본문 바로가기
조회 수 1321 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

** install required perl modules

sudo cpan
o conf prerequisites_policy follow
o conf commit
install LWP::UserAgent
install JSON
install Mozilla::CA


vi vtupload.pl  
#!/usr/bin/perl

# This script is heavily based (to say the least) on the work done by cfrenz (http://perlgems.blogspot.se/2012/05/using-virustotal-api-v20.html My aim was to add some functionality to the original script. 
# Usage: vtupload.pl <sample> or just do a loop through your sample repository and pipe the result to a file(s) for later 
# analyses. Which makes it easy to push loads of samples to VT.
# /Micke @nsmfoo 

# Org comments:
# Copyright 2012- Christopher M. Frenz
# This script is free software - it may be used, copied, redistributed, and/or modified
# under the terms laid forth in the Perl Artistic License

use LWP::UserAgent;
use JSON;

#Code to submit a file to Virus Total
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });
my $url='https://www.virustotal.com/vtapi/v2/file/scan';

my $key='VT-API KEY';

my $response = $ua->post( $url,
    Content_Type => 'multipart/form-data',
    Content => ['apikey' => $key,
    'file' => [$ARGV[0]]]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
my $results=$response->content;

#pulls the sha256 value out of the JSON response
my $json = JSON->new->allow_nonref;   
my $decjson = $json->decode( $results);
my $sha256=$decjson->{"sha256"};

#Code to retrieve the results that pertain to a submitted file by hash value
$url='https://www.virustotal.com/vtapi/v2/file/report';

$response = $ua->post( $url,
    ['apikey' => $key,
    'resource' => $sha256]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
$results=$response->content;

$json = JSON->new->allow_nonref;   
$decjson = $json->decode($results);

# print selected values from the json file
print "-----------------------------------------------------------------------\n";
print "Sample name: ". $ARGV[0]."\n";
print "Scan ID:  ".$decjson->{"scan_id"}."\n";
print "Scan Date:  ".$decjson->{"scan_date"}."\n";
print "SHA256: ".$decjson->{"sha256"}."\n";
print "MD5: ".$decjson->{"md5"}."\n";
print "Detection rate: ".$decjson->{"positives"}. "/".$decjson->{"total"}."\n";
print "Verbose Message: ".$decjson->{"verbose_msg"}."\n";

print "-----------------------------------------------------------------------\n";
# print AV engines status per vendor
print "Scan results: \n";
for my $key1 ( sort keys %$decjson ) {
        for my $key2 ( sort keys %{$decjson->{ $key1 }} ) {
            print "\t$key2\n";
     
            for my $key3 ( sort keys %{$decjson->{ $key1 }->{ $key2 }} ) {
                print "\t\t$key3 => $decjson->{ $key1 }->{ $key2 }->{ $key3 }\n";
            }
        }

   }

print "\nURL: ".$decjson->{"permalink"}."\n";


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
20 How to Decrypt SSL and TLS Traffic using Wireshark (test with sample file) file Hojung 2015.01.23 2516
19 자바스크립트 난독화 기법 / 분석 방법론 (정리예정) Hojung 2015.01.05 1534
18 Base64 encode/decode with OpenSSL Hojung 2015.01.04 1409
17 Convert ascii to hex and vice versa (hexdump, od, xxd, echo -e) Hojung 2015.01.04 1133
16 Simple ruby script to de-obfuscate with XOR string Hojung 2015.01.01 755
15 Installing yara on CentOS and test with Ruby script Hojung 2014.12.31 2046
14 Installing Yara for ruby on Mac Hojung 2014.12.31 811
13 How to find the original email sender (check X-Originating-IP or Received headers) Hojung 2014.12.29 922
12 Links for FireEye Deployment Check Hojung 2014.12.11 2674
11 Get timezone info from system logs which is /var/log/messages Hojung 2014.12.07 840
10 Analysing NTPd logs file Hojung 2014.12.07 1526
9 Sguil with tcpreplay (Security Onion) file Hojung 2014.12.01 2395
8 Wireshark settings for traffic analysis file Hojung 2014.11.29 1153
7 Security Onion with Snort and Snorby (pulledpork and snort with offline pcap included) file Hojung 2014.11.24 3702
6 Snort on Ubuntu 14 (Barnyard2, PulledPork, BASE, Snort with pcap) file Hojung 2014.11.22 3449
5 How to install Snorby in Kali (snort) file Hojung 2014.11.21 10227
4 install geoiplookup on Mac Hojung 2014.08.06 2994
3 DDoS 공격대응 가이드 Hojung 2014.07.29 4154
2 DDoS 분석도구 설치 및 분석 (tcpdstat, ngrep, httpry) Hojung 2014.07.25 3508
» Perl script to push samples to Virustotal Hojung 2014.02.20 1321
Board Pagination ‹ Prev 1 Next ›
/ 1

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5