Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram

Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram - Hi friends mederc, In the article that you read this time with the title Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Configuration, Article Linux, Article Mac, Article Malware, Article Slack, Article Telegram, Article VirusTotal, Article Vthunting, we write this you can understand. Alright, happy reading.

Title : Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram
link : Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram

ALSO READ


Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram


Virus Total Hunting is a tiny tool based on the VT api version iii to run daily, weekly or monthly written report close malware hunting. The written report tin survive shipping via email, Slack channel or Telegram. The tool tin also survive used inwards cli to teach a written report anytime. The default pose out of consequence is 10 but it tin survive increase or decrease inwards the config part. This tool is exclusively working amongst a Virus Total Intelligence API.

Report Example
The below extract is an representative of generated report.
    __     _______   _   _             _   _                 \ \   / /_   _| | | | |_   _ _ __ | |_(_)_ __   __ _       \ \ / /  | |   | |_| | | | | '_ \| __| | '_ \ / _` |       \ V /   | |   |  _  | |_| | | | | |_| | | | | (_| |        \_/    |_|   |_| |_|\__,_|_| |_|\__|_|_| |_|\__, |                                                     |___/                       McAfee ATR | Thomas Roccia | @fr0gger_         Get latest hunting notification from VirusTotal   Latest written report from 2018-12-24 10:20:30.158831 ------------------------------------------------------------------------------------- Rule name: FancyBear_ComputraceAgent Match date: 2018-12-24 17:38:17 SHA256: f5157e5b8afe1f79f29c947449477d13ede3d7341699256e62966474a7ee1eb5 Tags: [apt28, fancybear_computraceagent] ------------------------------------------------------------------------------------- Rule name: Winexe_RemoteExecution Match engagement   : 2018-12-24 15:01:15 SHA256: 1e194647c05b0068c31cd443b5bcacc2dd41799e5d21a40e0c58adbad01c28c6 Tags: [winexe_remoteexecution, apt28] ------------------------------------------------------------------------------------- Rule name: hatman_compiled_python: hatman Match date: 2018-12-24 00:28:21 SHA256: 14c64fc93ae68f01989db992bf8ee47ffd33edf66223b84f3fae52f9a843a03f Tags: [triton, hatman, hatman_compiled_python] ------------------------------------------------------------------------------------- Rule name: Stuxnet_unpacked Match date: 2018-12-24 15:00:00 SHA256: 86b05279bf4930ffc0c00e4fd22c8ab9e964e8d45d39bfca42e129b95dc33481 Tags: [stuxnet, stuxnet_unpacked] ------------------------------------------------------------------------------------- Rule name: Stuxnet Match date: 2018-12-24 14:59:59 SHA256: 86b05279bf4930ffc0c00e4fd22c8ab9e964e8d45d39bfca42e129b95dc33481 Tags: [stuxnet] ---------------------------------   ---------------------------------------------------- [truncated]

Getting Started
Just download the script:
git clone https://github.com/fr0gger/vthunting
Then configure the config purpose amongst your API keys together with info:
# Virus Total API VTAPI = "<API_KEY>" number_of_result = "" # 10 past times default  # Email configuration  smtp_serv = "<SMTP_SERV>" smtp_port = "" gmail_login = "<EMAIL>" gmail_pass = "<APP_PASS>"  # overstep from APP gmail_dest = "<DEST_EMAIL>"  # Slack Bot config SLACK_BOT_TOKEN = "<API>" SLACK_CHANNEL = "<SLACK_CHANNEL>"  # Telegram Bot config TOKEN = "<API>" chat_id = "<CHAT_ID>"
Once the config is laid upward you lot tin run the file with:
python vthunting.py --help
usage: vthunting.py [OPTION]     -h, --help              Print this assist     -r, --report            Print the VT hunting written report     -s, --slack_report      Send the written report to a Slack channel     -e, --email_report      Send the written report past times electronic mail     -t, --telegram_report   Send the written report to Telegram

Prerequisites

Requirements
You showtime demand to install the requirement:
  • requests
  • slackclient
pip install -r requirements.txt

VT API
Get your API telephone commutation from Virus Total. https://developers.virustotal.com/v3.0/reference

Email Configuration (gmail)
To practise an app you lot tin notice the documentation here: https://support.google.com/accounts/answer/185833

Slack Bot Configuration
To generate a token you lot demand to teach hither together with follow the step: https://api.slack.com/custom-integrations/legacy-tokens

Telegram Bot Configuration
To teach a token you lot demand to practise a Telegram bot past times talking to @BotFather, it volition assist you lot to configure your bot together with teach your token. Once you lot teach your token view https://api.telegram.org/bot<YOUR_TOKEN>/getUpdates to teach the channel id.

Install inwards your system
If you lot desire to access to this script anywhere you lot tin re-create it without the extension into:
cp vthunting.py /usr/local/bin/vthunting

Configure the project scheduler amongst crontab
You tin utilization crontab to run the script together with have written report periodically.
crontab -e 
Below is an representative to have the written report every twenty-four hr menstruum at 10:15am.
# Example of project definition: # .---------------- infinitesimal (0 - 59) # |  .------------- hr (0 - 23) # |  |  .---------- twenty-four hr menstruum of calendar month (1 - 31) # |  |  |  .------- calendar month (1 - 12) OR jan,feb,mar,apr ... # |  |  |  |  .---- twenty-four hr menstruum of calendar week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # |  |  |  |  | # *  *  *  *  *  user ascendence to survive executed  xv 10  * * * /usr/local/bin/vthunting -r -t -e -s >> vthunt.log




Thus the article Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram

That's all the article Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Vthunting - A Tiny Script Used To Generate Study Virtually Virustotal Hunting In Addition To Ship It Past Times Email, Slack Or Telegram with the link address https://mederc.blogspot.com/2019/09/vthunting-tiny-script-used-to-generate.html

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel