AbdulNafaySarmad1/STAS-Security-Timeline-Security-Suite-
GitHub: AbdulNafaySarmad1/STAS-Security-Timeline-Security-Suite-
结合 C++ 高性能引擎与 PyQt6 现代界面的混合恶意软件分析平台,支持静态特征提取、动态行为追踪、时间线重建和风险评分。
Stars: 0 | Forks: 0
# 安全时间线分析套件 (STAS)
[](https://opensource.org/licenses/MIT) [](https://en.cppreference.com/w/cpp/17) [](https://www.python.org/downloads/)
**一个混合静态 + 动态 + 行为的恶意软件分析平台**,具备自动时间线重建、风险评分、图表生成以及美观的暗色模式仪表盘。
STAS 结合了高性能 C++ 分析引擎与现代 PyQt6 Python GUI,旨在提供功能强大、本地化、开源的恶意软件分析工具。
## 功能特性
### 核心引擎 (C++)
- **静态分析**
- MD5, SHA1, SHA256 哈希计算
- 熵值计算(加壳/加密检测)
- PE 头解析(导入表、导出表、节区、TLS 回调)
- 字符串提取
- 加壳检测(UPX, ASPack 等)
- YARA 规则扫描(自定义 + 社区规则)
- **动态时间线(模拟 / 可扩展)**
- 进程、文件、注册表、网络事件
- 带时间戳并排序
- 持久化检测(Run 键值、服务等)
- **SQLite 事件存储**
- 完整时间线可导出为 JSON/HTML
- **风险评分引擎**
- 基于规则 + 机器学习就绪的评分(0–100)
- 分类:隐蔽性、持久化、传播、数据窃取
### 仪表盘 (Python + PyQt6)
- 暗色模式 Fluent UI
- 实时事件流(实时更新)
- 时间线可视化
- 带颜色编码的风险评分面板
- 静态分析摘要
- 按类型/严重程度过滤事件
- 导出报告(JSON, HTML, Markdown)
- 内置 SQLite 浏览器
## 截图
)
## 快速开始
### 前置条件
- Windows 10/11 (64-bit)
- Visual Studio 2022(社区版即可)及 C++ 桌面开发组件
- Python 3.10+
- Git
### 构建与运行
1. 克隆仓库
```
git clone https://github.com/AbdulNafaySarmad1/STAS-Security-Timeline-Security-Suite-
cd STAS
Build the C++ engine
Bash# Open "x64 Native Tools Command Prompt for VS 2022"
mkdir build && cd build
cmake .. -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -G "Visual Studio 17 2022" -A x64
cmake --build . --config Release
Install Python dependencies & run dashboard
Bashcd ../src/python
pip install pyqt6 pyinstaller graphviz pandas sqlite3
python dashboard.py
Analyze a sample
Bashcd ../../build/Release
stas_engine.exe ../../../test_sample.exe
Switch back to dashboard — events appear live!
Standalone Executables (Optional)
Bash# Engine is already built as stas_engine.exe
# Dashboard 独立版
cd ../src/python
pyinstaller --onefile --windowed --name STAS_Dashboard dashboard.py
# → dist/STAS_Dashboard.exe
Project Structure
textSTAS/
├── build/ # CMake build output
├── src/
│ ├── cpp/ # Core engine (static, dynamic, SQLite, scoring)
│ └── python/ # PyQt6 dashboard + anomaly detection
├── data/ # ML baseline, YARA rules
├── events.db # Generated analysis database
├── dummy_test.exe # Example test file
└── README.md
Future Roadmap (Bonus Features Ready to Add)
Real API hooking via MinHook
GraphViz process/file/network graphs
scikit-learn anomaly detection (clustering/families)
LLM-powered behavioral narration
Full sandbox with suspended process + remote thread injection
Memory dump + string extraction
REST API server mode
Contributing
Pull requests are welcome! Especially:
Real dynamic hooking modules
YARA rule contributions
UI enhancements
ML model improvements
License
MIT License — feel free to use, modify, and distribute.
STAS — Because your malware deserves a timeline.
Built with 🔥 by Abdul Nafay Sarmad — December 2025
```
标签:AMSI绕过, Bash脚本, C++17, DAST, DInvoke, HTTP头分析, PE文件解析, PyQt6, Python, SQLite, YARA, 云安全监控, 云资产可视化, 互联网扫描, 加壳检测, 可视化仪表盘, 威胁检测, 开源, 恶意软件分析, 无后门, 混合分析, 熵值计算, 网络安全, 逆向工具, 隐私保护, 静态分析, 风险评分