id: api-virustotal

info:
  name: VirusTotal API Test
  author: daffainfo
  severity: info
  reference:
    - https://developers.virustotal.com/reference
    - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/VirusTotal.md
  tags: token-spray,virustotal

self-contained: true
requests:
  - raw:
      - |
        POST https://www.virustotal.com/vtapi/v2/url/scan HTTP/1.1
        Host: www.virustotal.com
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 86

        apikey={{token}}&url=google.com

    matchers:
      - type: word
        part: body
        words:
          - '"verbose_msg":'
          - '"scan_date":'
          - '"permalink":'
        condition: and