diff --git a/Auto-VirusTotal/Auto-VirusTotal.go b/Auto-VirusTotal/Auto-VirusTotal.go new file mode 100644 index 00000000..3737f9c1 --- /dev/null +++ b/Auto-VirusTotal/Auto-VirusTotal.go @@ -0,0 +1,61 @@ +package main + +import ( + "bufio" + "encoding/json" + "fmt" + "net/http" + "os" +) + +type VTResponse struct { + Data struct { + Attributes struct { + LastAnalysisStats struct { + Malicious int `json:"malicious"` + Harmless int `json:"harmless"` + Suspicious int `json:"suspicious"` + Undetected int `json:"undetected"` + } `json:"last_analysis_stats"` + } `json:"attributes"` + } `json:"data"` +} + +func checkHash(hash string, apikey string) { + url := "https://www.virustotal.com/api/v3/files/" + hash + req, _ := http.NewRequest("GET", url, nil) + req.Header.Set("x-apikey", apikey) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + fmt.Println("Error:", err) + return + } + defer resp.Body.Close() + + var result VTResponse + err = json.NewDecoder(resp.Body).Decode(&result) + + stats := result.Data.Attributes.LastAnalysisStats + fmt.Printf("Malicious: %d\nHarmless: %d\nSuspicious: %d\nUndetected: %d\n", + stats.Malicious, stats.Harmless, stats.Suspicious, stats.Undetected) + +} + +func main() { + if len(os.Args) < 3 { + fmt.Println("Usage: go run AutoVirusTotal.go ") + return + } + + file, _ := os.Open(os.Args[1]) + defer file.Close() + + apiKey := os.Args[2] + scanner := bufio.NewScanner(file) + for scanner.Scan() { + hash := scanner.Text() + checkHash(hash, apiKey) + } +} diff --git a/Auto-VirusTotal/README.MD b/Auto-VirusTotal/README.MD new file mode 100644 index 00000000..164f50ba --- /dev/null +++ b/Auto-VirusTotal/README.MD @@ -0,0 +1,36 @@ +# Auto-VirusTotal + +Many Cybersecurity professionals often end up with several lists of possible IOC hashes on their hands. + +This is a small GO CLI tool that reads a file of hashes from a text file and queries VirusTotal for their detection results to determine whether they are malicious or not. The tool prints the number of malicious, suspicious, and harmless detections for each hash. + +## Features + +- Reads hashes from a file (one per line) +- Queries the VirusTotal API (using your own API token) +- Prints detection statistics. + + +## Technologies +- Go +- VirusTotal + +## Requirements + +- A VirusTotal API key. + +You can obtain a free API key by creating an account on VirusTotal. + +Note: The free API is limited to 4 requests per minute. When using a free API key you could modify the script to add a sleep timer for optimal performance. + +## Usage + +An example test.txt file is provided with the hash of EICAR (commonly used in detection tests). + +### Example Command + +go run Auto-VirusTotal.go test.txt + +## Disclaimer + +This project is for educational and research purposes only. \ No newline at end of file diff --git a/Auto-VirusTotal/test.txt b/Auto-VirusTotal/test.txt new file mode 100644 index 00000000..66ec3b30 --- /dev/null +++ b/Auto-VirusTotal/test.txt @@ -0,0 +1 @@ +275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f \ No newline at end of file