doomedraven
commented
8 years ago cuckoo-mod and cuckoo v2 has different abstracts, is why is not compatible, you can port it, read abstracts.py
Closed hemzaz closed 7 years ago
doomedraven
commented
8 years ago cuckoo-mod and cuckoo v2 has different abstracts, is why is not compatible, you can port it, read abstracts.py
hemzaz
commented
8 years ago great thanks!
garanews
commented
8 years ago @doomedraven : how to integrate the punchplusplus.py into spender-sandbox/cuckoo-modified ?
doomedraven
commented
8 years ago @garanews checks where punchplusplus.py loads into cuckoo and where called and save/return data, try do the same in mod and done :)
garanews
commented
8 years ago well, I put the script under signatures folder and in process.log I see 2016-07-19 09:30:28,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres" 2016-07-19 09:30:28,996 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_punchplusplus" and in tcpdump I see traffic 09:30:32.726559 IP sandbox.local.44015 > djskywarp.com.https: Flags [.], ack 67152, win 1307, options [nop,nop,TS val 1483687689 ecr 2516717749], length 0 09:30:32.726823 IP sandbox.local.44015 > djskywarp.com.https: Flags [R.], seq 639, ack 67152, win 1307, options [nop,nop,TS val 1483687689 ecr 2516717749], length 0 I see that 2 files appeared: cuckoo-advanced/pcre-punchplusplus cuckoo-advanced/web/pcre-punchplusplus
but don't know exactly where to find the result, if will appear in the dashboard or in a file :)
doomedraven
commented
8 years ago where this appes? cuckoo-advanced/pcre-punchplusplus cuckoo-advanced/web/pcre-punchplusplus?
garanews
commented
8 years ago exactly where I wrote, in the cuckoo root folder and into web subfolder.
seems the DB of signatures:
but not able to find results :)
doomedraven
commented
8 years ago it does add_match so it should be seen in webgui in signatures block, https://github.com/spender-sandbox/cuckoo-modified/blob/3f76ea6dfdb17f050764fc90bd8e8682ff91fd0c/lib/cuckoo/common/abstracts.py#L1274
but here is not correct place to speak about that
garanews
commented
8 years ago It works:
Sorry to wrote here but I didn't find another place to speak about this :)
jbremer
commented
7 years ago Please submit a PR for any ported Signatures! Thanks in advance. Closing issue as resolved.
Hi We need some help with importing punch++ PCRE matching engine into cuckoo 2.0RC1 https://github.com/0xd34db33f/cuckoo/blob/master/signatures/punchplusplus.py For some reason in cuckoo 1.3 or cuckoo-modified it works flawlessly and it just not working on cuckoo 2.0RC1.