-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathget-VTFileReport.psm1
56 lines (45 loc) · 2.09 KB
/
get-VTFileReport.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
## Search VirusTotal for a file hash
## Chris Shearer
## 26-Aug-2020
## VirusTotal Public API: https://developers.virustotal.com/reference#file-report
Function get-VTFileReport
{
## Accept CLI parameters
param ([Parameter(Mandatory=$true)] [array]$h)
## Get your own VT API key here: https://www.virustotal.com/gui/join-us
$VTApiKey = "xxxxxxxxxxxxxx"
## Set TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
## Samples
if ($h) {$samples = $h}
else {write-host -f magenta "No hash found, exiting."}
## Loop through hashes
foreach ($hash in $samples)
{
## Set sleep value to respect API limits (4/min) - https://developers.virustotal.com/v3.0/reference#public-vs-premium-api
if ($samples.count -ge 4) {$sleepTime = 15}
else {$sleepTime = 1 }
## Submit the hash!
$VTbody = @{resource = $hash; apikey = $VTApiKey}
$VTresult = Invoke-RestMethod -Method GET -Uri 'https://www.virustotal.com/vtapi/v2/file/report' -Body $VTbody
## Calculate percentage if there is a result
if ($VTresult.positives -ge 1) {
$VTpct = (($VTresult.positives) / ($VTresult.total)) * 100
$VTpct = [math]::Round($VTpct,2)
}
else {
$VTpct = 0
}
## Custom Object for data output
[PSCustomObject]@{
resource = $VTresult.resource
scan_date = $VTresult.scan_date
positives = $VTresult.positives
total = $VTresult.total
permalink = $VTresult.permalink
percent = $VTpct
}
Start-Sleep -seconds $sleepTime
}
}
Export-ModuleMember -Function get-VTFileReport