steampipe plugin install virustotalsteampipe plugin install virustotal

VirusTotal + Steampipe

VirusTotal is an Internet security, file and URL analyzer.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Get VirusTotal scan data for a local file:

select
  meaningful_name,
  reputation
from
  virustotal_file
where
  path = '/full/path/to/file'

+----------------------------------+------------+
| meaningful_name                  | reputation |
+----------------------------------+------------+
| terraform_1.0.1_darwin_amd64.zip | 0          |
+----------------------------------+------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest VirusTotal plugin:

steampipe plugin install virustotal

Credentials

Item	Description
Credentials	VirusTotal requires a free API key for all requests.
Radius	Each connection represents a single VirusTotal account.

Configuration

Installing the latest virustotal plugin will create a config file (~/.steampipe/config/virustotal.spc) with a single connection named virustotal:

connection "virustotal" {
  plugin  = "virustotal"
  api_key = "beec40da46647b5e31d5377af470c0c525fd4185fb14ed2d0b38a038718ae3bf"
}

api_key - Your VirusTotal API key.

Get involved

Open source: https://github.com/turbot/steampipe-plugin-virustotal
Community: Slack Channel

turbot/virustotal