Malcore Playbook automates malware analysis, malware triaging, and analyst workflows using modular recipes and DSL scripting

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for malcore from gravatar.com malcore

Unverified details

These details have not been verified by PyPI
Project links
Meta
Report project as malware

Project description

Available Recipes MalScript Docs Build Recipe

Malcore Playbook is a powerful framework for automating malware analysis, malware triaging, and analyst workflows using modular recipes and scripting. Designed for SOC analysts, threat hunters, and cybersecurity professionals, Malcore Playbook allows users to build chains to automate workflows, and extract actionable intelligence from suspicious files through a simple, flexible scripting language, and individual recipes.

With its recipe system, real-time variable tracking, and conditional logic engine, Malcore Playbook transforms analyst tasks in an easily scriptable solution. Whether you're investigating advanced persistent threats (APTs), or building automated triage pipelines, Malcore Playbook gives you full control — without sacrificing speed, precision, or customization.

Key Features:

  • Modular scriptable engine using "MalScript" syntax
  • Analysis chaining and conditional logic
  • Real-time execution tracing and output handling
  • Full integration with Malcore's API
  • Built for performance, flexibility, and deep analysis insights

Installation

Simply run:

pip install malcore-playbook

Or, you can manually install like so:

git clone https://github.com/PenetrumLLC/Malcore-Playbook.git && \
  cd Malcore-Playbook && \
  python setup.py install && \
  malcore-playbook

Usage

usage: malcore-playbook --recipe RECIPE[,RECIPE,..] --filename FILE [--chain --script [SCRIPT] 
                        --kwargs ARG1=VAL1[,ARG2=VAL2,...]]

optional arguments:
  -h, --help            show this help message and exit

required arguments:
  -r RECIPE-NAME [RECIPE-NAME ...], --recipe RECIPE-NAME [RECIPE-NAME ...]
                        Recipes to execute one at a time, pass multiple using a comma seperated list 
                        (eg, recipe1,recipe2,...)
  -c, --chain           Pass this to chain recipes together with a script, must pass the --script flag with this
  --filename FILENAME, -f FILENAME, --file-to-analyze FILENAME
                        The filename that you want to process with the recipes. This is required for the recipes to work

chain related arguments:
  --chain-script CHAIN-SCRIPT, -S CHAIN-SCRIPT, --script CHAIN-SCRIPT, -C CHAIN-SCRIPT
                        Pass either a filename or a raw chain script in order to execute the MalScript chain

recipe related arguments:
  --list-remote, --list-remote-recipes, -lR
                        List all remote recipes that are available for download
  --list-local, --list-local-recipes, -lL
                        List all local recipes that are available to execute
  --download-remote RECIPE-NAME [RECIPE-NAME ...], --download-recipe RECIPE-NAME [RECIPE-NAME ...], 
  --download RECIPE-NAME [RECIPE-NAME ...], -D RECIPE-NAME [RECIPE-NAME ...]
                        Pass a remote recipe name to download it to your recipe folder 
                        (pass 'all' to download all available recipes)
  --recipe-updates ACTION
                        Check for recipe updates
  --kwargs [KWARGS [KWARGS ...]]
                        Key and value pairs to pass to the recipe IE: arg1=var1,arg2=var2

misc arguments:
  --force               Force actions that would otherwise fail
  --output OUTPUT-TYPE, -O OUTPUT-TYPE, --output-type OUTPUT-TYPE
                        Pass to control the type of output you want, default is JSON files stored in: C:\Users\saman\.mcpb
  --hide                Hide the banner
  --version             Show version numbers and exit

MalScript Overview

MalScript is a domain-specific scripting language (DSL) built specifically for the Malcore Playbook. This language is designed to automate malware analysis and file triaging workflows. By providing the ability to chain recipes and execute them conditionally, MalScript provides a powerful declarative automation to help automate reverse engineers and analysts. MalScript combines function and imperative elements to support rule-based execution, and data inspection on real-time analysis results.

Full language documentation can be found HERE

Example Usage

The help menu: Help Menu

Downloading recipes: Download Recipes

Executing a recipe chain and saving it to a text file: Download Recipes

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for malcore from gravatar.com malcore

Unverified details

These details have not been verified by PyPI
Project links
Meta

Release history Release notifications | RSS feed

1.0.3.4

1.0.3.3

1.0.2.2

This version

1.0.1.1

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

malcore-playbook-1.0.1.1.tar.gz (18.3 kB view details)

Uploaded Source

File details

Details for the file malcore-playbook-1.0.1.1.tar.gz.

File metadata

  • Download URL: malcore-playbook-1.0.1.1.tar.gz
  • Upload date:
  • Size: 18.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.8.10

File hashes

Hashes for malcore-playbook-1.0.1.1.tar.gz
Algorithm Hash digest
SHA256 c478de11ce13842f4af0056f08089e0540bf70a0a42e23fce5ed6405f9a385d8
MD5 6d21329e1ce20e6423323a405154a69f
BLAKE2b-256 7169327afca86a30c18a62c93b1e0a735d87dee1f4d5bec1536d4e97bcbcd722

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page