-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This new workflow will create a zip file of all of the repository data and upload them to VirusTotal. it will also upload any assets from the latest release and upload them to VirusTotal as well.
- Loading branch information
Showing
2 changed files
with
94 additions
and
79 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,97 +1,82 @@ | ||
if ( Get-Module -ListAvailable 'VirusTotalAnalyzer') { | ||
# Import the VirusTotalAnalyzer module | ||
if (Get-Module -ListAvailable 'VirusTotalAnalyzer') { | ||
Import-Module VirusTotalAnalyzer -Force | ||
} | ||
else { | ||
} else { | ||
Install-Module -Name VirusTotalAnalyzer -AllowClobber -Force -Scope CurrentUser | ||
Import-Module VirusTotalAnalyzer -Force | ||
} | ||
|
||
# VirusTotal API Key | ||
$VTApi = $env:VTAPIsecret | ||
|
||
# Submit | ||
$Output = New-VirusScan -ApiKey $VTApi -File '.\Harden-Windows-Security Module\Main files\Resources\Security-Baselines-X.zip' | ||
# Submit the ZIP of the repository to VirusTotal | ||
$repoZip = ".\repository.zip" | ||
$Output = New-VirusScan -ApiKey $VTApi -File $repoZip | ||
|
||
# Wait | ||
# Wait for the result of the repository ZIP scan | ||
Do { | ||
$OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id | ||
if ($OutputScan.data.attributes.status -eq 'queued') { | ||
Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray | ||
Start-Sleep 10 | ||
} | ||
} | ||
until($OutputScan.data.attributes.status -eq 'completed') | ||
} until ($OutputScan.data.attributes.status -eq 'completed') | ||
|
||
# Result | ||
Write-Host 'Analyze completed' -ForegroundColor DarkMagenta | ||
# Print results for the repository ZIP | ||
Write-Host 'Repository ZIP analysis completed' -ForegroundColor DarkMagenta | ||
if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) { | ||
Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f ` | ||
$OutputScan.meta.file_info.sha256, ` | ||
$OutputScan.data.attributes.stats.undetected, ` | ||
$OutputScan.data.attributes.stats.suspicious, ` | ||
$OutputScan.data.attributes.stats.malicious, | ||
$OutputScan.meta.file_info.sha256, | ||
$OutputScan.data.attributes.stats.undetected, | ||
$OutputScan.data.attributes.stats.suspicious, | ||
$OutputScan.data.attributes.stats.malicious, | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Red | ||
|
||
} | ||
else { | ||
} else { | ||
Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f ` | ||
$OutputScan.meta.file_info.sha256, ` | ||
$OutputScan.data.attributes.stats.undetected, ` | ||
$OutputScan.data.attributes.stats.suspicious, ` | ||
$OutputScan.data.attributes.stats.malicious, | ||
$OutputScan.meta.file_info.sha256, | ||
$OutputScan.data.attributes.stats.undetected, | ||
$OutputScan.data.attributes.stats.suspicious, | ||
$OutputScan.data.attributes.stats.malicious, | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Green | ||
|
||
} | ||
|
||
$SecurityBaselinesXvar = "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
# Submit each release file in the release_assets folder | ||
$releaseFiles = Get-ChildItem -Path './release_assets' -File | ||
|
||
# Submit | ||
$Output = New-VirusScan -ApiKey $VTApi -File '.\Harden-Windows-Security Module\Main files\Resources\EventViewerCustomViews.zip' | ||
foreach ($file in $releaseFiles) { | ||
# Submit each file to VirusTotal | ||
$Output = New-VirusScan -ApiKey $VTApi -File $file.FullName | ||
|
||
# Wait | ||
Do { | ||
$OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id | ||
if ($OutputScan.data.attributes.status -eq 'queued') { | ||
Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray | ||
Start-Sleep 10 | ||
} | ||
} | ||
until($OutputScan.data.attributes.status -eq 'completed') | ||
# Wait for the result of each file scan | ||
Do { | ||
$OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id | ||
if ($OutputScan.data.attributes.status -eq 'queued') { | ||
Write-Host "Waiting... $($OutputScan.data.attributes.status)" -ForegroundColor Gray | ||
Start-Sleep 10 | ||
} | ||
} until ($OutputScan.data.attributes.status -eq 'completed') | ||
|
||
# Result | ||
Write-Host 'Analyze completed' -ForegroundColor DarkMagenta | ||
if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) { | ||
Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f ` | ||
$OutputScan.meta.file_info.sha256, ` | ||
$OutputScan.data.attributes.stats.undetected, ` | ||
$OutputScan.data.attributes.stats.suspicious, ` | ||
# Print results for each release file | ||
Write-Host 'Analyze completed' -ForegroundColor DarkMagenta | ||
if ($OutputScan.data.attributes.stats.suspicious -gt 0 -or $OutputScan.data.attributes.stats.malicious -gt 0) { | ||
Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f ` | ||
$file.Name, | ||
$OutputScan.meta.file_info.sha256, | ||
$OutputScan.data.attributes.stats.undetected, | ||
$OutputScan.data.attributes.stats.suspicious, | ||
$OutputScan.data.attributes.stats.malicious, | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Red | ||
} | ||
else { | ||
Write-Host ("sha256: {0}`nUndetected: {1}`nSuspicious: {2}`nMalicious: {3}`nURL: {4}" -f ` | ||
$OutputScan.meta.file_info.sha256, ` | ||
$OutputScan.data.attributes.stats.undetected, ` | ||
$OutputScan.data.attributes.stats.suspicious, ` | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Red | ||
} else { | ||
Write-Host ("File: {0}`nsha256: {1}`nUndetected: {2}`nSuspicious: {3}`nMalicious: {4}`nURL: {5}" -f ` | ||
$file.Name, | ||
$OutputScan.meta.file_info.sha256, | ||
$OutputScan.data.attributes.stats.undetected, | ||
$OutputScan.data.attributes.stats.suspicious, | ||
$OutputScan.data.attributes.stats.malicious, | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Green | ||
"https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
) -ForegroundColor Green | ||
} | ||
} | ||
|
||
$EventViewerCustomViewsvar = "https://www.virustotal.com/gui/file/$($OutputScan.meta.file_info.sha256)" | ||
|
||
$SecurityBaselinesXVT = "<a href='$SecurityBaselinesXvar'>Virus Total scan results of Security-Baselines-X.zip</a>" | ||
$EventViewerCustomViewsVT = "<a href='$($EventViewerCustomViewsvar)'>Virus Total scan results of EventViewerCustomViews.zip</a>" | ||
$readme = Get-Content -Raw -Path 'README.md' | ||
$readme = $readme -replace '(?s)(?<=<!-- Security-Baselines-X-VT:START -->).*(?=<!-- Security-Baselines-X-VT:END -->)', $SecurityBaselinesXVT | ||
$readme = $readme -replace '(?s)(?<=<!-- EventViewer-CustomViews-VT:START -->).*(?=<!-- EventViewer-CustomViews-VT:END -->)', $EventViewerCustomViewsVT | ||
Set-Content -Path 'README.md' -Value $readme.TrimEnd() -Force | ||
|
||
# Committing the changes back to the repository | ||
git config --global user.email '[email protected]' | ||
git config --global user.name 'HotCakeX' | ||
git add 'README.md' | ||
git commit -m 'Updating VT Scan Results' | ||
git push |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,53 @@ | ||
name: Virus Total | ||
on: | ||
push: | ||
paths: | ||
- Harden-Windows-Security Module/Main files/Resources/** | ||
# To filter by branches | ||
branches: | ||
- main | ||
workflow_dispatch: | ||
|
||
jobs: | ||
build: | ||
name: Run Script | ||
run-script: | ||
name: Run VirusTotal Analysis | ||
runs-on: windows-latest | ||
steps: | ||
# Step to check out the repository | ||
- uses: actions/checkout@v4 | ||
- name: Script | ||
env: | ||
VTAPIsecret: ${{ secrets.VTAPI }} | ||
|
||
# Step to create ZIP of the repository | ||
- name: Create Repository Zip | ||
shell: pwsh | ||
run: | | ||
Compress-Archive -Path '*' -DestinationPath 'repository.zip' | ||
Write-Host "Repository ZIP created." | ||
# Step to fetch the latest release and download attached files to a separate folder | ||
- name: Fetch Latest Release Files | ||
id: get_release_files | ||
shell: pwsh | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub API access token | ||
run: | | ||
New-Item -Path './release_assets' -ItemType Directory # Create folder for release assets | ||
# Get latest release information from GitHub API | ||
$release = Invoke-RestMethod -Uri "https://api.github.com/repos/${{ github.repository }}/releases/latest" -Headers @{Authorization = "token $env:GITHUB_TOKEN"} -UseBasicParsing | ||
# Download assets if they exist | ||
if ($release.assets.Count -gt 0) { | ||
foreach ($asset in $release.assets) { | ||
$assetUrl = $asset.browser_download_url | ||
$assetName = $asset.name | ||
# Download each asset into the release_assets folder | ||
Invoke-WebRequest -Uri $assetUrl -OutFile "./release_assets/$assetName" | ||
Write-Host "Downloaded: $assetName" | ||
} | ||
} else { | ||
Write-Host "No assets found in the latest release." | ||
} | ||
./.github/Workflowstuff/VirusTotal | ||
# Run the VirusTotal PowerShell script to upload all files | ||
- name: Run VirusTotal Script | ||
env: | ||
VTAPIsecret: ${{ secrets.VTAPI }} # VirusTotal API key | ||
shell: pwsh | ||
run: | | ||
# Path to VirusTotal script (make sure the script is stored in the repository) | ||
./.github/Workflowstuff/VirusTotal.ps1 |