PSVirusTotal.psm1
|
function Get-VirusTotalReport { <# .SYNOPSIS Get Virus Total report .DESCRIPTION The Get-VirusTotalReport function get search item and check it on Virus Total. .PARAMETER VTApiKey Specifies a friendly name for the ftp session. .PARAMETER SearchItem Enter the search phrase. .PARAMETER Type Choose type of scan: file, hash, Url, IP or Domain. Default is Hash. .EXAMPLE $VTApiKey = "<VTApiKey>" $FileHash = Get-FileHash -Path C:\Temp\Test1.exe Get-VirusTotalReport -VTApiKey $VTApiKey -SearchItem $FileHash .EXAMPLE Get-VirusTotalReport -VTApiKey "<VTApiKey>" -SearchItem C:\Temp\Test1.exe -Type File .EXAMPLE Get-VirusTotalReport -VTApiKey "<VTApiKey>" -SearchItem 1.1.1.1 -Type IP .NOTES Author: Michal Gajda #> param ( [Parameter(Mandatory=$true)] [String]$VTApiKey, [Parameter(Mandatory=$true)] [String]$SearchItem, [ValidateSet('File','Hash','Url','IP','Domain')] [String]$ScanType = 'Hash' ) #Choose type switch($ScanType) { 'File' { $SearchItem = (Get-FileHash $SearchItem).Hash <# $FileBytes = [io.File]::ReadAllBytes($SearchItem) $HashAlgorithm = [Security.Cryptography.HashAlgorithm]::Create("SHA256") $ComputeHash = $HashAlgorithm.ComputeHash($FileBytes) $SearchItem2 = [System.Bitconverter]::ToString($ComputeHash).Replace('-','').ToUpper() #> $ScanType = 'Hash' $Uri = 'https://www.virustotal.com/vtapi/v2/file/report' $Method = 'POST' $Body = @{ resource = $SearchItem; apikey = $VTApiKey } break } 'Hash' { $Uri = 'https://www.virustotal.com/vtapi/v2/file/report' $Method = 'POST' $Body = @{ resource = $SearchItem; apikey = $VTApiKey } break } 'Url' { $Uri = 'https://www.virustotal.com/vtapi/v2/url/report' $Method = 'POST' $Body = @{ resource = $SearchItem; apikey = $VTApiKey } break } 'IP' { $Uri = 'http://www.virustotal.com/vtapi/v2/ip-address/report' $Method = 'GET' $Body = @{ ip = $SearchItem; apikey = $VTApiKey } break } 'Domain' { $Uri = 'http://www.virustotal.com/vtapi/v2/domain/report' $Method = 'GET' $Body = @{ domain = $SearchItem; apikey = $VTApiKey } break } } #Get report $VTReport = Invoke-RestMethod -Method $Method -Uri $Uri -Body $Body #Add custom content switch($ScanType) { 'Hash' { $VTReportScans = @() if ($VTReport.positives -gt 0) { foreach($ScanName in ($VTReport.scans | Get-Member -Type NoteProperty | Select-Object -exp Name)) { if($VTReport.scans.$ScanName.detected) { $VTReportScan = $VTReport.scans.$ScanName $VTReportScan | Add-Member -MemberType NoteProperty -Name avname -Value $ScanName -Force $VTReportScans += $VTReportScan } } } $VTReport | Add-Member -MemberType NoteProperty -Name avscans -Value $VTReportScans -Force $VTReport | Add-Member -MemberType NoteProperty -Name avresult -Value "$($VTReport.positives)/$($VTReport.total)" -Force break } 'Url' { $VTReportScans = @() if ($VTReport.positives -gt 0) { foreach($ScanName in ($VTReport.scans | Get-Member -Type NoteProperty | Select-Object -exp Name)) { if($VTReport.scans.$ScanName.detected) { $VTReportScan = $VTReport.scans.$ScanName $VTReportScan | Add-Member -MemberType NoteProperty -Name avname -Value $ScanName -Force $VTReportScans += $VTReportScan } } } $VTReport | Add-Member -MemberType NoteProperty -Name avscans -Value $VTReportScans -Force $VTReport | Add-Member -MemberType NoteProperty -Name avresult -Value "$($VTReport.positives)/$($VTReport.total)" -Force break } } Return $VTReport } |