在Windows上安装部署Cuckoo

1. Cuckoo使用的第三方工具及库

Yara:http://plusvic.github.io/yara/

Pydeep:https://github.com/kbandla/pydeep

 

Yara是用来扫描文件的Pattern的工具;

Pydeep是用来计算一段缓存或者一个文件的摘要,以及根据摘要来分析两个文件的相似度的工具。

Pydeep是根据ssdeep项目改写的Python版本,而ssdeep是根据下面的论文开发的:

http://dfrws.org/2006/proceedings/12-Kornblum.pdf

 

  • Dpkt (Highly Recommended): for extracting relevant information from PCAP files.
  • Jinja2 (Highly Recommended): for rendering the HTML reports and the web interface.
  • Magic (Optional): for identifying files’ formats (otherwise use “file” command line utility)
  • Pydeep (Optional): for calculating ssdeep fuzzy hash of files.
  • Pymongo (Optional): for storing the results in a MongoDB database.
  • Yara and Yara Python (Optional): for matching Yara signatures (use release 1.7 or above or the svn version).
  • Libvirt (Optional): for using the KVM machine manager.
  • Bottlepy (Optional): for using the api.py or web.py utility (use release 0.10 or above).
  • Django (Optional): for using the web interface (use release 1.5 or above).
  • Pefile (Optional): used for static analysis of PE32 binaries.
  • Volatility (Optional): used for forensic analysis on memory
  • MAEC Python bindings (Optional): used for MAEC reporting (use release 4.0 or above).
  • Chardet (Optional): used for detecting string encoding.
  • 来自:http://docs.cuckoosandbox.org/en/latest/installation/host/requirements/

2. 在Windows上安装Cuckoo Host

参考:http://www.cnblogs.com/long123king/p/3494011.html中使用pip的教程

http://www.lfd.uci.edu/~gohlke/pythonlibs/#pip

pip install sqlalchemy bson
posted @ 2014-03-13 16:33  Daniel King  阅读(975)  评论(0编辑  收藏  举报