CapeSandbox
CAPE Sandbox is an open-source software for automating the analysis of suspicious files and URLs.
Forensics & Malware Analysis · Cape Sandbox
Configuration parameters
url— Server URL (required)token_credentials— API Tokencredentials— Usernameinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (12)
-
cape-cuckoo-status-getReturns the overall status of the CAPE/Cuckoo system in a human-readable format. This command provides a quick overview of the sandbox's operational status.
-
cape-file-submitSubmits a file to the CAPE Sandbox for analysis. This command supports PCAP files and automatically sets the `pcap` parameter to `1`. The command polls the CAPE server until the analysis task is complete, and then returns the task results. Note: Analysis scans may take a long time to complete and could cause a timeout. If a timeout occurs, use the !cape-tasks-list task_id=<task_id> command to check the status of your task.
-
cape-file-viewView detailed information about a file that has been analyzed by CAPE Sandbox. You must specify at least one identifier - Task ID, MD5 hash, or SHA256 hash.
-
cape-machines-listReturns a list of available analysis machines configured in CAPE Sandbox. If a machine_name is provided, the command returns detailed information for that specific machine.
-
cape-pcap-file-downloadDownload the PCAP (Packet Capture) network dump file associated with a specific CAPE Sandbox task ID. The PCAP file contains all network traffic captured during the analysis and can be analyzed with tools like Wireshark.
-
cape-sample-downloadDownload a sample file from a CAPE Sandbox task. You must specify at least one identifier - Task ID, MD5 hash, SHA1 hash, or SHA256 hash. The downloaded file will be added to the War Room.
-
cape-task-deleteDelete a CAPE Sandbox analysis task by its Task ID.
-
cape-task-pollInternal command used by cape-file-submit and cape-url-submit for polling status.
-
cape-task-report-getRetrieve the analysis report associated with a specified CAPE Sandbox task ID. If zip=true, the report will be returned as a downloadable ZIP file.
-
cape-task-screenshot-downloadDownload screenshots captured during the analysis of a CAPE Sandbox task. Screenshots show the visual behavior of the analyzed file or URL. If a specific screenshot number is provided, only that single screenshot will be downloaded; otherwise, all available screenshots for the task will be downloaded.
-
cape-tasks-listReturns a list of CAPE Sandbox tasks. If a task_id is provided, the command returns the detailed information for that specific task.
-
cape-url-submitSubmits a URL to the CAPE Sandbox for analysis. The command polls the CAPE server until the analysis task is complete, and then returns the analysis results. Note: Analysis scans may take a long time to complete and could cause a timeout. If a timeout occurs, use the !cape-tasks-list task_id=<task_id> command to check the status of your task.