Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/darkoperator/Posh-VirusTotal

PowerShell Module to interact with VirusTotal
https://github.com/darkoperator/Posh-VirusTotal

Last synced: about 1 month ago
JSON representation

PowerShell Module to interact with VirusTotal

Awesome Lists containing this project

README

        

Posh-VirusTotal
===============

PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.

Cmdlets Available
=================
| Cmdlet | Synopsis |
|-----------------------------|----------------------------------------------------------------------------------------|
| Get-PoshVTVersion | Checks the version of the module installed versus the version on GitHub |
| Get-VTAPIKeyInfo | Get information on the Virus Total API key. |
| Get-VTDomainReport | Get a VirusTotal Report for a given Domain |
| Get-VTFileBehaviourReport | Get a report about the behavior of the file when executed in a sandboxed environment. |
| Get-VTFileComment | Retrieve a list of VirusTotal Community comments for a given file or URL |
| Get-VTFileNetworkTraffic | Get a dump of the network traffic generated by the file when executed. |
| Get-VTFileReport | Get a VirusTotal Report for a given File |
| Get-VTFileSample | Download a file by its hash. |
| Get-VTFileScanReport | Get the scan results for a file. |
| Get-VTIPReport | Get a VirusTotal Report for a given IPv4 Address |
| Get-VTSpecialURL | Get a special URL to upload files bigger than 32MB in size. |
| Get-VTURLReport | Get a VirusTotal Report for a given URL |
| Remove-VTFileRescan | Delete a previously scheduled scan. |
| Search-VTAdvancedReversed | Search for samples that match certain binary/metadata/detection criteria. |
| Set-VTAPIKey | Sets the VirusTotal API Key as a Global Variable |
| Set-VTFileComment | Post a comment on a file or URL. |
| Set-VTFileRescan | Rescan a previously submitted file or schedule a scan to be performed in the future. |
| Submit-VTFile | Submit a File for scanning by VirusTotal |
| Submit-VTURL |Submit a URL for scanning by VirusTotal |

#Install
To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:


iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")

The process should look like:


PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9
138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip
File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip
Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules
Renaming folder
Module has been installed

CommandType Name ModuleName
----------- ---- ----------
Function Get-PoshVTVersion Posh-VirusTotal
Function Get-VTAPIKeyInfo Posh-VirusTotal
Function Get-VTDomainReport Posh-VirusTotal
Function Get-VTFileBehaviourReport Posh-VirusTotal
Function Get-VTFileComment Posh-VirusTotal
Function Get-VTFileNetworkTraffic Posh-VirusTotal
Function Get-VTFileReport Posh-VirusTotal
Function Get-VTFileSample Posh-VirusTotal
Function Get-VTFileScanReport Posh-VirusTotal
Function Get-VTIPReport Posh-VirusTotal
Function Get-VTSpecialURL Posh-VirusTotal
Function Get-VTURLReport Posh-VirusTotal
Function Remove-VTFileRescan Posh-VirusTotal
Function Search-VTAdvancedReversed Posh-VirusTotal
Function Set-VTAPIKey Posh-VirusTotal
Function Set-VTFileComment Posh-VirusTotal
Function Set-VTFileRescan Posh-VirusTotal
Function Submit-VTFile Posh-VirusTotal
Function Submit-VTURL Posh-VirusTotal

# Change Log
## Version 1.2
* API key is now encrypted on disk when set.
* Module in Synopsis mention if they are using Private or Public API.
## Version 1.1
* Added support for connecting thru a HTTP Proxy and provide credentials for the proxy if necessary.
* Certificate pinning using the Certificate Thumbprint.
## Version 1.0

* First public version of the module supporting PowerShell v3.0 and v4.0