Welcome, Cuckoo Sandbox is providing us a lot of options. One of the options is the fact that it stores the information in the selected and crafted mongodb and mysql databases. In this tutorial I will explain how you are able to extract the MongoDB Cuckoo Sandbox data.

I have used the following script (source). This script allows me to export the MongoDB to a comma seperated format. (*.csv)

# fill in your details here
# first get all collections in the database
collections=`mongo $host/$dbname -u $user -p $pass –eval rs.slaveOk();db.getCollectionNames();`;
collections=`mongo $dbname –eval rs.slaveOk();db.getCollectionNames();`;
# for each collection
for ((i=0; i<${#collectionArray[@]}; ++i));
echo exporting collection ${collectionArray[$i]}
# get comma separated list of keys. do this by peeking into the first document in the collection and get his set of keys
keys=`mongo $host/$dbname -u $user -p $pass –eval rs.slaveOk();var keys = []; for(var key in db.${collectionArray[$i]}.find().sort({_id: -1}).limit(1)[0]) { keys.push(key); }; keys; –quiet`;
# now use mongoexport with the set of keys to export the collection to csv
mongoexport –host $host -u $user -p $pass -d $dbname -c ${collectionArray[$i]} –fields $keys –csv –out $dbname.${collectionArray[$i]}.csv;

Start the Mongo database shell

sudo mongo

This will bring you in the mongo shell environment.

Create user for the cuckoo database

You will have to create a MongoDB user before you are allowed to extract data from the Cuckoo Sandbox MongoDB environment.

