clarencesubia/virus_total_plus_otx_intel

Script for scanning URL using VirusTotal. This will assist you in basic analysis of your malwares and quick check of suspected malicious domains.

Virustotal / OTX URL, IP, and Hash Analysis through API

Author: Clarence R. Subia

Prerequisites

sudo apt install ansible-vault
pip3 install -r requirements.txt

Setup your API key

• Encrypting your API token key using ansible-vault

ansible-vault create secrets.yml

YAML Format:
---
api_key: "YOUR_VT_TOKEN_HERE"
otx_key: "YOUR_OTX_KEY_HERE"

Usage:

• URL / IP Scanning

python3 vt_lookup.py --url <DOMAIN NAME / URL>
python3 vt_lookup.py --ip <IP>

• Hash Scanning

python3 vt_lookup.py --hash <HASH_VALUE | SHA256 | SHA1 | MD5>

• Print out comments on hash

python3 vt_lookup.py --hash <HASH_VALUE | SHA256 | SHA1 | MD5> --hash-comments

• Dump indicators from OTX

python3 vt_lookup.py --hash <HASH_VALUE | SHA256 | SHA1 | MD5> --dump-indicators

References:

• VirusTotal API Reference
• Commit History Cleanup
• Ansible Vault