Virustotal
Malice VirusTotal Plugin
Install / Use
/learn @malice-plugins/VirustotalREADME
malice-virustotal
Malice VirusTotal Plugin
This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal.
Dependencies
Installation
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/virustotal
Usage
$ docker run --rm malice/virustotal --help
Usage: virustotal [OPTIONS] COMMAND [arg...]
Malice VirusTotal Plugin
Version: v0.1.1, BuildTime: 20190211
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--api value VirusTotal API key [$MALICE_VT_API]
--help, -h show help
--version, -v print the version
Commands:
scan Upload binary to VirusTotal for scanning
lookup Get file hash scan report
web Create a VirusTotal scan web service
help Shows a list of commands or help for one command
Run 'virustotal COMMAND --help' for more information on a command.
Lookup
$ docker run --rm malice/virustotal --api APIKEY lookup --help
NAME:
virustotal lookup - Get file hash scan report
USAGE:
virustotal lookup [command options] MD5/SHA1/SHA256 hash of file
OPTIONS:
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--elasticsearch value elasticsearch url for Malice to storeresults [$MALICE_ELASTICSEARCH_URL]
Sample Output
JSON
{
"scans": {
"McAfee": {
"detected": true,
"version": "6.0.6.653",
"result": "BackDoor-CSB",
"update": "20160214"
},
"F-Prot": {
"detected": true,
"version": "4.7.1.166",
"result": "W32/Trojan.AAWD",
"update": "20160214"
},
"Symantec": {
"detected": true,
"version": "20151.1.0.32",
"result": "W32.Lecna.D",
"update": "20160214"
},
"ESET-NOD32": {
"detected": true,
"version": "13027",
"result": "a variant of Win32/Lecna.W",
"update": "20160214"
},
"ClamAV": {
"detected": true,
"version": "0.98.5.0",
"result": "Win.Trojan.Backspace",
"update": "20160214"
},
"Kaspersky": {
"detected": true,
"version": "15.0.1.13",
"result": "Backdoor.Win32.Lecna.ab",
"update": "20160214"
},
"BitDefender": {
"detected": true,
"version": "7.2",
"result": "Backdoor.Lecna.AB",
"update": "20160214"
},
"Comodo": {
"detected": true,
"version": "24205",
"result": "Backdoor.Win32.Lecna.AB",
"update": "20160214"
},
<SNIP...>
"F-Secure": {
"detected": true,
"version": "11.0.19100.45",
"result": "Backdoor.Lecna.AB",
"update": "20160213"
},
"DrWeb": {
"detected": true,
"version": "7.0.17.11230",
"result": "BackDoor.Dizhi",
"update": "20160214"
},
"Sophos": {
"detected": true,
"version": "4.98.0",
"result": "Troj/Lecna-Q",
"update": "20160214"
},
"Avira": {
"detected": true,
"version": "8.3.3.2",
"result": "WORM/Rbot.Gen",
"update": "20160214"
},
"AVG": {
"detected": true,
"version": "16.0.0.4522",
"result": "Win32/DH{YQMT?}",
"update": "20160214"
}
},
"scan_id": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165",
"sha1": "6b82f126555e7644816df5d4e4614677ee0bda5c",
"resource": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
"response_code": 1,
"scan_date": "2016-02-14 18:39:25",
"permalink": "https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/",
"verbose_msg": "Scan finished, information embedded",
"total": 54,
"positives": 46,
"sha256": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
"md5": "669f87f2ec48dce3a76386eec94d7e3b"
}
Markdown
virustotal
| Ratio | Link | API | Scanned | | ----- | ----------------------------- | ------ | ---------------------- | | 85% | link | Public | Sun 2016Feb14 14:00:50 |
Documentation
- To write results to ElasticSearch
- To create a VirusTotal scan / lookup micro-service
- To post results to a webhook
TODO
- [x] create
websubcommand (with POST to URL callback) allows sharing of API
Issues
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
CHANGELOG
See CHANGELOG.md
Contributing
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
License
MIT Copyright (c) 2015 blacktop
