Awesome
Posh-VirusTotal
PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.
Cmdlets Available
| Cmdlet | Synopsis |
|---|---|
| Get-PoshVTVersion | Checks the version of the module installed versus the version on GitHub |
| Get-VTAPIKeyInfo | Get information on the Virus Total API key. |
| Get-VTDomainReport | Get a VirusTotal Report for a given Domain |
| Get-VTFileBehaviourReport | Get a report about the behavior of the file when executed in a sandboxed environment. |
| Get-VTFileComment | Retrieve a list of VirusTotal Community comments for a given file or URL |
| Get-VTFileNetworkTraffic | Get a dump of the network traffic generated by the file when executed. |
| Get-VTFileReport | Get a VirusTotal Report for a given File |
| Get-VTFileSample | Download a file by its hash. |
| Get-VTFileScanReport | Get the scan results for a file. |
| Get-VTIPReport | Get a VirusTotal Report for a given IPv4 Address |
| Get-VTSpecialURL | Get a special URL to upload files bigger than 32MB in size. |
| Get-VTURLReport | Get a VirusTotal Report for a given URL |
| Remove-VTFileRescan | Delete a previously scheduled scan. |
| Search-VTAdvancedReversed | Search for samples that match certain binary/metadata/detection criteria. |
| Set-VTAPIKey | Sets the VirusTotal API Key as a Global Variable |
| Set-VTFileComment | Post a comment on a file or URL. |
| Set-VTFileRescan | Rescan a previously submitted file or schedule a scan to be performed in the future. |
| Submit-VTFile | Submit a File for scanning by VirusTotal |
| Submit-VTURL | Submit a URL for scanning by VirusTotal |
#Install To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:
<pre> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1") </pre>The process should look like:
<pre> PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9 138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1") Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules Renaming folder Module has been installed CommandType Name ModuleName ----------- ---- ---------- Function Get-PoshVTVersion Posh-VirusTotal Function Get-VTAPIKeyInfo Posh-VirusTotal Function Get-VTDomainReport Posh-VirusTotal Function Get-VTFileBehaviourReport Posh-VirusTotal Function Get-VTFileComment Posh-VirusTotal Function Get-VTFileNetworkTraffic Posh-VirusTotal Function Get-VTFileReport Posh-VirusTotal Function Get-VTFileSample Posh-VirusTotal Function Get-VTFileScanReport Posh-VirusTotal Function Get-VTIPReport Posh-VirusTotal Function Get-VTSpecialURL Posh-VirusTotal Function Get-VTURLReport Posh-VirusTotal Function Remove-VTFileRescan Posh-VirusTotal Function Search-VTAdvancedReversed Posh-VirusTotal Function Set-VTAPIKey Posh-VirusTotal Function Set-VTFileComment Posh-VirusTotal Function Set-VTFileRescan Posh-VirusTotal Function Submit-VTFile Posh-VirusTotal Function Submit-VTURL Posh-VirusTotal </pre>Change Log
Version 1.2
- API key is now encrypted on disk when set.
- Module in Synopsis mention if they are using Private or Public API.
Version 1.1
- Added support for connecting thru a HTTP Proxy and provide credentials for the proxy if necessary.
- Certificate pinning using the Certificate Thumbprint.
Version 1.0
- First public version of the module supporting PowerShell v3.0 and v4.0