vthunting: generate report about Virus Total hunting and send it by email, slack or telegram
Virus Total Hunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be sent via email, Slack channel or Telegram. The tool can also be used in cli to get a report anytime. The default number of the result is 10 but it can be increase or decrease in the config part. This tool is only working with a Virus Total Intelligence API.
The below extract is an example of a generated report.
git clone https://github.com/fr0gger/vthunting
pip install -r requirements.txt
Then configure the config part with your API keys and info:
Get your API key from Virus Total. https://developers.virustotal.com/v3.0/reference
Email Configuration (Gmail)
To create an app you can find the documentation here: https://support.google.com/accounts/answer/185833
Slack Bot Configuration
To generate a token you need to go here and follow the step: https://api.slack.com/custom-integrations/legacy-tokens
Telegram Bot Configuration
To get a token you need to create a Telegram bot by talking to @BotFather, it will help you to configure your bot and get your token. Once you get your token visit https://api.telegram.org/bot<YOUR_TOKEN>/getUpdates to get the channel id.
Install in your system
If you want to access this script anywhere you can copy it without the extension into:
cp vthunting.py /usr/local/bin/vthunting
Configure the task scheduler with crontab
You can use crontab to run the script and receive report periodically.
Below is an example to receive the report every day at 10:15 am.
Copyright (c) 2018 Thomas Roccia