-
Notifications
You must be signed in to change notification settings - Fork 0
/
vt_url_scan.ps1
57 lines (35 loc) · 1.77 KB
/
vt_url_scan.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
[void][Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
$title = 'URL Scan'
$msg = 'Enter the URL you would like to scan'
$URL = [Microsoft.VisualBasic.Interaction]::InputBox($msg, $title)
#$hash_dict = Get-FileHash -InputStream ([System.IO.MemoryStream]::New([System.Text.Encoding]::ASCII.GetBytes($URL)))
#$hash = $hash_dict.Hash
#$request_url = "https://www.virustotal.com/api/v3/urls/" + $hash
$Bytes = [Text.Encoding]::UTF8.GetBytes($URL)
$s = [Convert]::ToBase64String($Bytes)
$s = $s.Split('=')[0]
$s = $s.Replace('+', '-').Replace('/','_')
$request_url = "https://www.virustotal.com/api/v3/urls/" + $s
#Write-Output $request_url
$headers = @{}
$headers.Add("Accept", "application/json")
#Insert your own API KEY below
$headers.Add("x-apikey", "")
$response = Invoke-WebRequest -Uri $request_url -Method GET -Headers $headers
$request_content = $response.Content
$request_content = $request_content | ConvertFrom-Json
$benign = [int]$request_content.data.attributes.last_analysis_stats.harmless
$malicious = [int]$request_content.data.attributes.last_analysis_stats.malicious
$last_submission_date = [timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($request_content.data.attributes.last_submission_date))
Write-Output "VirusTotal Investigation for $($URL)"
if ($malicious -le 0)
{
Write-Output "No security vendors flagged this URL as malicious"
}
else
{
Write-Output "$($malicious) security vendors flagged this domain as malicious"
}
#Write-Output "Last Analysis Statistics:`nBenign classifications - $($benign), Malicious classifications - $($malicious)"
Write-Output "$($malicious) / $($malicious+$benign)"
Write-Output "Last submission date: $($last_submission_date)"