Change Log
March 6, 2014 ยท View on GitHub
PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.
Cmdlets Available
| Cmdlet | Synopsis |
|---|---|
| Get-PoshVTVersion | Checks the version of the module installed versus the version on GitHub |
| Get-VTAPIKeyInfo | Get information on the Virus Total API key. |
| Get-VTDomainReport | Get a VirusTotal Report for a given Domain |
| Get-VTFileBehaviourReport | Get a report about the behavior of the file when executed in a sandboxed environment. |
| Get-VTFileComment | Retrieve a list of VirusTotal Community comments for a given file or URL |
| Get-VTFileNetworkTraffic | Get a dump of the network traffic generated by the file when executed. |
| Get-VTFileReport | Get a VirusTotal Report for a given File |
| Get-VTFileSample | Download a file by its hash. |
| Get-VTFileScanReport | Get the scan results for a file. |
| Get-VTIPReport | Get a VirusTotal Report for a given IPv4 Address |
| Get-VTSpecialURL | Get a special URL to upload files bigger than 32MB in size. |
| Get-VTURLReport | Get a VirusTotal Report for a given URL |
| Remove-VTFileRescan | Delete a previously scheduled scan. |
| Search-VTAdvancedReversed | Search for samples that match certain binary/metadata/detection criteria. |
| Set-VTAPIKey | Sets the VirusTotal API Key as a Global Variable |
| Set-VTFileComment | Post a comment on a file or URL. |
| Set-VTFileRescan | Rescan a previously submitted file or schedule a scan to be performed in the future. |
| Submit-VTFile | Submit a File for scanning by VirusTotal |
| Submit-VTURL | Submit a URL for scanning by VirusTotal |
#Install To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:
iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
The process should look like:
PS C:\Windows\system32> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9
138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
Downloading latest version of Posh-VirusTotal from https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip
File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-VirusTotal.zip
Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules
Renaming folder
Module has been installed
CommandType Name ModuleName
----------- ---- ----------
Function Get-PoshVTVersion Posh-VirusTotal
Function Get-VTAPIKeyInfo Posh-VirusTotal
Function Get-VTDomainReport Posh-VirusTotal
Function Get-VTFileBehaviourReport Posh-VirusTotal
Function Get-VTFileComment Posh-VirusTotal
Function Get-VTFileNetworkTraffic Posh-VirusTotal
Function Get-VTFileReport Posh-VirusTotal
Function Get-VTFileSample Posh-VirusTotal
Function Get-VTFileScanReport Posh-VirusTotal
Function Get-VTIPReport Posh-VirusTotal
Function Get-VTSpecialURL Posh-VirusTotal
Function Get-VTURLReport Posh-VirusTotal
Function Remove-VTFileRescan Posh-VirusTotal
Function Search-VTAdvancedReversed Posh-VirusTotal
Function Set-VTAPIKey Posh-VirusTotal
Function Set-VTFileComment Posh-VirusTotal
Function Set-VTFileRescan Posh-VirusTotal
Function Submit-VTFile Posh-VirusTotal
Function Submit-VTURL Posh-VirusTotal
Change Log
Version 1.2
- API key is now encrypted on disk when set.
- Module in Synopsis mention if they are using Private or Public API.
Version 1.1
- Added support for connecting thru a HTTP Proxy and provide credentials for the proxy if necessary.
- Certificate pinning using the Certificate Thumbprint.
Version 1.0
- First public version of the module supporting PowerShell v3.0 and v4.0