1.安裝依賴
$ sudo apt-get install git mongodb libffi-dev build-essential python-django python python-dev python-pip python-pil python-sqlalchemy python-bson python-dpkt python-jinja2 python-magic python-pymongo python-gridfs python-libvirt python-bottle python-pefile python-chardet tcpdump -y
中間可能出現的問題解決:php
1. libffi-dev : 依賴: libffi6 (= 3.2.1-4) 可是 3.2.1-6 正要被安裝html
$ sudo apt-get install libffi6=3.2.1-4
2. python-magic : 依賴: libmagic1 (< 1:5.25-2ubuntu1.1.1~) 可是 1:5.28-2ubuntu1 正要被安裝python
$ sudo apt-get purge libmagic1 $ sudo apt-get install python-magic --fix-broken
3.pip問題(解決辦法)git
2.安裝Tcpdump
$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
3.安裝Pydeep
$ wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.13/ssdeep-2.13.tar.gz/download -O ssdeep-2.13.tar.gz $ tar -zxf ssdeep-2.13.tar.gz $ cd ssdeep-2.13 $ ./configure $ make $ sudo make install $ sudo pip install pydeep
4.安裝Volatility
$ sudo pip install openpyxl $ sudo pip install ujson $ sudo pip install pycrypto $ sudo pip install distorm3 $ sudo pip install pytz $ git clone https://github.com/volatilityfoundation/volatility.git $ cd volatility $ python setup.py build $ python setup.py install
5.安裝Cuckoo
$ sudo pip install cuckoo 或者 $ git clone git://github.com/cuckoosandbox/cuckoo.git
沒法刪除關聯(刪除xxx.egg-info文件)github
6.Vitrualbox配置
安裝win7系統作靶機,網絡配置選擇 host only 模式web
若HOST-ONLY顯示未指定界面,快捷鍵 ctrl+g 加入網卡 vboxnet0sql
在虛擬機裏面安裝python,把Cuckoo的Agent拷貝進虛擬機,這個python腳本在[Cuckoo工做目錄]\agent\agent.pymongodb
命令行運行agent腳本,這個時候你就能夠建立快照了。將這個快照的名稱填入virtualbox.conf對應的位置django
7.配置Cuckoo
在 .cuckoo/conf/中修改配置文件:json
cuckoo.conf
auxiliary.conf
virtualbox.conf
machinery = virtualbox [resultserver] ip = 192.168.x.xThis is the IP address of the host port = 2042 #leave default unless you have services running [cuckoo] process_results = no
auxiliary.conf
[sniffer] enabled = yes tcpdump = /usr/sbin/tcpdump interface = vboxnet0
virtualbox.conf
machines = 你的虛擬機名字 label = 你的虛擬機名字 platform = windows ip = 192.168.x.x IP address of the guest snapshot = 你建立的快照名字
reporting.conf
[mongodb] enabled = yes
8.運行Cuckoo
cuckoo web runserver
cuckoo -d
打開http://127.0.0.1:8000,就能夠看到cuckoo SandBox的Web頁面。