# CAPE-parsers
CAPE core and community parsers
[](https://pypi.org/project/CAPE-parsers/)
### Configs structure
```
CNCs: []
campaign: str
botnet: str
dga_seed: hex str
version: str
mutex: str
user_agent: str
build: str
cryptokey: str
cryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20
raw: {any other data goes here}
```
* All CNC entries should be in URL format. aka `<schema>://<hostname>:<port>/<uri>`
* Schema examples: `tcp://`, `ftp://`, `udp://`, `http(s)`, etc.
* Old CAPE configs still have lack of this structures as most of them are dead families.
* This CNC simplification make it easier to parse with tools like `tldextract` or `urlparse`
Raw data
{
"_id": null,
"home_page": null,
"name": "CAPE-parsers",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "cape, parsers, malware, configuration",
"author": "Kevin O'Reilly",
"author_email": "kev@capesandbox.com",
"download_url": "https://files.pythonhosted.org/packages/85/c7/b096e130b5cb7a180d74126640bf5f849953cdf65ce63daf7aa644c9afcf/cape_parsers-0.1.48.tar.gz",
"platform": null,
"description": "# CAPE-parsers\nCAPE core and community parsers\n\n[](https://pypi.org/project/CAPE-parsers/)\n\n### Configs structure\n```\nCNCs: []\ncampaign: str\nbotnet: str\ndga_seed: hex str\nversion: str\nmutex: str\nuser_agent: str\nbuild: str\ncryptokey: str\ncryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20\nraw: {any other data goes here}\n```\n* All CNC entries should be in URL format. aka `<schema>://<hostname>:<port>/<uri>`\n * Schema examples: `tcp://`, `ftp://`, `udp://`, `http(s)`, etc.\n * Old CAPE configs still have lack of this structures as most of them are dead families.\n * This CNC simplification make it easier to parse with tools like `tldextract` or `urlparse`\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "CAPE: Malware Configuration Extraction",
"version": "0.1.48",
"project_urls": null,
"split_keywords": [
"cape",
" parsers",
" malware",
" configuration"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a4d67ad0c2a61ab472d11a046c68aadb8efc0ebcc9f3b07b4731624d28d9a60a",
"md5": "3031e7e4d8729cb482a12e30e98ef875",
"sha256": "a810a573e8d9b6f7011c0f143ec49f0365ff4751eb28e8b4e251c1c44c8dab9b"
},
"downloads": -1,
"filename": "cape_parsers-0.1.48-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3031e7e4d8729cb482a12e30e98ef875",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 189736,
"upload_time": "2025-08-17T13:12:58",
"upload_time_iso_8601": "2025-08-17T13:12:58.269864Z",
"url": "https://files.pythonhosted.org/packages/a4/d6/7ad0c2a61ab472d11a046c68aadb8efc0ebcc9f3b07b4731624d28d9a60a/cape_parsers-0.1.48-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "85c7b096e130b5cb7a180d74126640bf5f849953cdf65ce63daf7aa644c9afcf",
"md5": "4abfc62bd2ac40c19f3f0ea6e939ed87",
"sha256": "62c45e75bf84fa5223a453bc47ba73cefdcac5282ec112891530d848bb60818d"
},
"downloads": -1,
"filename": "cape_parsers-0.1.48.tar.gz",
"has_sig": false,
"md5_digest": "4abfc62bd2ac40c19f3f0ea6e939ed87",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 138027,
"upload_time": "2025-08-17T13:13:00",
"upload_time_iso_8601": "2025-08-17T13:13:00.014408Z",
"url": "https://files.pythonhosted.org/packages/85/c7/b096e130b5cb7a180d74126640bf5f849953cdf65ce63daf7aa644c9afcf/cape_parsers-0.1.48.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-17 13:13:00",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "cape-parsers"
}
JSON