Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/darkoperator/Posh-VirusTotal
PowerShell Module to interact with VirusTotal
https://github.com/darkoperator/Posh-VirusTotal
Last synced: about 1 month ago
JSON representation
PowerShell Module to interact with VirusTotal
- Host: GitHub
- URL: https://github.com/darkoperator/Posh-VirusTotal
- Owner: darkoperator
- License: bsd-3-clause
- Created: 2014-01-13T00:19:31.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2020-01-16T20:05:44.000Z (almost 5 years ago)
- Last Synced: 2024-08-02T07:10:59.486Z (4 months ago)
- Language: PowerShell
- Size: 52.7 KB
- Stars: 114
- Watchers: 12
- Forks: 30
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-cybersecurity-blueteam - Posh-VirusTotal - PowerShell interface to VirusTotal.com APIs. (Automation and Convention / Code libraries and bindings)
- jimsghstars - darkoperator/Posh-VirusTotal - PowerShell Module to interact with VirusTotal (PowerShell)
- awesome-cybersecurity-blueteam-cn - Posh-VirusTotal - 可与VirusTotal.com的API进行交互的PowerShell接口 (自动化工具 / 代码库和绑定)
README
Posh-VirusTotal
===============PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.
Cmdlets Available
=================
| Cmdlet | Synopsis |
|-----------------------------|----------------------------------------------------------------------------------------|
| Get-PoshVTVersion | Checks the version of the module installed versus the version on GitHub |
| Get-VTAPIKeyInfo | Get information on the Virus Total API key. |
| Get-VTDomainReport | Get a VirusTotal Report for a given Domain |
| Get-VTFileBehaviourReport | Get a report about the behavior of the file when executed in a sandboxed environment. |
| Get-VTFileComment | Retrieve a list of VirusTotal Community comments for a given file or URL |
| Get-VTFileNetworkTraffic | Get a dump of the network traffic generated by the file when executed. |
| Get-VTFileReport | Get a VirusTotal Report for a given File |
| Get-VTFileSample | Download a file by its hash. |
| Get-VTFileScanReport | Get the scan results for a file. |
| Get-VTIPReport | Get a VirusTotal Report for a given IPv4 Address |
| Get-VTSpecialURL | Get a special URL to upload files bigger than 32MB in size. |
| Get-VTURLReport | Get a VirusTotal Report for a given URL |
| Remove-VTFileRescan | Delete a previously scheduled scan. |
| Search-VTAdvancedReversed | Search for samples that match certain binary/metadata/detection criteria. |
| Set-VTAPIKey | Sets the VirusTotal API Key as a Global Variable |
| Set-VTFileComment | Post a comment on a file or URL. |
| Set-VTFileRescan | Rescan a previously submitted file or schedule a scan to be performed in the future. |
| Submit-VTFile | Submit a File for scanning by VirusTotal |
| Submit-VTURL |Submit a URL for scanning by VirusTotal |#Install
To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:
iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")The process should look like:
PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9
138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip
File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip
Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules
Renaming folder
Module has been installedCommandType Name ModuleName
----------- ---- ----------
Function Get-PoshVTVersion Posh-VirusTotal
Function Get-VTAPIKeyInfo Posh-VirusTotal
Function Get-VTDomainReport Posh-VirusTotal
Function Get-VTFileBehaviourReport Posh-VirusTotal
Function Get-VTFileComment Posh-VirusTotal
Function Get-VTFileNetworkTraffic Posh-VirusTotal
Function Get-VTFileReport Posh-VirusTotal
Function Get-VTFileSample Posh-VirusTotal
Function Get-VTFileScanReport Posh-VirusTotal
Function Get-VTIPReport Posh-VirusTotal
Function Get-VTSpecialURL Posh-VirusTotal
Function Get-VTURLReport Posh-VirusTotal
Function Remove-VTFileRescan Posh-VirusTotal
Function Search-VTAdvancedReversed Posh-VirusTotal
Function Set-VTAPIKey Posh-VirusTotal
Function Set-VTFileComment Posh-VirusTotal
Function Set-VTFileRescan Posh-VirusTotal
Function Submit-VTFile Posh-VirusTotal
Function Submit-VTURL Posh-VirusTotal# Change Log
## Version 1.2
* API key is now encrypted on disk when set.
* Module in Synopsis mention if they are using Private or Public API.
## Version 1.1
* Added support for connecting thru a HTTP Proxy and provide credentials for the proxy if necessary.
* Certificate pinning using the Certificate Thumbprint.
## Version 1.0* First public version of the module supporting PowerShell v3.0 and v4.0