Star 历史趋势
数据来源: GitHub API · 生成自 Stargazers.cn
README.md

Speakeasy

Speakeasy is a Windows malware emulation framework that executes binaries, drivers, and shellcode in a modeled Windows runtime instead of a full VM. It emulates APIs, process/thread behavior, filesystem, registry, and network activity so samples can keep moving through realistic execution paths. You can run it from the speakeasy CLI for fast triage or embed it as a Python library and consume structured JSON reports.

Background context: Mandiant's overview post.

Quick start

Install from PyPI:

python3 -m pip install speakeasy-emulator

Run a sample and inspect high-level report fields (replace sample.dll with your target):

speakeasy -t sample.dll --no-mp -o report.json 2>/dev/null
jq '{sha256, arch, filetype, entry_points: (.entry_points | length)}' report.json
{
  "sha256": "30ec092d122a90441a2560f6778ef8233c98079cd34b7633f7bbc2874c8d7a45",
  "arch": "x86",
  "filetype": "dll",
  "entry_points": 3
}

Executable proof for this snippet: doc/readme-quickstart-showboat.md.

Documentation map

Start here

CLI usage

Reports, configuration, and runtime behavior

Debugging and extension

Questions and help

Start with doc/help.md.

If you still need help, open an issue at github.com/mandiant/speakeasy/issues.

关于 About

Windows kernel and user mode emulation.
emulationmalware-analysis

语言 Languages

Python99.7%
C0.2%
Dockerfile0.1%
Just0.0%

提交活跃度 Commit Activity

代码提交热力图
过去 52 周的开发活跃度
280
Total Commits
峰值: 82次/周
Less
More

核心贡献者 Contributors