malice-virustotal

Malice VirusTotal Plugin

This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal .

Dependencies

malice/alpine

Installation

Install Docker .
Download trusted build from public DockerHub : docker pull malice/virustotal

Usage

$ docker run --rm malice/virustotal --help

Usage: virustotal [OPTIONS] COMMAND [arg...]

Malice VirusTotal Plugin

Version: v0.1.1, BuildTime: 20190211

Author:
  blacktop - 
<
https://github.com/blacktop
>


Options:
  --verbose, -V  verbose output
  --api value    VirusTotal API key [
$MALICE_VT_API
]
  --help, -h     show 
help

  --version, -v  print the version

Commands:
  scan    Upload binary to VirusTotal 
for
 scanning
  lookup  Get file 
hash
 scan report
  web     Create a VirusTotal scan web service
  
help
    Shows a list of commands or 
help
 for
 one 
command


Run 
'
virustotal COMMAND --help
'
 for
 more information on a command.

Lookup

$ docker run --rm malice/virustotal --api APIKEY lookup --help

NAME:
   virustotal lookup - Get file 
hash
 scan report

USAGE:
   virustotal lookup [command options] MD5/SHA1/SHA256 
hash
 of file

OPTIONS:
   --post, -p             POST results to Malice webhook [
$MALICE_ENDPOINT
]
   --proxy, -x            proxy settings 
for
 Malice webhook endpoint [
$MALICE_PROXY
]
   --table, -t            output as Markdown table
   --elasticsearch value  elasticsearch url 
for
 Malice to storeresults [
$MALICE_ELASTICSEARCH_URL
]

Sample Output

JSON

{
  
"scans"
: {
    
"McAfee"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
6.0.6.653
"
,
      
"result"
: 
"
BackDoor-CSB
"
,
      
"update"
: 
"
20160214
"

    },
    
"F-Prot"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
4.7.1.166
"
,
      
"result"
: 
"
W32/Trojan.AAWD
"
,
      
"update"
: 
"
20160214
"

    },
    
"Symantec"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
20151.1.0.32
"
,
      
"result"
: 
"
W32.Lecna.D
"
,
      
"update"
: 
"
20160214
"

    },
    
"ESET-NOD32"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
13027
"
,
      
"result"
: 
"
a variant of Win32/Lecna.W
"
,
      
"update"
: 
"
20160214
"

    },
    
"ClamAV"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
0.98.5.0
"
,
      
"result"
: 
"
Win.Trojan.Backspace
"
,
      
"update"
: 
"
20160214
"

    },
    
"Kaspersky"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
15.0.1.13
"
,
      
"result"
: 
"
Backdoor.Win32.Lecna.ab
"
,
      
"update"
: 
"
20160214
"

    },
    
"BitDefender"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
7.2
"
,
      
"result"
: 
"
Backdoor.Lecna.AB
"
,
      
"update"
: 
"
20160214
"

    },
    
"Comodo"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
24205
"
,
      
"result"
: 
"
Backdoor.Win32.Lecna.AB
"
,
      
"update"
: 
"
20160214
"

    },
    
<SNIP...>

    "F-Secure"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
11.0.19100.45
"
,
      
"result"
: 
"
Backdoor.Lecna.AB
"
,
      
"update"
: 
"
20160213
"

    },
    
"DrWeb"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
7.0.17.11230
"
,
      
"result"
: 
"
BackDoor.Dizhi
"
,
      
"update"
: 
"
20160214
"

    },
    
"Sophos"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
4.98.0
"
,
      
"result"
: 
"
Troj/Lecna-Q
"
,
      
"update"
: 
"
20160214
"

    },
    
"Avira"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
8.3.3.2
"
,
      
"result"
: 
"
WORM/Rbot.Gen
"
,
      
"update"
: 
"
20160214
"

    },
    
"AVG"
: {
      
"detected"
: 
true
,
      
"version"
: 
"
16.0.0.4522
"
,
      
"result"
: 
"
Win32/DH{YQMT?}
"
,
      
"update"
: 
"
20160214
"

    }
  },
  
"scan_id"
: 
"
befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165
"
,
  
"sha1"
: 
"
6b82f126555e7644816df5d4e4614677ee0bda5c
"
,
  
"resource"
: 
"
befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
"
,
  
"response_code"
: 
1
,
  
"scan_date"
: 
"
2016-02-14 18:39:25
"
,
  
"permalink"
: 
"
https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/
"
,
  
"verbose_msg"
: 
"
Scan finished, information embedded
"
,
  
"total"
: 
54
,
  
"positives"
: 
46
,
  
"sha256"
: 
"
befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
"
,
  
"md5"
: 
"
669f87f2ec48dce3a76386eec94d7e3b
"

}

Markdown

virustotal

Ratio	Link	API	Scanned
85%	link	Public	Sun 2016Feb14 14:00:50

Documentation

TODO

create web subcommand (with POST to URL callback) allows sharing of API

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub .

Please update the CHANGELOG.md and submit a Pull Request on GitHub .

Name		Name	Last commit message	Last commit date
Latest commit History 106 Commits
.circleci		.circleci
docs		docs
hooks		hooks
vendor		vendor
.dockerignore		.dockerignore
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
VERSION		VERSION
config.toml		config.toml
docker-entrypoint.sh		docker-entrypoint.sh
logo.png		logo.png
template.go		template.go
virustotal.go		virustotal.go

License

malice-plugins/virustotal

Folders and files

Latest commit

History

Repository files navigation

malice-virustotal

Dependencies

Installation

Usage

Lookup

Sample Output

virustotal

Documentation

TODO

Issues

CHANGELOG

Contributing

License

About

Topics

Resources

License

Stars

Watchers

Forks

Languages