
sys.exit(red("\n[-] Analysis folder doesn't exist anymore\n"))
init_logging(tid=args.id, debug=args.debug)
task = Database().view_task(int(args.id))
if args.signatures:
report = os.path.join(CUCKOO_ROOT, "storage", "analyses", args.id, "reports", "report.json")
if not os.path.exists(report):
sys.exit("File {} doest exist".format(report))
results = json.load(open(report))
if results is not None:
RunSignatures(task=task.to_dict(), results=results).run()
else:
process(task=task, report=args.report, capeproc=args.caperesubmit, memory_debugging=args.memory_debugging)
def main():
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
parser = argparse.ArgumentParser()
parser.add_argument("-q",
"--quiet",
help="Display only error messages",
action="store_true",
required=False)
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument(
"-v",
"--version",
action="version",
version="You are running Cuckoo Sandbox {0}".format(CUCKOO_VERSION))
parser.add_argument("-a",
"--artwork",
help="Show artwork",
action="store_true",
required=False)
args = parser.parse_args()
if args.artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if args.quiet:
log.setLevel(logging.WARN)
elif args.debug:
log.setLevel(logging.DEBUG)
init_modules()
init_tasks()
Resultserver()
try:
sched = Scheduler()
sched.start()
except KeyboardInterrupt:
sched.stop()
def main():
parser = argparse.ArgumentParser()
parser.add_argument("instance", type=str, help="Task processing instance.")
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument("-u",
"--user",
type=str,
help="Drop user privileges to this user")
parser.add_argument(
"-m",
"--modules",
help=
"Path to signature and reporting modules - overrides default modules path.",
type=str,
required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
log.setLevel(logging.DEBUG)
if args.modules:
sys.path.insert(0, args.modules)
init_modules()
db = Database()
if args.instance == "scheduler":
# When restarting the scheduler, we first stop all currently running
# nodes, so to reset the state. This will then stop the instances and
# they will be restarted by Upstart.
for tp in db.list_processing_tasks(None, 128):
db.delete_processing_task(tp)
scheduler()
else:
# Register this instance.
tp = TaskProcessing(None, args.instance)
Database().add_processing_task(tp)
try:
# Run the instance.
instance(args.instance)
except Exception as e:
log.exception("Keyboard Interrupt? -> %s", e)
# Unregister the instance.
Database().delete_processing_task(tp)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("path", type=str, help="Path to the folder containing the analysis results to process")
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
args = parser.parse_args()
init_modules()
results = Processor(args.path).run()
if args.report:
Reporter(args.path).run(results)
def cuckoo_init(quiet=False, debug=False, artwork=False, test=False, ml=False):
"""Cuckoo initialization workflow.
@param quiet: if set enable silent mode, it doesn't print anything except warnings
@param debug: if set enable debug mode, it print all debug messages
@param artwork: if set it will print only artworks, forever
@param test: enable integration test mode, used only for testing
@param ml: do CuckooML analysis of locally stored samples
"""
cur_path = os.getcwd()
os.chdir(CUCKOO_ROOT)
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
if artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if quiet:
log.setLevel(logging.WARN)
elif debug:
log.setLevel(logging.DEBUG)
if ml:
init_cuckooml()
return
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
# TODO: This is just a temporary hack, we need an actual test suite to
# integrate with Travis-CI.
if test:
return
ResultServer()
os.chdir(cur_path)
def cuckoo_init(quiet=False, debug=False, artwork=False, test=False, ml=False):
"""Cuckoo initialization workflow.
@param quiet: if set enable silent mode, it doesn't print anything except warnings
@param debug: if set enable debug mode, it print all debug messages
@param artwork: if set it will print only artworks, forever
@param test: enable integration test mode, used only for testing
@param ml: do CuckooML analysis of locally stored samples
"""
cur_path = os.getcwd()
os.chdir(CUCKOO_ROOT)
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
if artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if quiet:
log.setLevel(logging.WARN)
elif debug:
log.setLevel(logging.DEBUG)
if ml:
init_cuckooml()
return
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
# TODO: This is just a temporary hack, we need an actual test suite to
# integrate with Travis-CI.
if test:
return
ResultServer()
os.chdir(cur_path)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1)
args = parser.parse_args()
init_modules()
if args.id == "auto":
init_logging(auto=True, debug=args.debug)
autoprocess(parallel=args.parallel)
else:
init_logging(tid=args.id, debug=args.debug)
task = Database().view_task(int(args.id))
process(task=task.to_dict(), report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1)
args = parser.parse_args()
if args.debug:
log.setLevel(logging.DEBUG)
init_modules()
if args.id == "auto":
autoprocess(parallel=args.parallel)
else:
process(int(args.id), report=args.report)
def main():
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
parser = argparse.ArgumentParser()
parser.add_argument("-q", "--quiet", help="Display only error messages", action="store_true", required=False)
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-v", "--version", action="version", version="You are running Cuckoo Sandbox {0}".format(CUCKOO_VERSION))
parser.add_argument("-a", "--artwork", help="Show artwork", action="store_true", required=False)
parser.add_argument("-t", "--test", help="Test startup", action="store_true", required=False)
args = parser.parse_args()
if args.artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if args.quiet:
log.setLevel(logging.WARN)
elif args.debug:
log.setLevel(logging.DEBUG)
init_modules()
init_tasks()
# This is just a temporary hack, we need an actual test suite to integrate
# with Travis-CI.
if args.test:
return
Resultserver()
try:
sched = Scheduler()
sched.start()
except KeyboardInterrupt:
sched.stop()
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process")
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-f", "--failed", help="Mark the analysis as failed", action="store_true", required=False)
args = parser.parse_args()
init_modules()
if args.failed:
results = {"success" : False}
else:
results = Processor(args.id).run()
results["success"] = True
if args.report:
Reporter(args.id).run(results)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process")
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument("-r",
"--report",
help="Re-generate report",
action="store_true",
required=False)
args = parser.parse_args()
if args.debug:
log.setLevel(logging.DEBUG)
init_modules()
if args.id == "auto":
cfg = Config()
maxcount = cfg.cuckoo.max_analysis_count
count = 0
db = Database()
while count < maxcount or not maxcount:
tasks = db.list_tasks(status=TASK_COMPLETED, limit=1)
for task in tasks:
log.info("Processing analysis data for Task #%d", task.id)
try:
do(task.id, report=True)
except:
log.exception("Exception when processing a task.")
db.set_status(task.id, TASK_FAILED_PROCESSING)
else:
log.info("Task #%d: reports generation completed", task.id)
count += 1
if not tasks:
time.sleep(5)
else:
do(args.id, report=args.report)
def main():
global log
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument("-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1)
parser.add_argument("-u", "--user", type=str, help="Drop user privileges to this user")
parser.add_argument("-m", "--modules", help="Path to signature and reporting modules - overrides default modules path.", type=str, required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
logging.basicConfig(level=logging.DEBUG)
else:
logging.basicConfig(level=logging.INFO)
log = logging.getLogger("cuckoo.process")
if args.modules:
sys.path.insert(0, args.modules)
init_modules(machinery=False)
if args.id == "auto":
autoprocess(parallel=args.parallel)
else:
task = Database().view_task(int(args.id))
if not task:
task = {
"id": int(args.id),
"category": "file",
"target": "",
"options": "",
}
process(task=task, report=args.report)
else:
process(task=task.to_dict(), report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"id",
type=str,
help=
"ID of the analysis to process (auto for continuous processing of unprocessed tasks)."
)
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument("-r",
"--report",
help="Re-generate report",
action="store_true",
required=False)
parser.add_argument(
"-p",
"--parallel",
help="Number of parallel threads to use (auto mode only).",
type=int,
required=False,
default=1)
parser.add_argument("-c",
"--caperesubmit",
help="Allow CAPE resubmit processing.",
action="store_true",
required=False)
args = parser.parse_args()
init_yara()
init_modules()
if args.id == "auto":
init_logging(auto=True, debug=args.debug)
autoprocess(parallel=args.parallel)
else:
init_logging(tid=args.id, debug=args.debug)
task = Database().view_task(int(args.id))
process(task=task, report=args.report, capeproc=args.caperesubmit)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("instance", type=str, help="Task processing instance.")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-u", "--user", type=str, help="Drop user privileges to this user")
parser.add_argument("-m", "--modules", help="Path to signature and reporting modules - overrides default modules path.", type=str, required=False)
args = parser.parse_args()
if args.user:
drop_privileges(args.user)
if args.debug:
log.setLevel(logging.DEBUG)
if args.modules:
sys.path.insert(0, args.modules)
init_modules()
db = Database()
if args.instance == "scheduler":
# When restarting the scheduler, we first stop all currently running
# nodes, so to reset the state. This will then stop the instances and
# they will be restarted by Upstart.
for tp in db.list_processing_tasks(None, 128):
db.delete_processing_task(tp)
scheduler()
else:
# Register this instance.
tp = TaskProcessing(None, args.instance)
Database().add_processing_task(tp)
try:
# Run the instance.
instance(args.instance)
except Exception as e:
log.exception("Keyboard Interrupt? -> %s", e)
# Unregister the instance.
Database().delete_processing_task(tp)
def cuckoo_init(quiet=False, debug=False, artwork=False, test=False):
cur_path = os.getcwd()
os.chdir(CUCKOO_ROOT)
logo()
check_working_directory()
check_configs()
create_structure()
if artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
if quiet:
level = logging.WARN
elif debug:
level = logging.DEBUG
else:
level = logging.INFO
log.setLevel(level)
init_logging(level)
check_webgui_mongo()
init_modules()
init_tasks()
init_yara()
init_rooter()
init_routing()
# This is just a temporary hack, we need an actual test suite to integrate
# with Travis-CI.
if test:
return
ResultServer()
os.chdir(cur_path)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-s",
"--start",
help="First job in range to delete",
required=True)
parser.add_argument("-e",
"--end",
help="Last job in range to delete",
required=True)
args = parser.parse_args()
init_modules()
TotalTasks = Database().count_tasks()
init_logging()
for task_id in range(int(args.start), int(args.end) + 1):
print "About to delete task {}".format(task_id)
tasks_delete(task_id)
def cuckoo_init(quiet=False, debug=False, artwork=False, test=False):
cur_path = os.getcwd()
os.chdir(CUCKOO_ROOT)
logo()
check_working_directory()
check_configs()
check_version()
create_structure()
if artwork:
import time
try:
while True:
time.sleep(1)
logo()
except KeyboardInterrupt:
return
init_logging()
if quiet:
log.setLevel(logging.WARN)
elif debug:
log.setLevel(logging.DEBUG)
init_config()
init_modules()
init_tasks()
init_yara()
# This is just a temporary hack, we need an actual test suite to integrate
# with Travis-CI.
if test:
return
ResultServer()
os.chdir(cur_path)
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"id",
type=str,
help=
"ID of the analysis to process (auto for continuous processing of unprocessed tasks)."
)
parser.add_argument("-d",
"--debug",
help="Display debug messages",
action="store_true",
required=False)
parser.add_argument("-r",
"--report",
help="Re-generate report",
action="store_true",
required=False)
parser.add_argument(
"-p",
"--parallel",
help="Number of parallel threads to use (auto mode only).",
type=int,
required=False,
default=1)
args = parser.parse_args()
if args.debug:
log.setLevel(logging.DEBUG)
logging.getLogger("urllib3").setLevel(logging.WARNING)
init_modules()
if args.id == "auto":
autoprocess(parallel=args.parallel)
else:
task = Database().view_task(int(args.id))
process(task=task.to_dict(), report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process")
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
args = parser.parse_args()
if args.debug:
log.setLevel(logging.DEBUG)
init_modules()
if args.id == "auto":
cfg = Config()
maxcount = cfg.cuckoo.max_analysis_count
count = 0
db = Database()
while count < maxcount or not maxcount:
tasks = db.list_tasks(status=TASK_COMPLETED, limit=1)
for task in tasks:
log.info("Processing analysis data for Task #%d", task.id)
try:
do(task.id, report=True)
except:
log.exception("Exception when processing a task.")
db.set_status(task.id, TASK_FAILED_PROCESSING)
else:
log.info("Task #%d: reports generation completed", task.id)
count += 1
if not tasks:
time.sleep(5)
else:
do(args.id, report=args.report)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("id", type=str, help="ID of the analysis to process (auto for continuous processing of unprocessed tasks).")
parser.add_argument("-c", "--caperesubmit", help="Allow CAPE resubmit processing.", action="store_true", required=False)
parser.add_argument("-d", "--debug", help="Display debug messages", action="store_true", required=False)
parser.add_argument("-r", "--report", help="Re-generate report", action="store_true", required=False)
parser.add_argument(
"-p", "--parallel", help="Number of parallel threads to use (auto mode only).", type=int, required=False, default=1
)
parser.add_argument(
"-fp", "--failed-processing", help="reprocess failed processing", action="store_true", required=False, default=False
)
parser.add_argument(
"-mc", "--maxtasksperchild", help="Max children tasks per worker", action="store", type=int, required=False, default=7
)
parser.add_argument(
"-md",
"--memory-debugging",
help="Enable logging garbage collection related info",
action="store_true",
required=False,
default=False,
)
parser.add_argument(
"-pt",
"--processing-timeout",
help="Max amount of time spent in processing before we fail a task",
action="store",
type=int,
required=False,
default=300,
)
testing_args = parser.add_argument_group("Signature testing options")
testing_args.add_argument(
"-sig",
"--signatures",
help="Re-execute signatures on the report, doesn't work for signature with self.get_raw_argument, use self.get_argument",
action="store_true",
default=False,
required=False,
)
testing_args.add_argument(
"-sn",
"--signature-name",
help="Run only one signature. To be used with --signature. Example -sig -sn cape_detected_threat",
action="store",
default=False,
required=False,
)
testing_args.add_argument(
"-jr",
"--json-report",
help="Path to json report, only if data not in mongo/default report location",
action="store",
default=False,
required=False,
)
args = parser.parse_args()
init_yara()
init_modules()
if args.id == "auto":
init_logging(auto=True, debug=args.debug)
autoprocess(
parallel=args.parallel,
failed_processing=args.failed_processing,
maxtasksperchild=args.maxtasksperchild,
memory_debugging=args.memory_debugging,
processing_timeout=args.processing_timeout,
)
else:
if not os.path.exists(os.path.join(CUCKOO_ROOT, "storage", "analyses", args.id)):
sys.exit(red("\n[-] Analysis folder doesn't exist anymore\n"))
init_logging(tid=args.id, debug=args.debug)
task = Database().view_task(int(args.id))
if args.signatures:
conn = False
report = False
# check mongo
if repconf.mongodb.enabled:
conn, _, results = _load_mongo_report(int(args.id), return_one=True)
if not results:
# fallback to json
report = os.path.join(CUCKOO_ROOT, "storage", "analyses", args.id, "reports", "report.json")
if not os.path.exists(report):
if args.json_report and not os.path.exists(args.json_report):
report = args.json_report
else:
sys.exit("File {} doest exist".format(report))
if report:
results = json.load(open(report))
if results is not None:
RunSignatures(task=task.to_dict(), results=results).run(args.signature_name)
else:
process(task=task, report=args.report, capeproc=args.caperesubmit, memory_debugging=args.memory_debugging)