Scripting
Malcat feature powerful python bindings which gives users access to most of the analysis result in a pythonic way. The bindings described below are available for the anomalies (cf. Anomaly scanner), for the summary templates (data/templates
) and for scripts (data/scripts
) unless specified differently. If you open the Script editor using F8, it will display by default a toy script which will show you some basic usage of the bindings. If you want more advanced examples, look at our bindings for CAPA (data/scripts/capa/features/extractors/malcat.py
).
List of available python objects
- Index
- Analysis object (malcat)
- File object (malcat.file)
- File entropy (malcat.entropy)
- Address mapping (malcat.map)
- File structures (malcat.struct)
- Disassembly (malcat.asm)
- Control Flow Graph (malcat.cfg)
- Strongly Connected Components (malcat.loops)
- Functions (malcat.fns)
- Strings (malcat.strings)
- Cross References (malcat.xref)
- Symbols (malcat.syms)
- Carved files (malcat.carved)
- Yara signatures (malcat.sigs)
- Anomalies (malcat.anomalies)