Public | Automated Build

Last pushed: 3 days ago
Short Description
Malice VirusTotal Plugin
Full Description

malice-virustotal

Malice VirusTotal Plugin

This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal.

Dependencies

Installation

  1. Install Docker.
  2. Download trusted build from public DockerHub: docker pull malice/virustotal

Usage

docker run --rm malice/virustotal --api APIKEY lookup HASH
Usage: virustotal [OPTIONS] COMMAND [arg...]

Malice VirusTotal Plugin

Version: v0.1.0, BuildTime: 20160214

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V        verbose output
  --post, -p        POST results to Malice webhook [$MALICE_ENDPOINT]
  --proxy, -x        proxy settings for Malice webhook endpoint [$MALICE_PROXY]
  --table, -t        output as Markdown table
  --api value        VirusTotal API key [$MALICE_VT_API]
  --elasitcsearch value    elasitcsearch address for Malice to store results [$MALICE_ELASTICSEARCH]
  --help, -h        show help
  --version, -v        print the version

Commands:
  scan        Upload binary to VirusTotal for scanning
  lookup    Get file hash scan report
  help        Shows a list of commands or help for one command

Run 'virustotal COMMAND --help' for more information on a command.

Sample Output

JSON:

{
  "virustotal": {
    "scans": {
      "McAfee": {
        "detected": true,
        "version": "6.0.6.653",
        "result": "BackDoor-CSB",
        "update": "20160214"
      },
      "F-Prot": {
        "detected": true,
        "version": "4.7.1.166",
        "result": "W32/Trojan.AAWD",
        "update": "20160214"
      },
      "Symantec": {
        "detected": true,
        "version": "20151.1.0.32",
        "result": "W32.Lecna.D",
        "update": "20160214"
      },
      "ESET-NOD32": {
        "detected": true,
        "version": "13027",
        "result": "a variant of Win32/Lecna.W",
        "update": "20160214"
      },
      "ClamAV": {
        "detected": true,
        "version": "0.98.5.0",
        "result": "Win.Trojan.Backspace",
        "update": "20160214"
      },
      "Kaspersky": {
        "detected": true,
        "version": "15.0.1.13",
        "result": "Backdoor.Win32.Lecna.ab",
        "update": "20160214"
      },
      "BitDefender": {
        "detected": true,
        "version": "7.2",
        "result": "Backdoor.Lecna.AB",
        "update": "20160214"
      },
      "Comodo": {
        "detected": true,
        "version": "24205",
        "result": "Backdoor.Win32.Lecna.AB",
        "update": "20160214"
      },
      <SNIP...>
      "F-Secure": {
        "detected": true,
        "version": "11.0.19100.45",
        "result": "Backdoor.Lecna.AB",
        "update": "20160213"
      },
      "DrWeb": {
        "detected": true,
        "version": "7.0.17.11230",
        "result": "BackDoor.Dizhi",
        "update": "20160214"
      },
      "Sophos": {
        "detected": true,
        "version": "4.98.0",
        "result": "Troj/Lecna-Q",
        "update": "20160214"
      },
      "Avira": {
        "detected": true,
        "version": "8.3.3.2",
        "result": "WORM/Rbot.Gen",
        "update": "20160214"
      },
      "AVG": {
        "detected": true,
        "version": "16.0.0.4522",
        "result": "Win32/DH{YQMT?}",
        "update": "20160214"
      }
    },
    "scan_id": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408-1455475165",
    "sha1": "6b82f126555e7644816df5d4e4614677ee0bda5c",
    "resource": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
    "response_code": 1,
    "scan_date": "2016-02-14 18:39:25",
    "permalink": "https://www.virustotal.com/file/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408/analysis/1455475165/",
    "verbose_msg": "Scan finished, information embedded",
    "total": 54,
    "positives": 46,
    "sha256": "befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408",
    "md5": "669f87f2ec48dce3a76386eec94d7e3b"
  }
}

Markdown:


virustotal

Ratio Link API Scanned
85% link Public Sun 2016Feb14 14:00:50

Documentation

To write results to ElasticSearch

$ docker volume create --name malice
$ docker run -d --name elasticsearch \
                -p 9200:9200 \
                -v malice:/usr/share/elasticsearch/data \
                 blacktop/elasticsearch
$ docker run --rm --link elasticsearch malice/virustotal HASH

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2017 blacktop

Docker Pull Command
Owner
malice
Source Repository