krmaxwell / maltrieve

A tool to retrieve malware directly from the source for security researchers.
GNU General Public License v3.0
563 stars 184 forks source link

Virustotal API support #77

Closed Sh4d0wS4int closed 9 years ago

Sh4d0wS4int commented 9 years ago

i think the Virustotal Api support is missing in this awesome crawler so is it worth adding ? shall i try some code to it or is it in progress ?

krmaxwell commented 9 years ago

@Sh4d0wS4int What would you like to see it do? To date, we've tried to keep Maltrieve focused as a crawler rather than analysis per se, but I'm certainly open to hearing new ideas!

Sh4d0wS4int commented 9 years ago

yeah the crawler is epic :) but what i thought is that it could be like a optional virustotal support which could store the Hashes in the HTML/DB (Json response) which could provide the ease the work of the initial static analysis just my suggestion though.

sroberts commented 9 years ago

This to me really feels like scope creep. I understand the temptation, but this seems like a great use case for some kind of secondary tool. Just my 2 cents.

Sh4d0wS4int commented 9 years ago

why i said this because we have cuckoo and others sandbox support why not virustotal after first thing people do is scan in virustotal well if you guys think it is a scope creep then it is fine with me

mlawsonis commented 9 years ago

I like the idea as a secondary function like submit to cuckoo.

Sh4d0wS4int commented 9 years ago

well there is one drawback to that public api key has a limitation regarding post Requests https://www.virustotal.com/en/documentation/public-api/

scan time too seems to be a issue

krmaxwell commented 9 years ago

Yes, I think this function is best served with an add-on script rather than in the core functionality. I'll see if I can't find a good tool to recommend in the docs here.

dray0n commented 9 years ago

The process I have with Maltrieve is to run on cron as well as submit to my cuckoo instance. Nice automated analysis. :)