{"library":"maco-extractor","title":"Maco Extractor","description":"Maco Extractor is a Python package providing the essential framework for creating and running malware configuration extractors. It aims to standardize the output (using the Maco Model) and provide a consistent way to identify and execute parsers. The library is actively maintained, with frequent releases addressing compatibility, bug fixes, and new features.","language":"python","status":"active","last_verified":"Sun May 17","install":{"commands":["pip install maco-extractor"],"cli":{"name":"maco-extractor","version":"sh: 1: maco-extractor: not found"}},"imports":["from maco.model import ExtractorModel","from maco.extractor import Extractor","from maco.collector import run_extractor"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import os\nfrom maco.model import ExtractorModel\nfrom maco.extractor import Extractor\nfrom maco.collector import run_extractor\n\n# Define a simple Maco Extractor\nclass MySimpleExtractor(Extractor):\n    # Yara rules can be defined here as a bytes object\n    # rules = b'rule my_rule { strings: $a = \"test_data\" condition: $a }'\n    \n    def run(self, sample: bytes, **kwargs) -> ExtractorModel:\n        # Example: if a specific string is found, set a property in the model\n        if b\"hello maco\" in sample:\n            model = ExtractorModel(family=\"GreetingMalware\")\n            model.add_tag(\"found_greeting\")\n            model.add_string(value=\"hello maco\", context=\"sample_content\")\n            return model\n        # All extractors must return an ExtractorModel, even if no config is found\n        return ExtractorModel(family=\"Unknown\")\n\n# Create a dummy file for the extractor to process\nsample_content = b\"This is some test_data with hello maco inside.\"\nsample_path = \"test_sample.bin\"\nwith open(sample_path, \"wb\") as f:\n    f.write(sample_content)\n\ntry:\n    # Run the extractor against the sample file\n    # 'extractors' expects a list of Extractor classes\n    results = run_extractor(extractors=[MySimpleExtractor], sample_path=sample_path)\n\n    # Print the results\n    print(f\"Extractor results for {sample_path}:\")\n    for result in results:\n        print(f\"  Family: {result.family}\")\n        print(f\"  Tags: {result.tags}\")\n        print(f\"  Strings: {[s.value for s in result.strings]}\")\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\nfinally:\n    # Clean up the dummy file\n    if os.path.exists(sample_path):\n        os.remove(sample_path)","lang":"python","description":"This quickstart demonstrates how to define a custom Maco extractor, process a sample file with it, and retrieve the extracted `ExtractorModel` results.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":{"tag":null,"tag_description":null,"last_tested":"2026-05-17","installed_version":"1.2.26","pypi_latest":"1.2.26","is_stale":false,"summary":{"python_range":"3.10–3.9","success_rate":50,"avg_install_s":3.4,"avg_import_s":0.59,"wheel_type":"wheel"},"results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"maco-extractor","exit_code":1,"wheel_type":null,"failure_reason":"build_error","import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"maco-extractor","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":3.9,"import_time_s":0.37,"mem_mb":12.1,"disk_size":"60M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"maco-extractor","exit_code":1,"wheel_type":null,"failure_reason":"build_error","import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"maco-extractor","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":3.3,"import_time_s":0.68,"mem_mb":13.2,"disk_size":"62M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"maco-extractor","exit_code":1,"wheel_type":null,"failure_reason":"build_error","import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"maco-extractor","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":2.7,"import_time_s":0.86,"mem_mb":13.1,"disk_size":"54M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"maco-extractor","exit_code":1,"wheel_type":null,"failure_reason":"build_error","import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"maco-extractor","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":2.9,"import_time_s":0.46,"mem_mb":9.4,"disk_size":"54M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"maco-extractor","exit_code":1,"wheel_type":null,"failure_reason":"build_error","import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"maco-extractor","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":4.4,"import_time_s":null,"mem_mb":null,"disk_size":"59M"}]}}