Skip to content

Commit c33ab43

Browse files
knightscknightsc
committed
Add documentation around the new sandboxes module and config
1 parent 40d1ccf commit c33ab43

File tree

3 files changed

+31
-14
lines changed

3 files changed

+31
-14
lines changed

README.md

+5
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,9 @@ Pastehunter supports several output modules:
2222
- Dump to CSV file.
2323
- Send to syslog.
2424

25+
## Supported Sandboxes
26+
Pastehunter supports several sandboxes that decoded data can be sent to:
27+
- Cuckoo
28+
- Viper
29+
2530
For examples of data discovered using pastehunter check out my posts https://techanarchy.net/blog/hunting-pastebin-with-pastehunter and https://techanarchy.net/blog/pastehunter-the-results

docs/postprocess.rst

+1-14
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,7 @@ when the full paste is a base64 blob, i.e. it will not extract base64 code that
2929

3030
- **rule_list**: List of rules that will trigger the postprocess module.
3131

32-
33-
Cuckoo
34-
^^^^^^
35-
If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
36-
37-
- **api_host**: IP or hostname for a Cuckoo API endpoint.
38-
- **api_port**: Port number for a Cuckoo API endpoint.
39-
40-
Viper
41-
^^^^^
42-
If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
43-
44-
- **api_host**: IP or hostname for a Cuckoo API endpoint.
45-
- **api_port**: Port number for a Cuckoo API endpoint.
32+
See the `Sandboxes documentation <sandboxes.rst>`_ for information on how to configure the sandboxes used for scanning decoded base64 data.
4633

4734

4835
Entropy

docs/sandboxes.rst

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
Sandboxes
2+
=========
3+
4+
There are a few sandboxes that can be configured and used in various post process steps.
5+
6+
There are a few generic options for each input.
7+
8+
- **enabled**: This turns the sandbox on and off.
9+
- **module**: This is used internally by pastehunter.
10+
11+
Cuckoo
12+
------
13+
14+
If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
15+
16+
- **api_host**: IP or hostname for a Cuckoo API endpoint.
17+
- **api_port**: Port number for a Cuckoo API endpoint.
18+
19+
Viper
20+
-----
21+
22+
If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
23+
24+
- **api_host**: IP or hostname for a Viper API endpoint.
25+
- **api_port**: Port number for a Viper API endpoint.

0 commit comments

Comments
 (0)