I am trying to pass a url token from my dashboard search results, to VirusTotal, based on the parameters they require.
I need to pass the SHA256 value of the URL string, as well as the url string itself to Virustotal.
Here is the format needed by Virustotal and an example:
https://www.virustotal.com/gui/url/[sha256 of url]/detection?q=[url string]
Example: https://www.virustotal.com/gui/url/1a1008c3ddbeb9a1b57f0b358527a65597a00cf5fcd5b43297e1148f423dff57/detection?q=http%3A%2F%2Fbodelen.com%2Fapu.php%3Fzoneid%5C%3D1587571
In my drilldown condition I have this syntax for passing the row field value and transforming it to a sha256 value using eval statement.
Problem is the sha256() function does not appear to work, the value passed is the whole eval line?
<condition field="Url">
<eval token="sha_url_tok">sha256($row.Url$)</eval>
<link target="_blank">https://www.virustotal.com/gui/home/url/$sha_url_tok$/detection?q=$row.Url$</link>
</condition>
I have tried all these formats with no success:
sha256("\"row.Url"\")
sha256($row.Url$)
sha256("$row.Url$")
sha256('row.Url')
sha256('$row.Url$')
sha256(row.Url)
This is the output I get, where the sha256 function is passed as a whole statement along with the eval syntax, and the $row.Url$ token after the "detection?q=" is passed correctly. Only the output from sha256 function is not being processed correclty.
Output:
https://www.virustotal.com/gui/home/url/eval%20sha256(http%3A%2F%2Fbodelen.com%2Fapu.php%3Fzoneid%5C%3D1587571)/detection?q=http%3A%2F%2Fbodelen.com%2Fapu.php%3Fzoneid%5C%3D1587571
Any ides on how to get the sha256 function to work properly?
... View more