Better VirusTotal Upload

No more 3rd party module needed
HotCakeX · Oct 13, 2024 · 3e0673f · 3e0673f
1 parent 8ed5536
commit 3e0673f
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 70 deletions.
diff --git a/.github/Workflowstuff/VirusTotal.ps1 b/.github/Workflowstuff/VirusTotal.ps1
@@ -1,82 +1,109 @@
-# Import the VirusTotalAnalyzer module
-if (Get-Module -ListAvailable 'VirusTotalAnalyzer') {
-    Import-Module VirusTotalAnalyzer -Force
-} else {
-    Install-Module -Name VirusTotalAnalyzer -AllowClobber -Force -Scope CurrentUser
-    Import-Module VirusTotalAnalyzer -Force
+# Function to upload file to VirusTotal
+function Upload-FileToVirusTotal {
+    param (
+        [System.String]$FilePath,
+        [System.String]$ApiKey
+    )
+
+
+    # Headers for the VirusTotal API request
+    [System.Collections.Hashtable]$Headers = @{}
+    $Headers.Add('accept', 'application/json')
+    $Headers.Add('x-apikey', $ApiKey)
+    $Headers.Add('content-type', 'multipart/form-data')
+
+    # Prepare the file for upload
+    [System.Collections.Hashtable]$Form = @{
+        file = Get-Item $FilePath
+    }
+
+    # Check if file size is greater than 20MB (20 * 1024 * 1024 bytes)
+    if ($FileItem.Length -gt (20 * 1024 * 1024)) {
+        Write-Host 'File is larger than 20MB. Using big file upload URL.' -ForegroundColor Cyan
+        $UploadUrl = 'https://www.virustotal.com/api/v3/files/upload_url'
+    }
+    else {
+        $UploadUrl = 'https://www.virustotal.com/api/v3/files'
+    }
+
+    # Upload the file to VirusTotal
+    try {
+        $Response = Invoke-WebRequest -Uri $UploadUrl -Method Post -Headers $Headers -Form $Form
+        $Json = $Response.Content | ConvertFrom-Json
+
+        # Return the analysis ID and URL
+        return [PSCustomObject]@{
+            ID  = $Json.data.id 
+            URL = $Json.data.links.self
+        }
+    }
+    catch {
+        Write-Host "Error uploading file: $_"
+        exit 1
+    }
+}
+
+# Function to get the VirusTotal scan report
+function Get-VirusTotalReport {
+    param (
+        [System.String]$FilePath,
+        [System.String]$ApiKey
+    )
+
+    # Set headers for the report request
+    [System.Collections.Hashtable]$Headers = @{}
+    $Headers.Add('accept', 'application/json')
+    $Headers.Add('x-apikey', $ApiKey)
+
+    # Upload the file to virus total
+    $AnalysisData = Upload-FileToVirusTotal -filePath $FilePath -apiKey $ApiKey
+
+    # Fetch the report from VirusTotal
+    do {
+        $Response = Invoke-WebRequest -Uri $AnalysisData.URL -Method Get -Headers $Headers
+        $JsonResponse = $Response.Content | ConvertFrom-Json
+
+        if ($JsonResponse.data.attributes.status -eq 'queued') {
+            Write-Host "Waiting 10 more seconds. Status: $($JsonResponse.data.attributes.status)"
+            Start-Sleep 10
+        }
+    }
+    until ($JsonResponse.data.attributes.status -eq 'completed')
+
+    Write-Host "Status is now: $($JsonResponse.data.attributes.status)"
+
+    # Display detailed report
+    Write-Host -Object "Results URL: https://www.virustotal.com/gui/file/$($JsonResponse.meta.file_info.sha256)" -ForegroundColor Magenta
+
+    [System.Int32]$Undetected = $JsonResponse.data.attributes.stats.undetected
+    [System.Int32]$Suspicious = $JsonResponse.data.attributes.stats.suspicious
+    [System.Int32]$Malicious = $JsonResponse.data.attributes.stats.malicious
+
+    Write-Host -Object "Undetected Result: $Undetected" -ForegroundColor Green
+    Write-Host -Object "Suspicious Result: $Suspicious" -ForegroundColor Yellow
+    Write-Host -Object "Malicious Result: $Malicious" -ForegroundColor Red
+
+    #  $JsonResponse.meta.file_info | Format-List *
+    #  $JsonResponse.data.attributes | Format-List *
+    #  $JsonResponse.data.attributes.stats | Format-List *
+    #  $JsonResponse.data.attributes.status | Format-List *
+    #  $JsonResponse.data.attributes.results | Format-List *
+    #  $JsonResponse.data.attributes.results.Microsoft | Format-List *
+
 }
 
 # VirusTotal API Key
 $VTApi = $env:VTAPIsecret
 
 # Submit the ZIP of the repository to VirusTotal
-$repoZip = ".\repository.zip"
-$Output = New-VirusScan -ApiKey $VTApi -File $repoZip
-
-# Wait for the result of the repository ZIP scan
-Do {
-    $OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id
-    if ($OutputScan.data.attributes.status -eq 'queued') {
-        Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray
-        Start-Sleep 10
-    }
-} until ($OutputScan.data.attributes.status -eq 'completed')
-
-# Print results for the repository ZIP
-Write-Host 'Repository ZIP analysis completed' -ForegroundColor DarkMagenta
-if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) {
-    Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-        $OutputScan.meta.file_info.sha256, 
-        $OutputScan.data.attributes.stats.undetected,
-        $OutputScan.data.attributes.stats.suspicious,
-        $OutputScan.data.attributes.stats.malicious,
-        "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-    ) -ForegroundColor Red
-} else {
-    Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-        $OutputScan.meta.file_info.sha256, 
-        $OutputScan.data.attributes.stats.undetected,
-        $OutputScan.data.attributes.stats.suspicious,
-        $OutputScan.data.attributes.stats.malicious,
-        "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-    ) -ForegroundColor Green
-}
+$repoZip = '.\repository.zip'
+
+Get-VirusTotalReport -FilePath $repoZip -ApiKey $VTApi
 
 # Submit each release file in the release_assets folder
 $releaseFiles = Get-ChildItem -Path './release_assets' -File
 
 foreach ($file in $releaseFiles) {
     # Submit each file to VirusTotal
-    $Output = New-VirusScan -ApiKey $VTApi -File $file.FullName
-
-    # Wait for the result of each file scan
-    Do {
-        $OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id
-        if ($OutputScan.data.attributes.status -eq 'queued') {
-            Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray
-            Start-Sleep 10
-        }
-    } until ($OutputScan.data.attributes.status -eq 'completed')
-
-    # Print results for each release file
-    Write-Host 'Analyze completed' -ForegroundColor DarkMagenta
-    if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) {
-        Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f `
-            $file.Name,
-            $OutputScan.meta.file_info.sha256, 
-            $OutputScan.data.attributes.stats.undetected,
-            $OutputScan.data.attributes.stats.suspicious,
-            $OutputScan.data.attributes.stats.malicious,
-            "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-        ) -ForegroundColor Red
-    } else {
-        Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f `
-            $file.Name,
-            $OutputScan.meta.file_info.sha256, 
-            $OutputScan.data.attributes.stats.undetected,
-            $OutputScan.data.attributes.stats.suspicious,
-            $OutputScan.data.attributes.stats.malicious,
-            "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-        ) -ForegroundColor Green
-    }
+    Get-VirusTotalReport -FilePath $file.FullName -ApiKey $VTApi   
 }
diff --git a/.github/workflows/VirusTotal.yml b/.github/workflows/VirusTotal.yml
@@ -49,5 +49,5 @@ jobs:
           VTAPIsecret: ${{ secrets.VTAPI }}  # VirusTotal API key
         shell: pwsh
         run: |
-          # Path to VirusTotal script (make sure the script is stored in the repository)
+          # Path to VirusTotal script
           ./.github/Workflowstuff/VirusTotal.ps1