Skip to content

malice-plugins/virustotal

Repository files navigation

VT logo

malice-virustotal

Circle CI License Docker Stars Docker Pulls Docker Image

Malice VirusTotal Plugin

This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal.


Dependencies

Installation

  1. Install Docker.
  2. Download trusted build from public DockerHub: docker pull malice/virustotal

Usage

$ docker run --rm malice/virustotal --help

Usage: virustotal [OPTIONS] COMMAND [arg...]

Malice VirusTotal Plugin

Version: v0.1.1, BuildTime: 20190211

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V  verbose output
  --api value    VirusTotal API key [$MALICE_VT_API]
  --help, -h     show help
  --version, -v  print the version

Commands:
  scan    Upload binary to VirusTotal for scanning
  lookup  Get file hash scan report
  web     Create a VirusTotal scan web service
  help    Shows a list of commands or help for one command

Run 'virustotal COMMAND --help' for more information on a command.

Lookup

$ docker run --rm malice/virustotal --api APIKEY lookup --help

NAME:
   virustotal lookup - Get file hash scan report

USAGE:
   virustotal lookup [command options] MD5/SHA1/SHA256 hash of file

OPTIONS:
   --post, -p             POST results to Malice webhook [$MALICE_ENDPOINT]
   --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
   --table, -t            output as Markdown table
   --elasticsearch value  elasticsearch url for Malice to storeresults [$MALICE_ELASTICSEARCH_URL]

Sample Output

{
  "scans": {
    "McAfee": {
      "detected": true,
      "version": "6.0.6.653",
      "result": "BackDoor-CSB",
      "update": "20160214"
    },
    "F-Prot": {
      "detected": true,
      "version": "4.7.1.166",
      "result": "W32/Trojan.AAWD",
      "update": "20160214"
    },
    "Symantec": {
      "detected": true,
      "version": "20151.1.0.32",
      "result": "W32.Lecna.D",
      "update": "20160214"
    },
    "ESET-NOD32": {
      "detected": true,
      "version": "13027",
      "result": "a variant of Win32/Lecna.W",
      "update": "20160214"
    },
    "ClamAV": {
      "detected": true,
      "version": "0.98.5.0",
      "result": "Win.Trojan.Backspace",
      "update": "20160214"
    },
    "Kaspersky": {
      "detected": true,
      "version": "15.0.1.13",
      "result": "Backdoor.Win32.Lecna.ab",
      "update": "20160214"
    },
    "BitDefender": {
      "detected": true,
      "version": "7.2",
      "result": "Backdoor.Lecna.AB",
      "update": "20160214"
    },
    "Comodo": {
      "detected": true,
      "version": "24205",
      "result": "Backdoor.Win32.Lecna.AB",
      "update": "20160214"
    },
    <SNIP...>
    "F-Secure": {
      "detected": true,
      "version": "11.0.19100.45",
      "result": "Backdoor.Lecna.AB",
      "update": "20160213"
    },
    "DrWeb": {
      "detected": true,
      "version": "7.0.17.11230",
      "result": "BackDoor.Dizhi",
      "update": "20160214"
    },
    "Sophos": {
      "detected": true,
      "version": "4.98.0",
      "result": "Troj/Lecna-Q",
      "update": "20160214"
    },
    "Avira": {
      "detected": true,
      "version": "8.3.3.2",
      "result": "WORM/Rbot.Gen",
      "update": "20160214"
    },
    "AVG": {
      "detected": true,
      "version": "16.0.0.4522",
      "result": "Win32/DH{YQMT?}",
      "update": "20160214"
    }
  },
  "scan_id": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165",
  "sha1": "6b82f126555e7644816df5d4e4614677ee0bda5c",
  "resource": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
  "response_code": 1,
  "scan_date": "2016-02-14 18:39:25",
  "permalink": "https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/",
  "verbose_msg": "Scan finished, information embedded",
  "total": 54,
  "positives": 46,
  "sha256": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
  "md5": "669f87f2ec48dce3a76386eec94d7e3b"
}

virustotal

Ratio Link API Scanned
85% link Public Sun 2016Feb14 14:00:50

Documentation

TODO

  • create web subcommand (with POST to URL callback) allows sharing of API

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015 blacktop