{"id":19873081,"url":"https://github.com/checkpointsw/cuckoo-aws","last_synced_at":"2025-05-02T09:31:33.524Z","repository":{"id":43612903,"uuid":"171248932","full_name":"CheckPointSW/Cuckoo-AWS","owner":"CheckPointSW","description":"Extension to Cuckoo Sandbox open source projects, adds support to AWS cloud functionalities and enables running emulation on auto-scaling infrastructure","archived":false,"fork":false,"pushed_at":"2022-03-15T12:28:50.000Z","size":15355,"stargazers_count":136,"open_issues_count":6,"forks_count":29,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-07T00:51:11.893Z","etag":null,"topics":["reserach"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CheckPointSW.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-18T08:59:06.000Z","updated_at":"2024-09-26T13:51:42.000Z","dependencies_parsed_at":"2022-09-02T17:00:38.788Z","dependency_job_id":null,"html_url":"https://github.com/CheckPointSW/Cuckoo-AWS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FCuckoo-AWS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FCuckoo-AWS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FCuckoo-AWS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FCuckoo-AWS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CheckPointSW","download_url":"https://codeload.github.com/CheckPointSW/Cuckoo-AWS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252015833,"owners_count":21680831,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reserach"],"created_at":"2024-11-12T16:17:43.465Z","updated_at":"2025-05-02T09:31:31.275Z","avatar_url":"https://github.com/CheckPointSW.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cuckoo SandBox on AWS\nBy Oran Kabarity @ Check Point Software Technologies\n\n## Overview\n\nThe project is an extension to Cuckoo Sandbox open source project; it adds support to AWS cloud functionalities and enables running emulations on auto-scaling infrastructure.\n\nThis blog post explains in detail the theory and functionality of Cuckoo Sandbox over AWS cloud.  \nhttps://research.checkpoint.com/cuckoo-system-on-aws/\n\n## Installation instructions - Nest Setup\n\n\n•\tWe added cloudformation stack:  `cuckoo-aws-cloudformation.yaml`, All you need to do is running it and you will receive an EC2 instance with all the requirements installed in it\n\n•\tRun cuckoo with debug output\n```\ncuckoo –d\n```\n\n•\tThe first run should build the configuration files and save them in some location. The location is shown in the output of the run (should contain “.cuckoo” library). It is strongly advised to remember that location for the following steps and for future usages\n\n•\tEdit \".cuckoo/conf/cuckoo.conf\"\n```\nmachinery = aws\n[resultserver] ip = \u003cthe private IP of this machine\u003e\n```\n\n•\tEdit \".cuckoo/conf/aws.conf\" according to the instructions in the file\n\n•\tRun \n```\ncuckoo \n```\n \n\n## Image and snapshot setup\n\n•\tCuckoo are recommending to run guest VMs on 64-bit Windows 7. You can import your regular VM to AMI using this manual.\n  https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html\n\n•\tLaunch a new Windows 7 instance to setup the guest \n\n•\tInstall Python and Pillow library\n  https://cuckoo.sh/docs/installation/guest/requirements.html\n\n•\tDisable Windows Firewall and the Automatic Updates\n  https://cuckoo.sh/docs/installation/guest/network.html\n  \n•\tInstall Cuckoo agent\n  https://cuckoo.sh/docs/installation/guest/agent.html\n\n•\tFor malware network analysis, each guest should have the Nest as their default route \n\n•\tSave this instace as a new image(AMI). This action will also create a new snapshot(snapshot-id can be found under the AMI details)\n\n\n\n## Changes from official Cuckoo repository\n\nIn order to make it compatible with AWS we made the following changes.\n\n•\tAdded a new machinery (at cuckoo/machinery/aws.py)\n\n•\tAdded a new config template (at cuckoo/private/cwd/conf/aws.conf)\n\n•\tModified the config object (at cuckoo/common/config.py) in a way that will support the new configuration file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fcuckoo-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcheckpointsw%2Fcuckoo-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fcuckoo-aws/lists"}