Script to analyze macOS executable(s) with VirusTotal (unfinished)

vtscan.sh

#!/usr/bin/env bash
# Script to analyze macOS executable(s) with VirusTotal.
# Requires virustotal-cli and jq to be present in PATH.
# Licensed under MIT. (c) 2023-2024 Aldo Adirajasa Fathoni.

INPUT=$@
FILELIST=filelist.txt
TMPSCAN=vtscan.txt
TMPANLYS=vtanalysis.json

TMPDIR=/tmp/vtscan-${PPID}
FILELISTPATH=${TMPDIR}/${FILELIST}
TMPSCANPATH=${TMPDIR}/${TMPSCAN}
TMPANLYSPATH=${TMPDIR}/${TMPANLYS}

BOLD="\033[1m"
RED="\033[31m"
RESET="\033[0m"

FLAGGED=()

err() {
  echo -e "${BOLD}${RED}${@}${RESET}" 2>&1
}

dirscan() {
  find "$3" -type f -exec file '{}' \; | grep Mach-O | grep -E '(executable|library)' | rev | cut -d: -f2- | rev >> "$2"
  xargs vt scan file < "$2" >> "$1"
}

filescan() {
  vt scan file "$2" >> "$1"
}

analyze() {
  rev < "$1" | cut -d\  -f1 | rev | vt analysis --format json - > "$2"
}

dirorfile() {
  if [ -d "$3" ]
  then
    dirscan "$1" "$2" "$3"
  elif [ -f "$3" ]
  then
    filescan "$1" "$3"
  else
    err "${3}: No such file of directory"
  fi
}

cleanup() {
  echo "Cleaning up."
  rm -rf "$TMPDIR"
}

trap cleanup EXIT

mkdir "$TMPDIR"

for i in $INPUT
do
  dirorfile "$TMPSCANPATH" "$FILELISTPATH" "$i"
done

if [ -f "$TMPSCANPATH" ]
then
  analyze "$TMPSCANPATH" "$TMPANLYSPATH"
else
  err "No file was scanned."
  cleanup
  exit 2
fi

for i in $(seq 0 $(($(jq '. | length' < $TMPANLYSPATH) - 1)))
do
  STATS=$(jq ".[${i}].stats" < $TMPANLYSPATH)
  MALICIOUS=$(echo $STATS | jq .malicious)
  SUSSY=$(echo $STATS | jq .suspicious)
  
  if [ -n "$MALICIOUS" ] || [ -n "$SUSSY" ]
  then
    FLAGGED+=$i
  fi
done

echo "Found ${#FLAGGED} file(s) flagged."
if [ ${#FLAGGED} -eq 0 ]
then
  cleanup
  exit
fi

for i in $FLAGGED
do
  echo "${}:"
  RESULTS=$(jq ".[${i}].results[]" < $TMPANLYSPATH | jq -s)
  
  for idx in $(seq 0 $(($(echo $RESULTS | jq '. | length') - 1)))
  do
    RESULTS=$(jq ".[${idx}].results[]" < $TMPANLYSPATH | jq -s)
    echo "\t"
    
  done
done

cleanup