This repository has been archived by the owner on Feb 13, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
auxiliary.conf
87 lines (70 loc) · 2.67 KB
/
auxiliary.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
[sniffer]
# Enable or disable the use of an external sniffer (tcpdump) [yes/no].
enabled = yes
# Specify the path to your local installation of tcpdump. Make sure this
# path is correct.
tcpdump = /usr/sbin/tcpdump
# Specify the network interface name on which tcpdump should monitor the
# traffic. Make sure the interface is active.
interface = vboxnet0
# Specify a Berkeley packet filter to pass to tcpdump.
# bpf = not arp
[tor]
# Enable or disable the use of Tor transparent proxying
# Note that this is a global enable/disable. It is still required that
# you specifically enable Tor for each analyzed sample from the
# web interface.
#
# Please note that in order to implement this functionality securely
# without any additional privilege on the part of Cuckoo, the below
# scripts should simply pass the IP address of the VM used for analysis
# to a daemon running as root, which can run the
# iptables rules itself. For a working example, see
# https://github.com/seanthegeek/routetor
enabled = yes
# Specify the path to a binary or script that will initiate the firewall
# rules to redirect traffic to the Tor transparent proxy. The file
# will be executed with the argument of the static IP of the VM used
# for analysis.
torstart = /usr/sbin/torstart
# Specify the path to a binary or script that will eliminate the firewall
# rules used to redirect traffic to the Tor transparent proxy. The file
# will be executed with the argument of the static IP of the VM used
# for analysis.
torstop = /usr/sbin/torstop
[msoffice]
# Specify the path to the msoffice-crypt binary to use for removing
# (new-style) password protection from Office documents before analysis.
#
# See https://github.com/herumi/msoffice
decryptor = /etc/cuckoo-modified/work/msoffice/bin/msoffice-crypt.exe
[gateways]
#RTR1 = 192.168.1.254
#RTR2 = 192.168.1.1
#INETSIM = 192.168.1.2
[virustotaldl]
# adds an option in the web interface to upload samples via VirusTotal
# downloads for a comma-separated list of MD5/SHA1/SHA256 hashes
enabled = yes
# note that unlike the VirusTotal processing module, the key required
# here is a Private API key, not a Public API key
#dlprivkey = SomeKeyWithDLAccess
# alternatively if you have VirusTotal Intelligence access, you can
# supply your Public API key below. Only one of these keys may be
# uncommented at a time.
dlintelkey = SomeKeyWithDLAccess
dlpath = /tmp/
# Web UI settings
[display_browser_martians]
enabled = no
[display_office_martians]
enabled = no
[display_shrike]
enabled = no
[expanded_dashboard]
# displays package, custom field, malfamily, clamav, PCAP link, and extended suricata results
enabled = no
[display_et_portal]
enabled = no
[display_pt_portal]
enabled = no