VirusTotal
VirusTotal is one of the most known online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

Getting VirusTotal

    1.
    Register/Sign-in to VirusTotal
    2.
    Go to My API key
    3.
    Request a private APT key
      Do not disclose your private key to anyone that you do not trust.
      Do not embed your private in scripts or software from which it can be easily retrieved

VirusTotal gem

ruby-virustotal is VirusTotal automation and convenience tool for hash, file and URL submission.
    Install virustotal gem
    1
    gem install virustotal
    Copied!

Command line usage

You can use ruby-virustotal gem as command line tool
- Create virustotal local profile To interact with virustotal as command line tool, you have to create a profile contains you API key. The profile will get created in ~/.virustotal.
1
virustotal --create-config
Copied!
1
cat ~/.virustotal
2
virustotal:
3
api-key:
4
timeout: 10
Copied!
edit the file and add your API key
    Searching a file of hashes
    1
    virustotal -f <file_with_hashes_one_per_line>
    Copied!
    Searching a single hash
    1
    virustotal -h FD287794107630FA3116800E617466A9
    Copied!
    Searching a file of hashes and outputting to XML
    1
    virustotal -f <file_with_hashes_one_per_line> -x
    Copied!
    Upload a file to VirusTotal and wait for analysis
    1
    virustotal -u </path/to/file>
    Copied!
    Search for a single URL
    1
    virustotal -s "http://www.google.com"
    Copied!

uirusu gem

uirusu is an VirusTotal automation and convenience tool for hash, file and URL submission.
    Install uirusu gem
    1
    gem install uirusu
    Copied!
Usage is identical to virustotal gem