Wednesday, July 18, 2007

Linux: cURL Tutorial and Virustotal uploader (for Linux)

A brief tutorial about cURL, an application that helps you download the source of a website - the very same tutorial which helped me make a bash script to upload suspicious files to Virustotal.

First of all, to use curl you have to install it, if you're using Ubuntu or a Debian-based distribution, try the following (Applications > Accessories > Terminal):
sudo apt-get install curl
You'll have to know the root password (Ubuntu users: the same password with the one you login). Now that you have it, try:
curl --help
Cool, now read the tutorial, you'll need some HTML knowledge for starters and some basic logic to get around in deciding what to use where. I'm not going to explain that, as that's a big chapter to enter :(

On to the Virustotal file uploader; Most of you won't need to upload suspicious windows executables (programs), since you're already enjoying a taste of free software by using a Linux distribution. I must say that the webmaster has pointed me to the wrong direction, using python and the email way to post the file... Well this was a bit more productive - you'll need packages grep and sed installed:
#!/bin/bash
#Released under CC-by: http://creativecommons.org/licenses/by/3.0/
curl --progress-bar -F archivo="@$*" -F enviar=true -F distribuir=1 http://www.virustotal.com/vt/en/recepcionf | grep -i "href" | sed -e 's/.*href="\([^"]*\)".*/Results at: \1/'
Nice? I'm using Regular Expressions (regex) to alter the output and get a clickable link. Here's the script, all zipped up, chmod'ed and ready to be fired up: Download here

Put/unzip the file in your home directory. Usage? Piece of cake (mmm... cheese cake):
~/uploadatvirustotal file.exe
Check out the screenshot to get a sample output.

1 comment:

Anonymous said...

just what I needed to upload a suspicious file. didn't want it anywhere near my windows box. Unfortunately, the clickable link to view the results no longer works, but it was easy enough to access once I hashed the file and searched with the result.