Home

Awesome

Posh-VirusTotal

PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.

Cmdlets Available

CmdletSynopsis
Get-PoshVTVersionChecks the version of the module installed versus the version on GitHub
Get-VTAPIKeyInfoGet information on the Virus Total API key.
Get-VTDomainReportGet a VirusTotal Report for a given Domain
Get-VTFileBehaviourReportGet a report about the behavior of the file when executed in a sandboxed environment.
Get-VTFileCommentRetrieve a list of VirusTotal Community comments for a given file or URL
Get-VTFileNetworkTrafficGet a dump of the network traffic generated by the file when executed.
Get-VTFileReportGet a VirusTotal Report for a given File
Get-VTFileSampleDownload a file by its hash.
Get-VTFileScanReportGet the scan results for a file.
Get-VTIPReportGet a VirusTotal Report for a given IPv4 Address
Get-VTSpecialURLGet a special URL to upload files bigger than 32MB in size.
Get-VTURLReportGet a VirusTotal Report for a given URL
Remove-VTFileRescanDelete a previously scheduled scan.
Search-VTAdvancedReversedSearch for samples that match certain binary/metadata/detection criteria.
Set-VTAPIKeySets the VirusTotal API Key as a Global Variable
Set-VTFileCommentPost a comment on a file or URL.
Set-VTFileRescanRescan a previously submitted file or schedule a scan to be performed in the future.
Submit-VTFileSubmit a File for scanning by VirusTotal
Submit-VTURLSubmit a URL for scanning by VirusTotal

#Install To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:

<pre> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1") </pre>

The process should look like:

<pre> PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9 138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1") Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules Renaming folder Module has been installed CommandType Name ModuleName ----------- ---- ---------- Function Get-PoshVTVersion Posh-VirusTotal Function Get-VTAPIKeyInfo Posh-VirusTotal Function Get-VTDomainReport Posh-VirusTotal Function Get-VTFileBehaviourReport Posh-VirusTotal Function Get-VTFileComment Posh-VirusTotal Function Get-VTFileNetworkTraffic Posh-VirusTotal Function Get-VTFileReport Posh-VirusTotal Function Get-VTFileSample Posh-VirusTotal Function Get-VTFileScanReport Posh-VirusTotal Function Get-VTIPReport Posh-VirusTotal Function Get-VTSpecialURL Posh-VirusTotal Function Get-VTURLReport Posh-VirusTotal Function Remove-VTFileRescan Posh-VirusTotal Function Search-VTAdvancedReversed Posh-VirusTotal Function Set-VTAPIKey Posh-VirusTotal Function Set-VTFileComment Posh-VirusTotal Function Set-VTFileRescan Posh-VirusTotal Function Submit-VTFile Posh-VirusTotal Function Submit-VTURL Posh-VirusTotal </pre>

Change Log

Version 1.2

Version 1.1

Version 1.0