Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

cuckoo

Cuckoo generates a handful of different raw data which include:

Native functions and Windows API calls traces
Copies of files created and deleted from the filesystem
Dump of the memory of the selected process
Full memory dump of the analysis machine
Screenshots of the desktop during the execution of the malware analysis
Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

JSON report
HTML report
MAEC report
MongoDB interface
HPFeeds interface

Even more interestingly, thanks to Cuckoo’s extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.

git clone git://github.com/cuckoobox/cuckoo.git