tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
24 lines
759 B
Plaintext
24 lines
759 B
Plaintext
# speakeasy
|
|
# Windows binary emulator — emulates API calls to analyze malware behavior without native execution
|
|
# FOR610 Labs: 1.4 | Sections: 1
|
|
# Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
|
|
|
|
% emulation, api-calls, behavioral-analysis
|
|
|
|
# Basic usage
|
|
speakeasy -t specimen.exe -o report.json 2> report.txt
|
|
|
|
# Show all results
|
|
speakeasy -t shellcode.bin -r -a x86
|
|
|
|
|
|
# --- Recipes (multi-tool chains) ---
|
|
|
|
# >> Emulate Malware and Extract API Calls
|
|
# Emulate and capture both JSON report and text log
|
|
speakeasy -t <sample> -o report.json 2> report.txt
|
|
# Extract all API names called
|
|
jq '.entry_points[].apis[].api_name' report.json
|
|
# Extract unique API names
|
|
jq -r '.entry_points[].apis[].api_name' report.json | sort -u
|