checkVT sends the selected URL through a parsing process, then to VirusTotal to check if it has been analyzed for malware.
checkVT (check VirusTotal) is an open source project developed by Emyll Almonte for an independent research class supervised by Dr. Vaibhav Anu (Assistant Professor, Department of Computer Science), Montclair State University.
checkVT is a simple web browser extension that takes a selected URL via context-menu and submits it directly to be checked against all engines on VirusTotal with an added feature. VirusTotal is a free service that uses over 70 antivirus scanners and URL/domain blacklisting services to analyze suspicious files and URLs to detect types of malware. The feature checkVT incorporates is a process that tries to find the effective URL (redirect) if it exists on the URL that was submitted, and sends that URL to VirusTotal instead of the URL that was selected. This extra step helps users see the VirusTotal results for the URL/domain that they would have ended up at, as opposed to the original link they clicked on. URL redirection is a major phishing method that attackers use to masquerade as legitimate websites.
For more info and to see the open source code, please visit the GitHub repo: https://github.com/ealmonte32/checkVT
- Minor improvements to reduce lines of code
- Minor URL encoding fixes
- Popup localhost line fix
- URLs are now submitted in full form of 'scheme' (http/https) + 'host' + 'path'
- URLs being submitted in full rather than 'scheme' + 'host' being checked for previous analyzation provides a greater form of protection by returning a wider range of results
- Unlike previous versions where it just said "Item-Not-Found" for URLs that had not been analyzed, your never-before submitted URL is now automatically sent to be analyzed
- Added checkVT URL search field directly onto add-on/extension popup for quick access
- Improved URL cleaning of whitespace
- New logo
- Initial public release
- Improved URL decoding
- Added google search result filtering to send the "url=" and not "google.com"
- Improved detection of a link or a text-based URL when both were selected
- Initial beta release
- Added option for curl to respect GET requests when following 301, 302, and 303 redirections
- Added HTTP user agent header to processing because some servers act different if the user agent is not supplied
- Added all encoding option to send gzip, deflate, etc on request
- Added parsing of URL scheme