Updated VirusTotal GitHub action

This new workflow will create a zip file of all of the repository data and upload them to VirusTotal. it will also upload any assets from the latest release and upload them to VirusTotal as well.
HotCakeX · Oct 13, 2024 · 8ed5536 · 8ed5536
1 parent 8e3c616
commit 8ed5536
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 79 deletions.
diff --git a/.github/Workflowstuff/VirusTotal.ps1 b/.github/Workflowstuff/VirusTotal.ps1
@@ -1,97 +1,82 @@
-if ( Get-Module -ListAvailable 'VirusTotalAnalyzer') {
+# Import the VirusTotalAnalyzer module
+if (Get-Module -ListAvailable 'VirusTotalAnalyzer') {
     Import-Module VirusTotalAnalyzer -Force
-}
-else {
+} else {
     Install-Module -Name VirusTotalAnalyzer -AllowClobber -Force -Scope CurrentUser
     Import-Module VirusTotalAnalyzer -Force
 }
 
+# VirusTotal API Key
 $VTApi = $env:VTAPIsecret
 
-# Submit
-$Output = New-VirusScan -ApiKey $VTApi -File '.\Harden-Windows-Security Module\Main files\Resources\Security-Baselines-X.zip'
+# Submit the ZIP of the repository to VirusTotal
+$repoZip = ".\repository.zip"
+$Output = New-VirusScan -ApiKey $VTApi -File $repoZip
 
-# Wait
+# Wait for the result of the repository ZIP scan
 Do {
     $OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id
     if ($OutputScan.data.attributes.status -eq 'queued') {
         Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray
         Start-Sleep 10
     }
-}
-until($OutputScan.data.attributes.status -eq 'completed')
+} until ($OutputScan.data.attributes.status -eq 'completed')
 
-# Result
-Write-Host 'Analyze completed' -ForegroundColor DarkMagenta
+# Print results for the repository ZIP
+Write-Host 'Repository ZIP analysis completed' -ForegroundColor DarkMagenta
 if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) {
     Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-            $OutputScan.meta.file_info.sha256, `
-            $OutputScan.data.attributes.stats.undetected, `
-            $OutputScan.data.attributes.stats.suspicious, `
-            $OutputScan.data.attributes.stats.malicious,
+        $OutputScan.meta.file_info.sha256, 
+        $OutputScan.data.attributes.stats.undetected,
+        $OutputScan.data.attributes.stats.suspicious,
+        $OutputScan.data.attributes.stats.malicious,
         "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
     ) -ForegroundColor Red
-
-}
-else {
+} else {
     Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-            $OutputScan.meta.file_info.sha256, `
-            $OutputScan.data.attributes.stats.undetected, `
-            $OutputScan.data.attributes.stats.suspicious, `
-            $OutputScan.data.attributes.stats.malicious,
+        $OutputScan.meta.file_info.sha256, 
+        $OutputScan.data.attributes.stats.undetected,
+        $OutputScan.data.attributes.stats.suspicious,
+        $OutputScan.data.attributes.stats.malicious,
         "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
     ) -ForegroundColor Green
-
 }
 
-$SecurityBaselinesXvar = "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
+# Submit each release file in the release_assets folder
+$releaseFiles = Get-ChildItem -Path './release_assets' -File
 
-# Submit
-$Output = New-VirusScan -ApiKey $VTApi -File '.\Harden-Windows-Security Module\Main files\Resources\EventViewerCustomViews.zip'
+foreach ($file in $releaseFiles) {
+    # Submit each file to VirusTotal
+    $Output = New-VirusScan -ApiKey $VTApi -File $file.FullName
 
-# Wait
-Do {
-    $OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id
-    if ($OutputScan.data.attributes.status -eq 'queued') {
-        Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray
-        Start-Sleep 10
-    }
-}
-until($OutputScan.data.attributes.status -eq 'completed')
+    # Wait for the result of each file scan
+    Do {
+        $OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id
+        if ($OutputScan.data.attributes.status -eq 'queued') {
+            Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray
+            Start-Sleep 10
+        }
+    } until ($OutputScan.data.attributes.status -eq 'completed')
 
-# Result
-Write-Host 'Analyze completed' -ForegroundColor DarkMagenta
-if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) {
-    Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-            $OutputScan.meta.file_info.sha256, `
-            $OutputScan.data.attributes.stats.undetected, `
-            $OutputScan.data.attributes.stats.suspicious, `
+    # Print results for each release file
+    Write-Host 'Analyze completed' -ForegroundColor DarkMagenta
+    if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) {
+        Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f `
+            $file.Name,
+            $OutputScan.meta.file_info.sha256, 
+            $OutputScan.data.attributes.stats.undetected,
+            $OutputScan.data.attributes.stats.suspicious,
             $OutputScan.data.attributes.stats.malicious,
-        "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-    ) -ForegroundColor Red
-}
-else {
-    Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f `
-            $OutputScan.meta.file_info.sha256, `
-            $OutputScan.data.attributes.stats.undetected, `
-            $OutputScan.data.attributes.stats.suspicious, `
+            "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
+        ) -ForegroundColor Red
+    } else {
+        Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f `
+            $file.Name,
+            $OutputScan.meta.file_info.sha256, 
+            $OutputScan.data.attributes.stats.undetected,
+            $OutputScan.data.attributes.stats.suspicious,
             $OutputScan.data.attributes.stats.malicious,
-        "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-    ) -ForegroundColor Green
+            "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
+        ) -ForegroundColor Green
+    }
 }
-
-$EventViewerCustomViewsvar = "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)"
-
-$SecurityBaselinesXVT = "<a href='$SecurityBaselinesXvar'>Virus Total scan results of Security-Baselines-X.zip</a>"
-$EventViewerCustomViewsVT = "<a href='$($EventViewerCustomViewsvar)'>Virus Total scan results of EventViewerCustomViews.zip</a>"
-$readme = Get-Content -Raw -Path 'README.md'
-$readme = $readme -replace '(?s)(?<=<!-- Security-Baselines-X-VT:START -->).*(?=<!-- Security-Baselines-X-VT:END -->)', $SecurityBaselinesXVT
-$readme = $readme -replace '(?s)(?<=<!-- EventViewer-CustomViews-VT:START -->).*(?=<!-- EventViewer-CustomViews-VT:END -->)', $EventViewerCustomViewsVT
-Set-Content -Path 'README.md' -Value $readme.TrimEnd() -Force
-
-# Committing the changes back to the repository
-git config --global user.email '[email protected]'
-git config --global user.name 'HotCakeX'
-git add 'README.md'
-git commit -m 'Updating VT Scan Results'
-git push
diff --git a/.github/workflows/VirusTotal.yml b/.github/workflows/VirusTotal.yml
@@ -1,23 +1,53 @@
 name: Virus Total
 on:
-  push:
-    paths:
-      - Harden-Windows-Security Module/Main files/Resources/**
-    # To filter by branches
-    branches:
-      - main
   workflow_dispatch:
 
 jobs:
-  build:
-    name: Run Script
+  run-script:
+    name: Run VirusTotal Analysis
     runs-on: windows-latest
     steps:
+      # Step to check out the repository
       - uses: actions/checkout@v4
-      - name: Script
-        env:
-          VTAPIsecret: ${{ secrets.VTAPI }}
+
+      # Step to create ZIP of the repository
+      - name: Create Repository Zip
+        shell: pwsh
+        run: |
+          Compress-Archive -Path '*' -DestinationPath 'repository.zip'
+          Write-Host "Repository ZIP created."
+
+      # Step to fetch the latest release and download attached files to a separate folder
+      - name: Fetch Latest Release Files
+        id: get_release_files
         shell: pwsh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # GitHub API access token
         run: |
+          New-Item -Path './release_assets' -ItemType Directory  # Create folder for release assets
+          
+          # Get latest release information from GitHub API
+          $release = Invoke-RestMethod -Uri "https://api.github.com/repos/${{ github.repository }}/releases/latest" -Headers @{Authorization = "token $env:GITHUB_TOKEN"} -UseBasicParsing
+          
+          # Download assets if they exist
+          if ($release.assets.Count -gt 0) {
+            foreach ($asset in $release.assets) {
+              $assetUrl = $asset.browser_download_url
+              $assetName = $asset.name
+              
+              # Download each asset into the release_assets folder
+              Invoke-WebRequest -Uri $assetUrl -OutFile "./release_assets/$assetName"
+              Write-Host "Downloaded: $assetName"
+            }
+          } else {
+            Write-Host "No assets found in the latest release."
+          }
 
-            ./.github/Workflowstuff/VirusTotal
+      # Run the VirusTotal PowerShell script to upload all files
+      - name: Run VirusTotal Script
+        env:
+          VTAPIsecret: ${{ secrets.VTAPI }}  # VirusTotal API key
+        shell: pwsh
+        run: |
+          # Path to VirusTotal script (make sure the script is stored in the repository)
+          ./.github/Workflowstuff/VirusTotal.ps1