From f4d40056c2c98b9909953505da26585e4ecaa012 Mon Sep 17 00:00:00 2001 From: "Timothy C. Quinn" Date: Thu, 17 Apr 2025 02:36:29 -0400 Subject: [PATCH 1/2] Update README.md --- README.md | 96 ++++++++++++++++++++++++------------------------------- 1 file changed, 41 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 58c9eb3..aaeb047 100644 --- a/README.md +++ b/README.md @@ -28,73 +28,59 @@ options: -h, --help show this help message and exit --verbose, -v --stdin, - Read file from stdin (can use '-' also. Eg % curl https://foo.com/some_installer | vtscan - ) - --gui, -g Launch GUI. Default is CLI - --links, -L Launch links in browser --hash, -m sha1 or sha256 hash to scan - --browser BROWSER, -b BROWSER - Browser to launch for Virus Total Info or other searches ```` ### Sample output ```` -% vtscan ~/Downloads/WinSCP-6.1.2-Setup.exe +:~/Downloads$ vtscan drawio-amd64-23.1.5.deb -.: Virus Total :. - sha1 : fe8cd9dce3f82e76f5a5651c60c72e638f826ade - sha256 : 36cc31f0ab65b745f25c7e785df9e72d1c8919d35a1d7bd4ce8050c8c068b13c - Permalink : https://www.virustotal.com/gui/file/36cc31f0ab65b745f25c7e785df9e72d1c8919d35a1d7bd4ce8050c8c068b13c/details - -.: File :. - File : WinSCP-6.1.2-Setup.exe -- Path: /home/tquinn/Downloads - -.: Details :. - Creation : 2023-02-15 14:54:16 - Names : ['WinSCP-6.1.2-Setup.exe', 'target.exe (copy)', 'WinSCP-6.1.2-Setup (1).exe', 'target.exe', 'ParzaImage.exe'] - Description : Setup for WinSCP 6.1.2 (SFTP, FTP, WebDAV and SCP client) - Version : 6.1.2 - Original Name : WinSCP-6.1.2-Setup.exe - Comments : This installation was built with Inno Setup. - Magic : PE32 executable (GUI) Intel 80386, for MS Windows - Type : file - Size : 10,871kb - -.: Virus Total Summary :. - Detections : 0 out of 72 (100% pass) -~ -```` - -### Scan Installer Scripts -Several installer tools require you to curl a URL on the internet and then pipe it to bash or another engine for evaluation. This kind of feels unsafe and its best to pipe to a file and then read the file. -With vtscan, you can pipe the output and do a scan in real time: -``` -% curl -sSL https://install.python-poetry.org | vtscan - +.: File in :. + File : drawio-amd64-23.1.5.deb + Path : /home/timq/Downloads .: Virus Total :. - sha1 : 83928e644bb08a23a999fd9041b282890430be30 - sha256 : 66db5477a597b6176202ef77792076057ce50d2c5a2d2d2978c63e1f144d7b95 - Permalink : https://www.virustotal.com/gui/file/66db5477a597b6176202ef77792076057ce50d2c5a2d2d2978c63e1f144d7b95/details - -.: Stdin :. - sha256 : 66db5477a597b6176202ef77792076057ce50d2c5a2d2d2978c63e1f144d7b95 - -.: Details :. - First Submission : 2023-05-23 07:40:55 - Names : ['fucktasting.py', 'poetry.py', 'install.python-poetry.org.sh', 'install_poetry.py', 'uninstall_poetry.py'] - Magic : Python script, ASCII text executable + sha1 : 48aaadb049dba1411459d032188d0252b4780727 + sha256 : 29a4a2acacd1388bcd23692b151f34422a94966099cab31ae57ef69a1c01d3a6 + Permalink : https://www.virustotal.com/gui/file/29a4a2acacd1388bcd23692b151f34422a94966099cab31ae57ef69a1c01d3a6/details + +.: VirusTotal Details :. + First Submission : 2024-02-16 19:46:56 + Names : ['drawio-amd64-23.1.5.deb', '8af81a5d-4f2b-4ce1-aebd-e681e8124f0d', 'draw.io'] + Magic : Debian binary package (format 2.0), with control.tar.gz, data compression xz Type : file - Size : 27kb + Size : 94,021kb .: Virus Total Summary :. - Detections : 0 out of 61 (100% pass) -``` -This will give you more confidence on the file before running without having to go throught the script line by line. - - -### VTScan GUI (new) -![VTScan GUI](https://raw.githubusercontent.com/JavaScriptDude/vtscan/master/VTScan_GUI.png) + Detections : 0 out of 56 (100% pass) +                                                +   ▄▄▄▄▄▄▄     ▄ ▄    ▄   ▄  ▄ ▄ ▄▄▄ ▄▄▄▄▄▄▄    +   █ ▄▄▄ █ ▀ █▄  ▄█▀ ▀ ▀█▄ ▄ ▄▀█   ▄ █ ▄▄▄ █    +   █ ███ █ ▀ ▀██ ▄▄▄ ▀ ▄▄▀█▀▀▀▀▀█▀▄▀ █ ███ █    +   █▄▄▄▄▄█ █ ▄▀▄▀▄ ▄▀█▀▄▀▄ ▄ █▀▄▀▄ █ █▄▄▄▄▄█    +   ▄▄▄▄▄ ▄▄▄▄▀▄▀▄▄ █▄▄██▀▀ ▀▄██ ▄  █▄ ▄ ▄ ▄     +   █▀▀▄ █▄▀▀▄  ██▄▄ █ ▀ ▄█▀█ ▄▄█▄ ▀█▄██▀▀ ▄▀    +   ▀ ▄▄▄█▄▄█▄▄▄ ▀▄▄█▀▀ █▀▄▀█▄  █▄ ▀   █▀█▄▄     +   ▀▀▀▀▄█▄▄  ▀ ▀▄ █▄▀█ ▄██▀▄▀▀▄▄ ▀▀█▀▀▄█▄▀ ▀    +   ▀  ▄▀█▄▀██▀ ▀▄ █▄▄█  ▀▄  ▄▀▄ ▄▀ ▄▄▀▄ ▄▄▀     +   ▄▄ ██▄▄ ▄▄▀▀█ ▀▄▄ ▄▀█▀ ▀▀▄ ▄▄ ▀▀██▀█▀  ▀▀    +    █▄▀ █▄ ▄ ▀ ▄ ▀▄  ▄▀ █▀█ ▄█▀▀▄  ▀ ▀█▀█▄█▀    +   █▄█ ▀▄▄  ▀█▄▄ ▀▀▀▀▄▄▀█ ▀ █▄▄█ █▀█▀█ █▀  ▀    +    ▀▄█ ▄▄█▄▀▄█ ▄▀ █▄▀█▀▀▀ ▄▄██ ▄  ▄▀▀▄▀▄▄█▄    +   ▄▀█▀ ▄▄▀ █▀▀▀██▄ █▀▀█ █▀▀  ▄█▄▀▀▀▄▀█▀▄▄▄▀    +   █▄▄▀▀ ▄ █▄ ▀▀▀▄▄▄▀▀ ▄▄▄ ▄▄▀ █▄█▀▄  █ ▄▄█▀    +   █ ▀▄ ▀▄▀ ▀  ▀ ▄█▄▄█ ▄▀ ▀▄▄█▄▄▀ ▀▄▀▀ ▀▄▀▀▀    +   █  ▀█ ▄▄  █ ▀▄▀█▄▄▀  ▀▄ ▄▄▄█ ▄█▀▄████▄▄▀▄    +   ▄▄▄▄▄▄▄ █▄█▀█ ▀▄  █▀██ ▀▄▄▄▄█▄▀██ ▄ █ █▄▀    +   █ ▄▄▄ █ ▄▀▀▀▄ ▀█▀ ▄▀ █▀▄▄▄ ▄ ▄█▀█▄▄▄█ ▄▀     +   █ ███ █ █ ▄▄▄ ▀▀▀▄▄▄▀█▀▀ ▀ ▄██ ▀▄▄▄ ▄▀▄▀▀    +   █▄▄▄▄▄█ █▀▄█▄▄█ ▀▄ █▀▀██▄▄█▀ ▄▀▀▀█▄█ ▄▄▀     +                                                +                                                +--- vtscan end --- +```` -By Scanning the QR Code on a mobile device, do a side channel validation to VirusTotal enabling you to bypass potential MITM attacks on VirusTotal data on the target machine's network. +By Scanning the QR Code on a mobile device, do a side channel validation to VirusTotal enabling you to bypass potential MiTM attacks on VirusTotal data on the target machine's network. # Alternatives From 46d4560dd344962631e623414e41e324185bc0b7 Mon Sep 17 00:00:00 2001 From: "Timothy C. Quinn" Date: Thu, 17 Apr 2025 02:38:15 -0400 Subject: [PATCH 2/2] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index aaeb047..1f45142 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ options:                                                 --- vtscan end --- ```` +Note: the QR Code above displays correctly in a terminal window and is scannable. By Scanning the QR Code on a mobile device, do a side channel validation to VirusTotal enabling you to bypass potential MiTM attacks on VirusTotal data on the target machine's network.