It’s been quite some time since we’ve released a blog, and we’re extremely excited that we can break the silence with a free community integration! VirusTotal is undoubtedly the tool that everyone uses for research and that’s why we wanted to provide an easy to use integration with the Public API. Anyone with a public API key can make use of the transforms directly from the Maltego transform hub.
If you’re familiar with the data available within the system, the transforms should be pretty familiar.
You can run queries like check detections for a given hash:
Or perhaps you want to check for observed resolutions of a given domain:
And from there, knowing what kind of URLs or other related domains have been observed would be useful:
As with normal use of the Public API, our system does enforce the 4 request per minute API limit. That should allow most queries to continue to run, but could result in some timeouts if you’ve run a large batch of requests. To minimize this, be sure to set your client timeout configuration to 0 and try to limit queries to batches of 4 or less.
We also know that there are many users of the VirusTotal Private API and we have you in mind as well! We are currently in development of a commercial transform set that can be used with the Private API to retrieve a wealth of data. If you have any special requests for transforms of interest in that set, feel free to reach out and we’ll make sure they’re included!
Enjoy!