From 76da6845195dc8a7d8e389f1ac40fb6952a3dc1f Mon Sep 17 00:00:00 2001 From: terceranexus6 Date: Thu, 18 May 2023 16:42:40 +0200 Subject: [PATCH] adding a vt report script --- VT/get_report.sh | 75 ++++++++++++++++++++++++++++++++++++++++++++++++ VT/popular_TC.sh | 5 ++++ 2 files changed, 80 insertions(+) create mode 100644 VT/get_report.sh create mode 100644 VT/popular_TC.sh diff --git a/VT/get_report.sh b/VT/get_report.sh new file mode 100644 index 0000000..7ad5958 --- /dev/null +++ b/VT/get_report.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +file_hash="$1" +file_name="$2.json" + +touch $file_name + +curl --request GET \ + --url https://www.virustotal.com/api/v3/files/$file_hash \ + --header 'x-apikey: ' >> $file_name + + oname="readable_$file_name" + touch $oname + + + +# Suggested threat label + +# Getting it parsing the raw json with jq and cleaning +# the result so it's only the label name + +raw_label=$(jq .data.attributes.popular_threat_classification.suggested_threat_label $file_name) +clean_label=${raw_label//\"} +clean_label=${clean_label//.} + +# Writing it in the readable + +echo -e "Threat label:" >> $oname +echo $clean_label >> $oname +echo -e "\n" >> $oname + +# Type tags + +# Getting it parsing the raw json with jq and cleaning +# the result so it's only the label name + +raw_tags=$(jq .data.attributes.type_tags $file_name) +cl1_tags=$(echo $raw_tags | tr \[ \( | tr \] \)) +declare -a arr=$cl1_tags + +echo "Tags:" >> $oname + +for i in "${arr[@]}"; do + final=${i//,} + echo "$final" >> $oname +done + +echo -e "\n" >> $oname + +# Meaningful name + +raw_name=$(jq .data.attributes.meaningful_name $file_name) +clean_name=${raw_name//\"} +clean_label=${clean_name//.} + +# Writing it in the readable +echo -e "Meaningful name:" >> $oname +echo $clean_name >> $oname +echo -e "\n" >> $oname + +# Imports + +raw_imports=$(jq .data.attributes.pe_info.import_list[].library_name $file_name) +cl1_imports=$(echo $raw_imports | tr \[ \( | tr \] \)) +declare -a arr2=$cl1_imports + +echo "Imports:" >> $oname + +for i in "${arr2[@]}"; do + final=${i//,} + final=${i//\"} + echo "$final" >> $oname +done + +echo -e "\n" >> $oname \ No newline at end of file diff --git a/VT/popular_TC.sh b/VT/popular_TC.sh new file mode 100644 index 0000000..80d8e47 --- /dev/null +++ b/VT/popular_TC.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +curl --request GET \ + --url https://www.virustotal.com/api/v3/popular_threat_categories \ + --header 'x-apikey: ' \ No newline at end of file -- 2.45.2