Skip to content

Latest commit

 

History

History
79 lines (71 loc) · 5.67 KB

README.md

File metadata and controls

79 lines (71 loc) · 5.67 KB

Posh-VirusTotal

PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.

Cmdlets Available

Cmdlet Synopsis
Get-PoshVTVersion Checks the version of the module installed versus the version on GitHub
Get-VTAPIKeyInfo Get information on the Virus Total API key.
Get-VTDomainReport Get a VirusTotal Report for a given Domain
Get-VTFileBehaviourReport Get a report about the behavior of the file when executed in a sandboxed environment.
Get-VTFileComment Retrieve a list of VirusTotal Community comments for a given file or URL
Get-VTFileNetworkTraffic Get a dump of the network traffic generated by the file when executed.
Get-VTFileReport Get a VirusTotal Report for a given File
Get-VTFileSample Download a file by its hash.
Get-VTFileScanReport Get the scan results for a file.
Get-VTIPReport Get a VirusTotal Report for a given IPv4 Address
Get-VTSpecialURL Get a special URL to upload files bigger than 32MB in size.
Get-VTURLReport Get a VirusTotal Report for a given URL
Remove-VTFileRescan Delete a previously scheduled scan.
Search-VTAdvancedReversed Search for samples that match certain binary/metadata/detection criteria.
Set-VTAPIKey Sets the VirusTotal API Key as a Global Variable
Set-VTFileComment Post a comment on a file or URL.
Set-VTFileRescan Rescan a previously submitted file or schedule a scan to be performed in the future.
Submit-VTFile Submit a File for scanning by VirusTotal
Submit-VTURL Submit a URL for scanning by VirusTotal

#Install To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:

iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")

The process should look like:

PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9
138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip
File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip
Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules
Renaming folder
Module has been installed

CommandType     Name                                               ModuleName
-----------     ----                                               ----------
Function        Get-PoshVTVersion                                  Posh-VirusTotal
Function        Get-VTAPIKeyInfo                                   Posh-VirusTotal
Function        Get-VTDomainReport                                 Posh-VirusTotal
Function        Get-VTFileBehaviourReport                          Posh-VirusTotal
Function        Get-VTFileComment                                  Posh-VirusTotal
Function        Get-VTFileNetworkTraffic                           Posh-VirusTotal
Function        Get-VTFileReport                                   Posh-VirusTotal
Function        Get-VTFileSample                                   Posh-VirusTotal
Function        Get-VTFileScanReport                               Posh-VirusTotal
Function        Get-VTIPReport                                     Posh-VirusTotal
Function        Get-VTSpecialURL                                   Posh-VirusTotal
Function        Get-VTURLReport                                    Posh-VirusTotal
Function        Remove-VTFileRescan                                Posh-VirusTotal
Function        Search-VTAdvancedReversed                          Posh-VirusTotal
Function        Set-VTAPIKey                                       Posh-VirusTotal
Function        Set-VTFileComment                                  Posh-VirusTotal
Function        Set-VTFileRescan                                   Posh-VirusTotal
Function        Submit-VTFile                                      Posh-VirusTotal
Function        Submit-VTURL                                       Posh-VirusTotal

Change Log

Version 1.2

  • API key is now encrypted on disk when set.
  • Module in Synopsis mention if they are using Private or Public API.

Version 1.1

  • Added support for connecting thru a HTTP Proxy and provide credentials for the proxy if necessary.
  • Certificate pinning using the Certificate Thumbprint.

Version 1.0

  • First public version of the module supporting PowerShell v3.0 and v4.0