搜索
查看: 2170|回复: 0
收起左侧

[软件分享] 自行搭建文件行为分析沙箱,告别在线沙箱

[复制链接]
00006666
发表于 2020-9-28 09:52:04 | 显示全部楼层 |阅读模式
本帖最后由 00006666 于 2020-9-28 09:57 编辑

Cuckoo Sandbox - Automated Malware Analysis

布谷鸟沙箱官网

布谷鸟沙箱的GitHub主页

FREEBUF上的一篇介绍布谷鸟沙箱使用的文章






布谷鸟沙箱是类似于微步沙箱的文件行为分析系统,可以使用虚拟机搭建,功能完善,且没有在线沙箱的文件大小限制。




Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to:

  • Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
  • Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
  • Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a [过滤].
  • Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.

Due to Cuckoo's open source nature and extensive modular design one may customize any aspect of the analysis environment, analysis results processing, and reporting stage. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.







您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 晋ICP备20004298号-1 ) GMT+8, 2020-10-28 05:00 , Processed in 0.117944 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表