[BUG] VirusTotal API Error

[xFlum3]

Describe the bug While trying to start an hash analysis via VT got this errors:

Environment details

• Operating System: Linux
• Using strelka as docker containers.

Expected behavior A clear and concise description of what you expected to happen.

Release

• Release: latest

[phutelmyer]

@xFlum3 Have you uncommented these lines and entered a valid API key?

https://github.com/target/strelka/blob/master/build/docker-compose.yaml#L92-L94

[xFlum3]

Hey @phutelmyer , Thanks for the fast response, i reintalled now the dockers with an vaild API key and uncommented all the lines related to VT and now i cannot see any errors:

When trying to use the VT API i got this errors on the web:

I doesnt using certificates on the host i am using cloudflare to get SSL.

[phutelmyer]

Looking at the logs, it looks as if you've built the image, but I don't see where its brought up again. Can you try docker-compose -f build/docker-compose.yaml up

As for your question about the cacerts - I don't actually know at the moment. I haven't tested that but once you get it running, if you see an "SSL Error" I can see if I can make it an option

[xFlum3]

Hey @phutelmyer , Please check again my comment i edited it :)

[phutelmyer]

If you are receiving You are not authorized to perform the requested operation - it means you may be using a public VirusTotal key? Unfortunately, Public API keys can not download files from VirusTotal, you need to purchase a premium service for that :(

If you're using a private API key and still getting that, let me know.

[xFlum3]

Hey @phutelmyer , Yea i am using free plan VT API, there is no option to make it scan hashes with this API ?

[phutelmyer]

Strelka downloads files from VirusTotal and unfortunately you cannot download files from VirusTotal with the free plan. You would have to find out a way to download that sample and then upload it via the Strelka UI API or drag and drop it in.

If theres another option though, I'm open to adding it.

[xFlum3]

Hey @phutelmyer , As I remember I previously used the VT API with PYTHON and I remember that I could do tests with this API if the file was in the repository or not and if it was then it would give me basic information about the file, is this something that can be added and make both a PUBLIC and a PRIVATE version?

In addition, I wanted to tell you that I found a bug (not sure if it's a bug, maybe it's on purpose), but it seems that no matter which user you enter, it will work to connect to the UI, for example: Username: test, password: test

User: admin Password: admin

If it is supposed to be like this, how can I manage my users?

[phutelmyer]

You're able to query with hashes against VT and get some of the VT metadata back, but you would not be able to process that file in Strelka because it can't download. The only functionality that I could add is a quick note with some VT metadata but then say it cannot be processed by Strelka.

As for the bug, it is on purpose. Using Strelka UI in the preset docker-compose, its more of a testing environment I suppose. Right now I don't have a user administration section. If you use the LDAP support, it will only let you in if you are properly authenticated. Standing up proper local user management is currently out of scope but I can add it as a request if I find time in the future.

[xFlum3]

Hey @phutelmyer , Ok then i will just upload things to the site, for those who not using VT Private API can you made an option to hide this VT block on the UI?

About the bug, i am not using LDAP but it will be amazing if user administration section will works because i wont share it to everyone :)

[xFlum3]

BTW there is an option to make strelka UI dark mode or make changes on frontend side like editing the html and css ?

[xFlum3]

@phutelmyer

[phutelmyer]

@xFlum3

I'm not sure I'll be able to find the time for the user administration implementation. If enough people ask for it, I'll find the time to implement it, though.

As for dark mode, same as above - although I have a workaround that might be good enough. that I plan on deploying in the next week or so.

[xFlum3]

Hey @phutelmyer , Amazing waiting for next update and then i will reinstall strelka :)

[phutelmyer]

FYI @xFlum3 in the latest Strelka UI release, Dark Mode was implemented: https://github.com/target/strelka-ui/releases/tag/v2.2

[xFlum3]

Hey @phutelmyer I reinstalled strelka by this guide: But still cannot see the dark mode button, how can i solve it ?