Auxiliary Modules

Auxiliary modules define some procedures that need to be executed in parallel to every single analysis process. All auxiliary modules should be placed under the modules/auxiliary/ directory.

The skeleton of a module would look something like this:

1from lib.cuckoo.common.abstracts import Auxiliary
2
3class MyAuxiliary(Auxiliary):
4
5    def start(self):
6        # Do something.
7
8    def stop(self):
9        # Stop the execution.

The function start() will be executed before starting the analysis machine and effectively executing the submitted malicious file, while the stop() function will be launched at the very end of the analysis process, before launching the processing and reporting procedures.

For example, an auxiliary module provided by default in CAPE is called sniffer.py and takes care of executing tcpdump in order to dump the generated network traffic.