ripVT: Maltego Canari transforms for Virus Total private API
ripVT
Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees.
Installation
- Requires Canari, specifically this branch/version
- Install Malformity
- git clone https://github.com/matonis/ripVT.git
sudo python setup.py install
canari create-profile ripVT
- Import generated ripVT.mtz
- Import entities stored at:
src/ripVT/resources/external/entities.mtz
- Copy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
- Pivot
Pivots
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
- Generic Search
- Behavioral
- Engines
- ITW
Generic
- Hash -> Download to Repository
Hash -> VT File Report ->
- Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
- Imphash
- Cert / Certs
- Compile Time
- Detections
- Exports / Imports
- File Names
- In-The-Wild (ITW) Locations
- Parents (Dropped / Created By)
- PE Resources
- PE Sections
- SSDEEP
- Similar-To
Domain -> VT Domain Report ->
- Undetected/Detected Communicating Samples
- Undetected/Detected Domain-Embedding Samples
- Undetected/Detected Domain-Downloaded Samples
- PCAP
- Domain Resolutions
- Siblings
- Subdomains
- Detected URLs
IP Address -> VT IP Report
- Undetected/Detected Communicating Samples
- Undetected/Detected Domain-Embedding Samples
- Undetected/Detected Domain-Downloaded Samples
- PCAP
- Domain Resolutions
- Siblings
- Subdomains
- Detected URLs
Detections ->
- Search Detection Name (Engine Included)
- Search Detection Name (No Engine
Cuckoo -> (Report ID)
- Report -> Network
Copyright (c) 2019 Michael Matonis (ma-toe-nis)
Source: https://github.com/matonis/