Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Upload a sample to VirusTotal and pretty print the report. All in a handy alias.
#
# Upload a sample to VirusTotal and pretty print the report. All in a handy alias.
#
# Dependecies:
#
# * python > 2.7
# * pip install Pygments==1.4
# * curl
# * VirusTotal API key
#
virustotal_upload() {
apikey="<APIKEY>"
echo "$(tput setaf 7)Uploading $1 to VirusTotal$(tput sgr0)"
vt_hash=$(curl -X POST 'https://www.virustotal.com/vtapi/v2/file/scan' --form apikey=$apikey --form file=@"$(realpath $1)" | grep -o '"[0-9|a-f]{64}"' | head -1 | sed 's/"//g')
echo "$(tput setaf 4)SHA256:$vt_hash waiting for report..$(tput sgr0)"
while true; do
response=`curl -X POST 'https://www.virustotal.com/vtapi/v2/file/report' --form apikey=$apikey --form resource=$vt_hash 2>/dev/null`
echo `echo $response|grep -o '"scans"'`
if [ $(echo -n "$response"|grep -o '"response_code": 1'| wc -l) -eq 1 ]; then
echo "$response" | python -mjson.tool | pygmentize -l javascript -f console | less -r
break;
fi
echo -e -n "$(tput setaf 7).$(tput sgr0)\r"
sleep 5
done
}
alias virustotal=virustotal_upload
@mattghali

This comment has been minimized.

Copy link

@mattghali mattghali commented May 20, 2017

nice alias. i turned it into a quick script at https://gist.github.com/mattghali/23cbd045f6ce78d7a4efd2a2010e33cc that uses jq to format the output a bit too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment