🛠 Telegram bot for VirusTotal monitoring
We're publishing another Open-Source tool that we use ourselves and want to share with everyone. This time it's a Telegram bot for monitoring domains and IP addresses in VirusTotal databases.
Overview
Even in the early stages, we faced the use of our platform by scammers. They distribute malware, send spam, publish phishing sites, and engage in other misconduct. Therefore, we implemented quite a lot of tools for analysis and early detection of such violations. But this doesn't provide 100% protection - sometimes tunnel nodes still end up in antivirus databases, and here our task is to learn about this as quickly as possible, block the violator, and promptly contact the antivirus company to remove our domains, subdomains, and IP addresses from quarantine databases.
Fortunately, there's such a wonderful resource as VirusTotal - essentially an aggregator. In it, you can check a resource (domain, IP, file) for presence in any antivirus databases. Everything is very simple and visual, looks something like this:
VirusTotal has a public API, also a CLI utility, ready-made clients for some languages, and if you register and get an API Key, you can automate everything quite well, which will allow you to learn about presence in databases as quickly as possible. Which is what we did. But keep in mind that the free tier has some limitations on the number of requests, but for a dozen domains/IPs it will definitely be enough.
How to use?
In the repository you'll find binary builds and docker images for deployment, as well as configuration instructions. We'll be happy to receive feedback and merge requests.
Leave feedback
If you enjoy using Tuna, or on the contrary you are not happy with something, please leave feedback.
Help
We value our users and carefully review every request. If you have any problems with tuna, please contact us in one of the following ways: