HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 111 guests and 6 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Toolsarrow VirusTotal Script
EH-Net
February 10, 2012, 07:37:44 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
EH-Net > Resources > Tools (Moderator: don) > VirusTotal Script
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: VirusTotal Script  (Read 3859 times)
0 Members and 1 Guest are viewing this topic.
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« on: March 04, 2009, 03:18:11 AM »
Very useful for both pentester and everyday sec folks. Test those embedded exploits in batch!

http://hype-free.blogspot.com/2007/08/unofficial-virustotal-uploader.html

Quote
VirusTotal is a free service offered by Hispasec systems which scans the submitted files with a large number of AV engines (currently more than 30) and shows you the result. Disclaimer: I have no affiliation with them or any other such service. While the results do not guarantee anything (having in mind that every engine can have false positives and malware which it doesn't detect), still it offers a much more detailed result than scanning with a single AV engine.

This unofficial uploader was written to make it possible to submit multiple files in a batch mode and to make it possible to produce reports automatically. It is written in Perl and should run on most platforms Perl is available (for Windows you can use ActivePerl)

The software (script) is released under the GPLv3. The supported command line option currently are:

vtuploader.pl [options] [file masks]

Options:
 -n --no-distrib The sample is not distributed to AV vendors
 -h --help       Displays this help
 -v --verbose    Output detailed information about the progress
 -b --bb-code    Output the result as BBCode
 -c --csv        Output the result as CSV
 -t --tab        Output the result as tab delimited file
 -m --html       Output the result as HTML
 -l --log=[file] Save the output (the result of the scans) to the specified day

File masks:
 Specifies a file or a group of files to upload and scan

An example result can be seen below:
VirusTotal scan results File name   vtuploader.pl
Antivirus   Version   Last update   Result
AVG   7.5.0.476   2007.08.12   -
AhnLab-V3   2007.8.9.2   2007.08.10   -
AntiVir   7.4.0.60   2007.08.12   -
Authentium   4.93.8   2007.08.11   -
Avast   4.7.1029.0   2007.08.12   -
BitDefender   7.2   2007.08.12   -
CAT-QuickHeal   9.00   2007.08.11   -
ClamAV   0.91   2007.08.12   -
DrWeb   4.33   2007.08.12   -
Ewido   4.0   2007.08.12   -
F-Prot   4.3.2.48   2007.08.10   -
F-Secure   6.70.13030.0   2007.08.12   -
FileAdvisor   1   2007.08.12   -
Fortinet   2.91.0.0   2007.08.12   -
Ikarus   T3.1.1.12   2007.08.12   -
Kaspersky   4.0.2.24   2007.08.12   -
McAfee   5095   2007.08.10   -
Microsoft   1.2704   2007.08.12   -
NOD32v2   2454   2007.08.12   -
Norman   5.80.02   2007.08.10   -
Panda   9.0.0.4   2007.08.12   -
Prevx1   V2   2007.08.12   -
Rising   19.35.62.00   2007.08.12   -
Sophos   4.20.0   2007.08.12   -
Sunbelt   2.2.907.0   2007.08.11   -
Symantec   10   2007.08.12   -
TheHacker   6.1.7.167   2007.08.12   -
VBA32   3.12.2.2   2007.08.11   -
VirusBuster   4.3.26:9   2007.08.12   -
Webwasher-Gateway   6.0.1   2007.08.12   -
eSafe   7.0.15.0   2007.08.10   -
eTrust-Vet   31.1.5050   2007.08.11   -
Additional information
File size:    16004 bytes
MD5:    61b8388cb718f5888f63e506707cf58f
SHA1:    d57434e6f782fcb59dba0160af404a0455848cd4

Tips and tricks:

    * Deprecated! See the command line options on how to redirect the output. You should always redirect the output to a logfile. Status messages are not influenced by the redirection because they are written to the standard error console.
    * You should use the -v option, unless you are very patient, because scanning of the files can take a long time.
    * If you need to use a proxy, you can set this from the environment variables by doing export http_proxy=http://localhost:8080/ under Linux or the equivalent set http_proxy=http://localhost:8080/ under Windows

Warning: this uploader is based undocumented interfaces in VirusTotal. Although I have their permission to create this software, there is no express guarantee on their part that the interfaces will remain the same. In case they change, this script may (and most probably will) break and I can't make any guarantees on the time it will take me to repair it. Please see the official methods for sending files to have a guaranteed delivery.

Update: added long option, the possibility to directly specify the file where the output should be saved and a summary which gives the detection count both as raw numbers and as percentage.

Download it here

PS. Here are some alternative services in the same venue, if VT is unavailable for some reason:

    * virusscan.jotti.org - similar, but sadly it's almost constantly at peak utilization, and because of this, rather slow
    * VirScan.org - a new service from China (I think) with some broken English here and there, but seems to work fine (I also like the fact that archives can be submitted)
    * scanner.virus.org - with a spartan interface and slightly outdated virus definitons sometimes

Posted by cdman83 at 11:31 PM
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #1 on: March 04, 2009, 03:27:17 AM »
Jhaddix,

thanks for the link, perfect timing as I spent most of last night working on a similar script Cheesy. Definitely worth a closer look, cheers

RR
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.074 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.