"Analyze suspicious files and URLs to detect types of malware"

Retrieves file or url results from VirusTotal.
By default only sends hash of a file to check if the file has already been analyzed.
It's possible to send the whole file if report doesn't exist with --send argument

Input

any file

Output

Virustotal report

Supported tags and respective Dockerfile links

• latest (virustotal/Dockerfile)

Usage

Method 1. Clone the repository and build by yourself

1. Clone the repository

git clone https://gitlab.com/CinCan/tools
cd tools/virustotal/

2. Build OR pull the docker image

docker build . -t cincan/virustotal
docker pull cincan/virustotal

3. Run the docker container

Scans all urls in the newline delimited file:

$ docker run -v /files:/files cincan/virustotal --output /files/ --url_file /files/url_file [options]

Scans all files in the folder:

$ docker run -v /files:/files cincan/virustotal --output /files/ --files /files/ [options]

Method 2. Run with 'cincan' tool:

Query virustotal with the provided example sample from this directory:

$ cincan run cincan/virustotal --api_key <api_key_here> --files_hash samples/hash_example.txt --output samples/

Get help for specifically this tool:

$ cincan run cincan/virustotal --help

Testing

Tox can be used for testing this tool (run from root of this repository):

pip install tox
tox virustotal

Options

[--send, -s] Sends file or url to be analyzed if existing report doesn't exist [--verbose, -v] Sets verbosity to high

Project homepage

https://github.com/VirusTotal