vt

Documentation

Overview

Package vt provides integration with the VirusTotal API. It offers functionality to retrieve analysis results and upload files for scanning using the VirusTotal v3 API.

The package supports:

• Retrieving file analysis results by SHA256 hash
• Uploading files for scanning with progress tracking
• Parsing analysis statistics, votes, and threat classifications

Index

• func ScanFile(path string, apiKey string) error
• type AnalysisStats
• type AndroguardInfo
• type Icon
• type Info
  • func GetInfo(apiKey, hash string) (*Info, error)
• type Votes

Functions

func ScanFile

func ScanFile(path string, apiKey string) error

ScanFile uploads and scans a file on VirusTotal.

Types

type AnalysisStats

type AnalysisStats struct {
	Harmless         int64 `json:"harmless"`
	TypeUnsupported  int64 `json:"type_unsupported"`
	Suspicious       int64 `json:"suspicious"`
	ConfirmedTimeout int64 `json:"confirmed_timeout"`
	Timeout          int64 `json:"timeout"`
	Failure          int64 `json:"failure"`
	Malicious        int64 `json:"malicious"`
	Undetected       int64 `json:"undetected"`
}

AnalysisStats represents analysis statistics from VirusTotal.

type AndroguardInfo

type AndroguardInfo struct {
	Package            string      `json:"package"`
	AndroidVersionCode string      `json:"android_version_code"`
	AndroidVersionName string      `json:"android_version_name"`
	MinSdkVersion      string      `json:"min_sdk_version"`
	TargetSdkVersion   string      `json:"target_sdk_version"`
	MainActivity       string      `json:"main_activity"`
	Activities         []string    `json:"activities"`
	Services           []string    `json:"services"`
	Providers          []string    `json:"providers"`
	Receivers          []string    `json:"receivers"`
	Libraries          []string    `json:"libraries"`
	Certificate        interface{} `json:"certificate"`
	DangerPerm         []string    `json:"dangerous_permissions"`
	StringsInformation interface{} `json:"strings_information"`
}

AndroguardInfo represents Androguard analysis data from VirusTotal.

type Icon

type Icon struct {
	Md5   string `json:"md5"`
	Dhash string `json:"dhash"`
}

Icon represents icon details from VirusTotal.

type Info

type Info struct {
	URL                      string          `json:"url"`
	Names                    []string        `json:"names"`
	SubmissionDate           time.Time       `json:"submission_date"`
	TimesSubmitted           int64           `json:"times_submitted"`
	LastAnalysis             time.Time       `json:"last_analysis"`
	AnalysisStats            *AnalysisStats  `json:"analysis_stats"`
	Votes                    *Votes          `json:"votes"`
	Icon                     *Icon           `json:"icon"`
	Androguard               *AndroguardInfo `json:"androguard"`
	Tags                     []string        `json:"tags"`
	PopularThreatCategory    string          `json:"popular_threat_category"`
	PopularThreatName        string          `json:"popular_threat_name"`
	Reputation               int64           `json:"reputation"`
	TotalCrowdsourcedSigma   int64           `json:"crowdsourced_sigma_results"`
	TotalCrowdsourcedYara    int64           `json:"crowdsourced_yara_results"`
	TotalCrowdsourcedIDSHits int64           `json:"crowdsourced_ids_results"`
}

Info represents VirusTotal analysis results.

func GetInfo

func GetInfo(apiKey, hash string) (*Info, error)

GetInfo retrieves information from VirusTotal using the SHA256 hash.

type Votes

type Votes struct {
	Harmless  int64 `json:"harmless"`
	Malicious int64 `json:"malicious"`
}

Votes represents vote details from VirusTotal.