malice-virustotal

command module
v0.0.0-...-59d7e66 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2019 License: MIT Imports: 19 Imported by: 0

README

VT logo

malice-virustotal

Circle CI License Docker Stars Docker Pulls Docker Image

Malice VirusTotal Plugin

This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal.

Dependencies

Installation

  1. Install Docker.
  2. Download trusted build from public DockerHub: docker pull malice/virustotal

Usage

$ docker run --rm malice/virustotal --help

Usage: virustotal [OPTIONS] COMMAND [arg...]

Malice VirusTotal Plugin

Version: v0.1.1, BuildTime: 20190211

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V  verbose output
  --api value    VirusTotal API key [$MALICE_VT_API]
  --help, -h     show help
  --version, -v  print the version

Commands:
  scan    Upload binary to VirusTotal for scanning
  lookup  Get file hash scan report
  web     Create a VirusTotal scan web service
  help    Shows a list of commands or help for one command

Run 'virustotal COMMAND --help' for more information on a command.
Lookup
$ docker run --rm malice/virustotal --api APIKEY lookup --help

NAME:
   virustotal lookup - Get file hash scan report

USAGE:
   virustotal lookup [command options] MD5/SHA1/SHA256 hash of file

OPTIONS:
   --post, -p             POST results to Malice webhook [$MALICE_ENDPOINT]
   --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
   --table, -t            output as Markdown table
   --elasticsearch value  elasticsearch url for Malice to storeresults [$MALICE_ELASTICSEARCH_URL]

Sample Output

JSON
{
  "scans": {
    "McAfee": {
      "detected": true,
      "version": "6.0.6.653",
      "result": "BackDoor-CSB",
      "update": "20160214"
    },
    "F-Prot": {
      "detected": true,
      "version": "4.7.1.166",
      "result": "W32/Trojan.AAWD",
      "update": "20160214"
    },
    "Symantec": {
      "detected": true,
      "version": "20151.1.0.32",
      "result": "W32.Lecna.D",
      "update": "20160214"
    },
    "ESET-NOD32": {
      "detected": true,
      "version": "13027",
      "result": "a variant of Win32/Lecna.W",
      "update": "20160214"
    },
    "ClamAV": {
      "detected": true,
      "version": "0.98.5.0",
      "result": "Win.Trojan.Backspace",
      "update": "20160214"
    },
    "Kaspersky": {
      "detected": true,
      "version": "15.0.1.13",
      "result": "Backdoor.Win32.Lecna.ab",
      "update": "20160214"
    },
    "BitDefender": {
      "detected": true,
      "version": "7.2",
      "result": "Backdoor.Lecna.AB",
      "update": "20160214"
    },
    "Comodo": {
      "detected": true,
      "version": "24205",
      "result": "Backdoor.Win32.Lecna.AB",
      "update": "20160214"
    },
    <SNIP...>
    "F-Secure": {
      "detected": true,
      "version": "11.0.19100.45",
      "result": "Backdoor.Lecna.AB",
      "update": "20160213"
    },
    "DrWeb": {
      "detected": true,
      "version": "7.0.17.11230",
      "result": "BackDoor.Dizhi",
      "update": "20160214"
    },
    "Sophos": {
      "detected": true,
      "version": "4.98.0",
      "result": "Troj/Lecna-Q",
      "update": "20160214"
    },
    "Avira": {
      "detected": true,
      "version": "8.3.3.2",
      "result": "WORM/Rbot.Gen",
      "update": "20160214"
    },
    "AVG": {
      "detected": true,
      "version": "16.0.0.4522",
      "result": "Win32/DH{YQMT?}",
      "update": "20160214"
    }
  },
  "scan_id": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165",
  "sha1": "6b82f126555e7644816df5d4e4614677ee0bda5c",
  "resource": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
  "response_code": 1,
  "scan_date": "2016-02-14 18:39:25",
  "permalink": "https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/",
  "verbose_msg": "Scan finished, information embedded",
  "total": 54,
  "positives": 46,
  "sha256": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
  "md5": "669f87f2ec48dce3a76386eec94d7e3b"
}
Markdown
virustotal
Ratio Link API Scanned
85% link Public Sun 2016Feb14 14:00:50

Documentation

TODO

  • create web subcommand (with POST to URL callback) allows sharing of API

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015 blacktop

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.