This script automates the process of checking current established network connections against VirusTotal to identify any potentially suspicious connections. Designed for Windows users utilizing WSL as their primary command-line interface, it captures network connections, processes them, and verifies them against VirusTotal.
- Captures current established network connections using
netstat. - Filters and processes the connections to extract remote IP addresses.
- Checks each IP address against VirusTotal to identify any suspicious activity.
- Compiles and runs a C++ program to handle the VirusTotal API requests.
Ensure the following dependencies are installed on your system:
curlg++libssl-devnlohmann-json-dev
First, clone the repository to the specified location:
git clone https://github.com/yourusername/VirusTotalNetstatCheck.git ~/.local/bin/Scripts/VirusTotalNetstatCheckAdd the script directory to your PATH by including the following lines in your .bashrc, .zshrc, or relevant shell configuration file:
# set PATH to include Scripts repo
if [ -d "$HOME/.local/bin/Scripts/VirusTotalNetstatCheck" ]; then
PATH="$HOME/.local/bin/Scripts/VirusTotalNetstatCheck:$PATH"
fiAfter adding the above lines, reload your shell configuration:
source ~/.bashrc # or source ~/.zshrcYou need to create an account with VirusTotal to receive an API key.
Create a file named apikey.txt in the same directory (~/.local/bin/Scripts/VirusTotalNetstatCheck) and place your VirusTotal API key in it. Ensure the file contains nothing but the API key.
To run the script, navigate to the project directory and execute the script:
cd ~/.local/bin/Scripts/VirusTotalNetstatCheck
./virusTotalNetstatCheckIf you successfully added the script to your $PATH, you can run the script using its name as a global command. Since the name is long, you can also create an alias to shorten it for convenience:
alias vtcheck='virusTotalNetstatCheck'Add this line to your .bashrc or .zshrc file to make the alias persistent:
echo "alias vtcheck='virusTotalNetstatCheck'" >> ~/.bash_aliases # or ~/.zshrc ~/.bashrc
source ~/.bash_aliases # or source ~/.zshrc ~/.bashrcNow you can run the script using the vtcheck command.
-
Capturing Network Connections:
- The script uses PowerShell to capture the current established network connections and saves the output to
NetstatRawOutput.txt.
- The script uses PowerShell to capture the current established network connections and saves the output to
-
Processing Connections:
- It processes the output to filter for established connections and extracts remote IP addresses, saving them to
target-ip.txt.
- It processes the output to filter for established connections and extracts remote IP addresses, saving them to
-
VirusTotal Check:
- The C++ program
vt-ip-analyzeris compiled (if not already compiled) and executed to check each IP address against VirusTotal for any suspicious activity.
- The C++ program
MIT_LICENSE
I will not be maintaining this project. I put it together quickly, and I am aware there is room for improvement. If you enhance it, please let me know so I can consider forking your version.