nem.ec

Programming Information Security Recipes Personal Code Snippets

Look up a user on VirusTotal

A bash function to look up a user on VirusTotal and find the First Name, Last Name, Reputation, Status, and Registration Date of the user if the data is filled in.

h/t to this tweet from @GONZOs_int for the method.

(Note: working as of 2020/12/04. May stop working at any time.)

lookup_vt_user() {
    USERNAME="$1";
    curl "https://www.virustotal.com/ui/users/$USERNAME" \
        -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Firefox' \
        -H 'X-Tool: vt-ui-main' \
        -H "X-VT-Anti-Abuse-Header: abc" \
        -H 'Accept-Ianguage: en-US,en;q=0.9,es;q=0.8';
}

Usage:

lookup_vt_user test

Output

{
    "data": {
        "attributes": {
            "first_name": "",
            "last_name": "",
            "profile_phrase": "",
            "reputation": 1,
            "status": "active",
            "user_since": 1281919280
        },
        "id": "test",
        "links": {
            "self": "https://www.virustotal.com/ui/users/test"
        },
        "type": "user"
    }
}
Copied!

Use your own input

If you have values you'd like to use instead of the provided variables, type or paste your data into the variable inputs below. If Javascript is enabled, your text will automatically be added to the command and you can click to copy.

Dan Nemec
dan[]nem.ec

Github

Twitter