Skip to content
/ RealGoVetter Public

Simple GUI tool to do reputation checks on bulk lists of IOCs by utilizing the VirusTotal API.

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

grepstrength/RealGoVetter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
test_file
test_file
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

RealGoVetter

RealGoVetter

  • Is a questionable IOC feed becoming synonymous with "false positive"?
  • Are you analyzing a threat actor that spent as much time registering domains as they did collecting ransoms?
  • Did the SOC send you a request to review IPs from seemingly half the internet?

Look no further!

This is a simple portable GUI Windows program designed to leverage the VirusTotal API to do reputation checks on files, domains, IPs, and URLs in BULK. You are only limited by your VirusTotal account's API quota. This is sizeable even with a free account.

Features

  • Runs as a portable Windows executable without dependencies
  • Has a simple GUI interface
  • Accepts .CSV or .TXT files containing IOCs
  • Evaluates multiple types of IOCs:
    • File Hashes
    • Domains
    • IP Addresses
    • URLs
  • API key storage
  • CSV output with detailed analysis results

Full Bulk IOC Vetting Process

vettingIOCs

Example Output

exampleoutput

Saving VirusTotal API Key

API

Requirements

  • x64 Windows
  • VirusTotal API key (you need at least a free account to access the VirusTotal API)

Installation

  1. Download the latest release.
  2. Run the executable.
  3. Enter your VirusTotal API key.
  4. Start analyzing IOCs.

The test file used in the gifs above was added to this repo under the "test_file" directory. They were randomly selected IOCs from multiple recent Palo Alto Unit 42 articles.

Build From Source

You will need Go v1.23.4 installed.

go install github.com/grepstrength/RealGoVetter@latest

Or:

git clone https://github.com/grepstrength/RealGoVetter.git
cd RealGoVetter
go build main.go

Usage

  1. Launch RealGoVetter.
  2. Enter your VirusTotal API key.
    • You can optionally save it with the "Save API Key" option.
  3. Click "Select IOC File" to choose your input file. The analysis begins as soon as you select the input file.
  4. Wait for the analysis to complete.
  5. Results will be saved as a .CSV file in the same directory as RealGoVetter.

Configuration

  • The API key will be stored in: C:\Users\<USERNAME>\AppData\Roaming\RealGoVetter\config.dat
  • Output files are saved in the following format in the same directory as the main .EXE: results_YYYYMMDDHHMMSS.csv

Limitations

  • This only works with VirusTotal API keys.
    • There are currently no plans to offer support for more API keys.
    • This also means that if you're using a free VT account, you are limited to:
      • 4 lookups / min
      • 500 lookups / day
      • 15.5 K lookups / month
  • This only takes .CSV and .TXT files.
  • There is currently no way to process defanged network IOCs.
    • They will return as "Not Found" in the output .CSV file.

Future Plans & Improvements

  • Linux support
  • Greater input file support
  • Support for analyzing defanged network IOCs

About

Simple GUI tool to do reputation checks on bulk lists of IOCs by utilizing the VirusTotal API.

Topics

ioc cybersecurity cti virustotal-search cyber-security virustotal security-automation indicators-of-compromise cyber-threat-intelligence cti-application virustotal-api indicator-of-compromise virustotal-api-integration

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.1 Latest
Dec 26, 2024

Packages

No packages published

Languages