Malice VirusTotal Plugin
This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/virustotal
$ docker run --rm malice/virustotal --help
Usage: virustotal [OPTIONS] COMMAND [arg...]
Malice VirusTotal Plugin
Version: v0.1.1, BuildTime: 20190211
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--api value VirusTotal API key [$MALICE_VT_API]
--help, -h show help
--version, -v print the version
Commands:
scan Upload binary to VirusTotal for scanning
lookup Get file hash scan report
web Create a VirusTotal scan web service
help Shows a list of commands or help for one command
Run 'virustotal COMMAND --help' for more information on a command.$ docker run --rm malice/virustotal --api APIKEY lookup --help
NAME:
virustotal lookup - Get file hash scan report
USAGE:
virustotal lookup [command options] MD5/SHA1/SHA256 hash of file
OPTIONS:
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--elasticsearch value elasticsearch url for Malice to storeresults [$MALICE_ELASTICSEARCH_URL]{
"scans": {
"McAfee": {
"detected": true,
"version": "6.0.6.653",
"result": "BackDoor-CSB",
"update": "20160214"
},
"F-Prot": {
"detected": true,
"version": "4.7.1.166",
"result": "W32/Trojan.AAWD",
"update": "20160214"
},
"Symantec": {
"detected": true,
"version": "20151.1.0.32",
"result": "W32.Lecna.D",
"update": "20160214"
},
"ESET-NOD32": {
"detected": true,
"version": "13027",
"result": "a variant of Win32/Lecna.W",
"update": "20160214"
},
"ClamAV": {
"detected": true,
"version": "0.98.5.0",
"result": "Win.Trojan.Backspace",
"update": "20160214"
},
"Kaspersky": {
"detected": true,
"version": "15.0.1.13",
"result": "Backdoor.Win32.Lecna.ab",
"update": "20160214"
},
"BitDefender": {
"detected": true,
"version": "7.2",
"result": "Backdoor.Lecna.AB",
"update": "20160214"
},
"Comodo": {
"detected": true,
"version": "24205",
"result": "Backdoor.Win32.Lecna.AB",
"update": "20160214"
},
<SNIP...>
"F-Secure": {
"detected": true,
"version": "11.0.19100.45",
"result": "Backdoor.Lecna.AB",
"update": "20160213"
},
"DrWeb": {
"detected": true,
"version": "7.0.17.11230",
"result": "BackDoor.Dizhi",
"update": "20160214"
},
"Sophos": {
"detected": true,
"version": "4.98.0",
"result": "Troj/Lecna-Q",
"update": "20160214"
},
"Avira": {
"detected": true,
"version": "8.3.3.2",
"result": "WORM/Rbot.Gen",
"update": "20160214"
},
"AVG": {
"detected": true,
"version": "16.0.0.4522",
"result": "Win32/DH{YQMT?}",
"update": "20160214"
}
},
"scan_id": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165",
"sha1": "6b82f126555e7644816df5d4e4614677ee0bda5c",
"resource": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
"response_code": 1,
"scan_date": "2016-02-14 18:39:25",
"permalink": "https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/",
"verbose_msg": "Scan finished, information embedded",
"total": 54,
"positives": 46,
"sha256": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
"md5": "669f87f2ec48dce3a76386eec94d7e3b"
}| Ratio | Link | API | Scanned |
|---|---|---|---|
| 85% | link | Public | Sun 2016Feb14 14:00:50 |
- To write results to ElasticSearch
- To create a VirusTotal scan / lookup micro-service
- To post results to a webhook
- create
websubcommand (with POST to URL callback) allows sharing of API
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
MIT Copyright (c) 2015 blacktop