CAPE-parsers


NameCAPE-parsers JSON
Version 0.1.49 PyPI version JSON
download
home_pageNone
SummaryCAPE: Malware Configuration Extraction
upload_time2025-09-02 13:41:40
maintainerNone
docs_urlNone
authorKevin O'Reilly
requires_python<4.0,>=3.10
licenseMIT
keywords cape parsers malware configuration
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # CAPE-parsers
CAPE core and community parsers

[![PyPI version](https://img.shields.io/pypi/v/CAPE-parsers)](https://pypi.org/project/CAPE-parsers/)

### Configs structure
```
CNCs: []
campaign: str
botnet: str
dga_seed: hex str
version: str
mutex: str
user_agent: str
build: str
cryptokey: str
cryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20
raw: {any other data goes here}
```
* All CNC entries should be in URL format. aka `<schema>://<hostname>:<port>/<uri>`
    * Schema examples: `tcp://`, `ftp://`, `udp://`, `http(s)`, etc.
    * Old CAPE configs still have lack of this structures as most of them are dead families.
    * This CNC simplification make it easier to parse with tools like `tldextract` or `urlparse`

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "CAPE-parsers",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4.0,>=3.10",
    "maintainer_email": null,
    "keywords": "cape, parsers, malware, configuration",
    "author": "Kevin O'Reilly",
    "author_email": "kev@capesandbox.com",
    "download_url": "https://files.pythonhosted.org/packages/7e/aa/39d30806897827f97edd462b0a75cf41907f2a48360af2d15b3a3a7b2271/cape_parsers-0.1.49.tar.gz",
    "platform": null,
    "description": "# CAPE-parsers\nCAPE core and community parsers\n\n[![PyPI version](https://img.shields.io/pypi/v/CAPE-parsers)](https://pypi.org/project/CAPE-parsers/)\n\n### Configs structure\n```\nCNCs: []\ncampaign: str\nbotnet: str\ndga_seed: hex str\nversion: str\nmutex: str\nuser_agent: str\nbuild: str\ncryptokey: str\ncryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20\nraw: {any other data goes here}\n```\n* All CNC entries should be in URL format. aka `<schema>://<hostname>:<port>/<uri>`\n    * Schema examples: `tcp://`, `ftp://`, `udp://`, `http(s)`, etc.\n    * Old CAPE configs still have lack of this structures as most of them are dead families.\n    * This CNC simplification make it easier to parse with tools like `tldextract` or `urlparse`\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "CAPE: Malware Configuration Extraction",
    "version": "0.1.49",
    "project_urls": null,
    "split_keywords": [
        "cape",
        " parsers",
        " malware",
        " configuration"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "a5cea9ec1d42fa7c7107cb2640ed16c0ab23efcbc9a4b6b66713b3cf2bfa1d30",
                "md5": "b55dc1952c8d7cd4236983124e420c7a",
                "sha256": "956aabf921e5a18ae3f1a658d70e28caeed68485a7acc7e494ce296c042b0891"
            },
            "downloads": -1,
            "filename": "cape_parsers-0.1.49-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "b55dc1952c8d7cd4236983124e420c7a",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.10",
            "size": 190935,
            "upload_time": "2025-09-02T13:41:38",
            "upload_time_iso_8601": "2025-09-02T13:41:38.877743Z",
            "url": "https://files.pythonhosted.org/packages/a5/ce/a9ec1d42fa7c7107cb2640ed16c0ab23efcbc9a4b6b66713b3cf2bfa1d30/cape_parsers-0.1.49-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "7eaa39d30806897827f97edd462b0a75cf41907f2a48360af2d15b3a3a7b2271",
                "md5": "b9ed919a7aa2f2fc54a58f85b858d7dc",
                "sha256": "70d5942de49a4952a0f44b4502879f02c6c06902313d35c4fac17566f2626a62"
            },
            "downloads": -1,
            "filename": "cape_parsers-0.1.49.tar.gz",
            "has_sig": false,
            "md5_digest": "b9ed919a7aa2f2fc54a58f85b858d7dc",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4.0,>=3.10",
            "size": 138767,
            "upload_time": "2025-09-02T13:41:40",
            "upload_time_iso_8601": "2025-09-02T13:41:40.717882Z",
            "url": "https://files.pythonhosted.org/packages/7e/aa/39d30806897827f97edd462b0a75cf41907f2a48360af2d15b3a3a7b2271/cape_parsers-0.1.49.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-09-02 13:41:40",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "cape-parsers"
}
Kevin O'Reilly
Elapsed time: 9.34750s