Add: Auto-VirusTotal Project

Auto-VirusTotal/Auto-VirusTotal.go

@@ -0,0 +1,61 @@
+package main
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+type VTResponse struct {
+	Data struct {
+		Attributes struct {
+			LastAnalysisStats struct {
+				Malicious  int `json:"malicious"`
+				Harmless   int `json:"harmless"`
+				Suspicious int `json:"suspicious"`
+				Undetected int `json:"undetected"`
+			} `json:"last_analysis_stats"`
+		} `json:"attributes"`
+	} `json:"data"`
+}
+
+func checkHash(hash string, apikey string) {
+	url := "https://www.virustotal.com/api/v3/files/" + hash
+	req, _ := http.NewRequest("GET", url, nil)
+	req.Header.Set("x-apikey", apikey)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Println("Error:", err)
+		return
+	}
+	defer resp.Body.Close()
+
+	var result VTResponse
+	err = json.NewDecoder(resp.Body).Decode(&result)
+
+	stats := result.Data.Attributes.LastAnalysisStats
+	fmt.Printf("Malicious: %d\nHarmless: %d\nSuspicious: %d\nUndetected: %d\n",
+		stats.Malicious, stats.Harmless, stats.Suspicious, stats.Undetected)
+
+}
+
+func main() {
+	if len(os.Args) < 3 {
+		fmt.Println("Usage: go run AutoVirusTotal.go <hashes_file> <apikey>")
+		return
+	}
+
+	file, _ := os.Open(os.Args[1])
+	defer file.Close()
+
+	apiKey := os.Args[2]
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		hash := scanner.Text()
+		checkHash(hash, apiKey)
+	}
+}

Auto-VirusTotal/README.MD

@@ -0,0 +1,36 @@
+# Auto-VirusTotal
+
+Many Cybersecurity professionals often end up with several lists of possible IOC hashes on their hands.
+
+This is a small GO CLI tool that reads a file of hashes from a text file and queries VirusTotal for their detection results to determine whether they are malicious or not. The tool prints the number of malicious, suspicious, and harmless detections for each hash.
+
+## Features
+
+- Reads hashes from a file (one per line)
+- Queries the VirusTotal API (using your own API token)
+- Prints detection statistics.
+
+
+## Technologies
+- Go
+- VirusTotal
+
+## Requirements
+
+- A VirusTotal API key.
+
+You can obtain a free API key by creating an account on VirusTotal.
+
+Note: The free API is limited to 4 requests per minute. When using a free API key you could modify the script to add a sleep timer for optimal performance.
+
+## Usage
+
+An example test.txt file is provided with the hash of EICAR (commonly used in detection tests).
+
+### Example Command
+
+go run Auto-VirusTotal.go test.txt <API KEY>
+
+## Disclaimer
+
+This project is for educational and research purposes only.

Auto-VirusTotal/test.txt

@@ -0,0 +1 @@
+275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f