Automatic submit of new files to cuckoo

[icepaule]

No description provided.

[frennkie]

Dear @icepaule, I believe I get the idea behind this request. But anyway it would be great if you could give a little more background information to avoid any confusion.

[icepaule]

Hello team,
first of all thanks so much for this great work.

My aim is to use viper in such way, to transmit every new added file automatically to my cuckoo instance for submission. Although the web-gui butten "cuckoo" already works, going through each new addition and pressing it is odd.
I thought off using the "commands" section in viper.conf to establish a kind of automatic submission, but it's not working.

Even when using the viper-cli and issuing the "cuckoo -f" it throughs me below error:

_viper mm/msmdsrv.exe > cuckoo -f
[!] The command cuckoo raised an exception:
Traceback (most recent call last):
File "/opt/viper/viper/core/ui/console.py", line 313, in start
module.run()
File "/opt/viper/viper/modules/cuckoo.py", line 164, in run
search_results = self.api_query('get', '{0}/{1}'.format(search_url, sessions.current.file.sha256)).json()
File "/usr/local/lib/python3.6/dist-packages/requests/models.py", line 892, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/simplejson/init.py", line 518, in loads
return _default_decoder.decode(s)
File "/usr/local/lib/python3.6/dist-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/local/lib/python3.6/dist-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Does anybody have an idea on how to get this done?
Even going through the docu I found, I got no clue what the right command could be.

Cheers and thx so much.
Marcus

[icepaule]

Wow @frennkie, you're fast man. I just typed the actual question... ;-)

[frennkie]

@icepaule Well, I guess I was too fast.. so this is actually a bug report that cuckoo -f is not working when setting it in autorun.command. I would have to check this (also check for code differences between the CLI and the Web (which is working for you, right?!).

[frennkie]

In modules/cuckoo.py we do:

if cfg.cuckoo.cuckoo_modified:
	search_url = '{0}/api/tasks/search/sha256'.format(cuckoo_host)
	submit_file_url = '{0}/api/tasks/create/file/'.format(cuckoo_host)
	status_url = '{0}/api/cuckoo/status'.format(cuckoo_host)
else:
	search_url = '{0}/tasks/list'.format(cuckoo_host)
	submit_file_url = '{0}/tasks/create/file'.format(cuckoo_host)
	status_url = '{0}/cuckoo/status'.format(cuckoo_host)
...
if cfg.cuckoo.cuckoo_modified:
	search_results = self.api_query('get', '{0}/{1}'.format(search_url, __sessions__.current.file.sha256)).json()  # <- this breaks in your case

Which is different from the code in viperweb/views.py

task_list_url = '{0}/tasks/list'.format(cfg.cuckoo.cuckoo_host)
task_list_response = requests.get(task_list_url)
if task_list_response.status_code == 200:
	task_list = task_list_response.json()
	task_list_filtered = [x for x in task_list["tasks"] if x["sample"]["sha256"] == sha256]

Do you have cuckoo_modified enabled? If yes, why? What does/should it do? Is there a documentation for this?

[icepaule]

Hi frennkie,

the modified was enable from an earlier installation of the modified cuckoo. But since the Cuckoo 2.0 is out and running for a while, I was not thinking of reverting that setting.

Anyway, I set modified=False and now the CLI does work perfect.

viper TDS%20Challan.zip > cuckoo -f
[*] Task Submitted ID: 22

I'll check with the autorun command and will give you a feedback.

Thanks so much for now. :-)