Created
March 11, 2016 03:59
-
-
Save MSAdministrator/afae5e92c8ff5d429a2b to your computer and use it in GitHub Desktop.
This is a sample of checking VT for hashes using PowerShell. Check out PPRT (PowerShell Phishing Response Toolkit) for a more accurate use. https://github.com/MSAdministrator/PPRT---PowerShell-Phishing-Response-Toolkit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Get-FileHash is a built in PowerShell cmdlet with Version 5 | |
Write-Verbose "Downloading Posh-VirusTotal PowerShell Module...." | |
iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1") | |
$VTAPIkey = 'somevtapikey' | |
#single file Hash | |
$AttachmentHash = Get-FileHash C:\$env:Desktop\somefile.txt | |
#Get a list of hashes and check against VT | |
# $AttachmentHash = Get-Content "$([Environment]::GetFolderPath("Desktop"))\somefileofhashesondesktop.txt" | |
#if you do the above to get a list of Hashes you must change $AttachmentHash.Has in the below foreach to just $AttachmentHash | |
foreach ($hash in $AttachmentHash.Hash) | |
{ | |
$VTFileReport = Get-VTFileReport -Resource $hash -APIKey $VTAPIKey | |
if ($VTFileReport.ResponseCode -eq 1) | |
{ | |
$result = [System.Windows.Forms.MessageBox]::Show("The following SHA256 hash was already been submitted to VirusTotal.`n $hash", 'Warning', 'Ok', 'Warning') | |
Write-LogEntry -type Info -message "VirusTotal Submission" -Folder $logpath -CustomMessage "Hash has been previously submitted to VirusTotal: $hash" | |
} | |
if ($VTFileReport.ResponseCode -eq 0) | |
{ | |
$result = [System.Windows.Forms.MessageBox]::Show("The following SHA256 hash has NOT been submitted to VirusTotal. Do you want to upload this file to VirusTotal Now?`n $hash", 'Warning', 'YesNo', 'Warning') | |
if ($result -eq $true) | |
{ | |
$SubmitToVT = Submit-VTFile -File $AttachmentHash.Path -APIKey $VTAPIKey | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment