ripVT is a Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees. No jokes in this repo. It’s as serious as you are.

Installation

1. Requires Canari, specifically this branch/version
2. Install Malformity

sudo python setup.py install
canari create-profile ripVT

1. Import generated ripVT.mtz
2. Import entities stored at:

src/ripVT/resources/external/entities.mtz

1. Copy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
2. Pivot

Pivots

Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.

Also Read – PhoneSploit : Using Open ADB Ports We Can Exploit A Android Device

Search (Phrase Entity) ->

• Generic Search
• Behavioral
• Engines
• ITW

Generic

• Hash -> Download to Repository

Hash -> VT File Report ->

• Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
• Imphash
• Cert / Certs
• Compile Time
• Detections
• Exports / Imports
• File Names
• In-The-Wild (ITW) Locations
• Parents (Dropped / Created By)
• PE Resources
• PE Sections
• SSDEEP
• Similar-To

Domain -> VT Domain Report ->

• Undetected/Detected Communicating Samples
• Undetected/Detected Domain-Embedding Samples
• Undetected/Detected Domain-Downloaded Samples
• PCAP
• Domain Resolutions
• Siblings
• Subdomains
• Detected URLs

IP Address -> VT IP Report

• Undetected/Detected Communicating Samples
• Undetected/Detected Domain-Embedding Samples
• Undetected/Detected Domain-Downloaded Samples
• PCAP
• Domain Resolutions
• Siblings
• Subdomains
• Detected URLs

Detections ->

• Search Detection Name (Engine Included)
• Search Detection Name (No Engine

Cuckoo -> (Report ID)

• Report -> Network