ripVT - Virus Total API Maltego Transform Set For Canari


Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees.
No jokes in this repo. It's as serious as you are.


Installation
  1. Requires Canari, specifically this branch/version
  2. Install Malformity
sudo python setup.py install
canari create-profile ripVT
  1. Import generated ripVT.mtz
  2. Import entities stored at:
src/ripVT/resources/external/entities.mtz
  1. Copy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
  2. Pivot

Pivots
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
  • Generic Search
  • Behavioral
  • Engines
  • ITW
Generic
  • Hash -> Download to Repository
Hash -> VT File Report ->
  • Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
  • Imphash
  • Cert / Certs
  • Compile Time
  • Detections
  • Exports / Imports
  • File Names
  • In-The-Wild (ITW) Locations
  • Parents (Dropped / Created By)
  • PE Resources
  • PE Sections
  • SSDEEP
  • Similar-To
Domain -> VT Domain Report ->
  • Undetected/Detected Communicating Samples
  • Undetected/Detected Domain-Embedding Samples
  • Undetected/Detected Domain-Downloaded Samples
  • PCAP
  • Domain Resolutions
  • Siblings
  • Subdomains
  • Detected URLs
IP Address -> VT IP Report
  • Undetected/Detected Communicating Samples
  • Undetected/Detected Domain-Embedding Samples
  • Undetected/Detected Domain-Downloaded Samples
  • PCAP
  • Domain Resolutions
  • Siblings
  • Subdomains
  • Detected URLs
Detections ->
  • Search Detection Name (Engine Included)
  • Search Detection Name (No Engine
Cuckoo -> (Report ID)
  • Report -> Network


Disqus Comments