Ejemplo n.º 1
0
  async def _process_files_from_queue(self):
    """Process files put in the queue by _get_from_feed_and_enqueue.

    This function runs in a loop until the feed reader is aborted, once aborted
    it keeps processing any file that remains in the queue.
    """
    async with vt.Client(self._apikey) as client:
      while not self._aborted or not self._queue.empty():
        file_obj = await self._queue.get()
        file_path = os.path.join(self._output_dir, file_obj.id)
        # Write a file <sha256>.json with file's metadata and another file
        # named <sha256> with the file's content.
        with open(file_path + '.json', mode='w') as f:
          f.write(json.dumps(file_obj.to_dict()))
        if self._download_files:
          # The URL for downloading the file comes as a context attribute named
          # 'download_url'.
          download_url = file_obj.context_attributes['download_url']
          response = await client.get_async(download_url)
          with open(file_path, mode='wb') as f:
            f.write(await response.read_async())
        else:
          # When not downloading files this yields the control to event loop
          # so that other coroutines haven an opportunity to run.
          await asyncio.sleep(0)
        self._queue.task_done()
        print(file_obj.id)

      task = self._worker_tasks.pop(0)
      task.done()
Ejemplo n.º 2
0
def main():

    parser = argparse.ArgumentParser(
        description=
        'Make a VirusTotal Intelligence search and prints the matching objects.'
    )

    parser.add_argument('query',
                        type=str,
                        nargs='+',
                        help='a VirusTotal Intelligence search query.')

    parser.add_argument('--apikey',
                        required=True,
                        help='your VirusTotal API key')

    parser.add_argument(
        '--limit',
        type=int,
        required=False,
        help='maximum number of objects that will be retrieved',
        default=50)

    args = parser.parse_args()

    with vt.Client(args.apikey) as client:
        it = client.iterator('/intelligence/search',
                             params={'query': ' '.join(args.query)},
                             limit=args.limit)
        for obj in it:
            print("{}:{}".format(obj.type, obj.id))
Ejemplo n.º 3
0
def main():

  parser = argparse.ArgumentParser(
      description='Get URLs from the VirusTotal feed. '
      'For each URL in the feed, print its detection ratio.')

  parser.add_argument('--apikey',
      required=True, help='your VirusTotal API key')

  parser.add_argument('--cursor',
      required=False,
      help='cursor indicating where to start')

  args = parser.parse_args()

  with vt.Client(args.apikey) as client:
    # Iterate over the URL feed, one file at a time. This loop doesn't
    # finish, when the feed is consumed it will keep waiting for more files.

    try:
      for url_obj in client.feed(vt.FeedType.URLS, cursor=args.cursor):
        # process the url_obj
        process_item(url_obj)
    except KeyboardInterrupt:
      print('\nKeyboard interrupt. Closing.')
    finally:
      client.close()
Ejemplo n.º 4
0
def main():

    parser = argparse.ArgumentParser(
        description='Get file behaviour reports from the VirusTotal feed. '
        'Print documents dropping an executable or launching a Powershell.')

    parser.add_argument('--apikey',
                        required=True,
                        help='your VirusTotal API key')

    parser.add_argument('--cursor',
                        required=False,
                        help='cursor indicating where to start')

    args = parser.parse_args()

    with vt.Client(args.apikey) as client:
        # Iterate over the file behaviour feed, one file at a time.
        # This loop doesn't finish, when the feed is consumed it will keep waiting
        # for more files.

        try:
            for behaviour_obj in client.feed(vt.FeedType.FILE_BEHAVIOURS,
                                             cursor=args.cursor):
                # process the behaviour_obj
                process_item(behaviour_obj)
        except KeyboardInterrupt:
            print('\nKeyboard interrupt. Closing.')
        finally:
            client.close()
Ejemplo n.º 5
0
    async def get_hunting_notification_files(self, search_filter, date_filter,
                                             max_files):
        """Get/Enqueue files related with a certain Hunting Ruleset.

    :param search_filter: filter for getting notifications of a specific
    ruleset.
    :param date_filter: timestamp representing the min notification date of the
    file (a.k.a the date the file was submitted into VT and captured by
    the Hunting Ruleset).
    :param max_files: Max. number of file to be retrieved/analyzed from VT.
    :type search_filter: str
    :type date_filter: int
    :type max_files: int
    """

        async with vt.Client(self.apikey) as client:
            if not isinstance(search_filter, str):
                raise ValueError('Value to filtering with must be a string')

            filter_tag = search_filter.lower()
            url = '/intelligence/hunting_notification_files?filter={}'.format(
                filter_tag)
            files = client.iterator(url, limit=max_files)
            async for f in files:
                if f.context_attributes[
                        'hunting_notification_date'] > date_filter:
                    await self.files_queue.put(f.sha256)
Ejemplo n.º 6
0
def vt_analysis(sha256):
    try:
        es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
                  id=sha256,
                  body={'doc': {
                      'vt_analysis': 1
                  }},
                  retry_on_conflict=5)
        client = vt.Client(settings.VT_API_KEY)
        file = client.get_object(f'/files/{sha256}')
        if file.last_analysis_stats:
            d = file.last_analysis_stats
            total = d['undetected'] + d['malicious']
            d['total'] = total
            es.update(index=settings.ELASTICSEARCH_APK_INDEX,
                      id=sha256,
                      body={'doc': {
                          'vt': d
                      }},
                      retry_on_conflict=5)
        es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
                  id=sha256,
                  body={'doc': {
                      'vt_analysis': 2
                  }},
                  retry_on_conflict=5)
    except Exception:
        es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
                  id=sha256,
                  body={'doc': {
                      'vt_analysis': -1
                  }},
                  retry_on_conflict=5)
        return
Ejemplo n.º 7
0
def virustotal(sample):
    print("Uploading to VirusTotal...")
    try:
        #Create API client
        client = vt.Client(api)

        #Attempt to get file from VirusTotal
        try:
            file = client.get_object("/files/" + sample.md5)
        #If can't find upload
        except:
            #Upload
            with open(sample.name, "rb") as f:
                analysis = client.scan_file(f, wait_for_completion=True)
            #Get file once uploaded
            file = client.get_object("/files/" + sample.md5)

        #Close client
        client.close()

        #Saves the results to virustotal variable
        sample.virustotal = {}
        for key in file.last_analysis_results:
            sample.virustotal[key] = file.last_analysis_results[key]
            
    #If error connector error close client
    except vt.client.aiohttp.ClientConnectorError:
        client.close()
Ejemplo n.º 8
0
    async def scan(self, ctx, *, args=None):
        await ctx.send("WIP")
        import vt

        vt_client = vt.Client(os.environ["virustotal_key"])
        used = None
        if args:
            used = True
            urls = re.findall(
                r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+",
                args,
            )
            for x in urls:
                print(x)

        if len(ctx.message.attachments) > 0:
            await ctx.send(
                "If this takes a while, it probably means it was never on Virustotal before"
            )
            used = True
        for x in ctx.message.attachments:
            analysis = await vt_client.scan_file_async(
                await x.read(), wait_for_completion=True
            )
            object_info = await vt_client.get_object_async("/analyses/{}", analysis.id)

        if used:
            await ctx.send(content="Scan completed")
        await vt_client.close_async()
Ejemplo n.º 9
0
 async def submit(self) -> SubmissionResult:
     async with vt.Client(str(VIRUSTOTAL_API_KEY)) as client:
         await client.scan_file_async(self.attachment_as_file())
         sha256 = self.attachment.hash_.sha256
         return SubmissionResult(
             reference_url=
             f"https://www.virustotal.com/gui/file/{sha256}/detection")
Ejemplo n.º 10
0
    async def get_matching_files(self, query, max_files):
        """Query intelligence for files matching the given criteria."""
        if not isinstance(query, str):
            raise ValueError('Search filter must be a string.')

        entity_match = self._SEARCH_ENTITY_REGEX.match(query.lower())
        if entity_match and entity_match.group(1) != 'file':
            raise ValueError(
                'Only file search queries are valid in this example.')

        async with vt.Client(self.apikey) as client:
            query = query.lower()
            url = '/intelligence/search'

            print('Performing VT Intelligence search...')

            files = client.iterator(url,
                                    params={'query': query},
                                    limit=max_files)
            async for matching_file in files:
                await self.files_queue.put(matching_file.sha256)

            print(
                'Search concluded, waiting on network infrastructure retrieval...'
            )
Ejemplo n.º 11
0
def mainvt(ip, url):
    """
    mainvt is managing virustotal api configuration and call api for IP or api for url. return a string in markdown style.
    :param ip:string, ip from user
    :param url:string, url from user
    """
    ############# API config #############
    import vt

    # ---- Retrieving API Key ----
    file = open('api_keys.txt', "r")
    for line in file:
        line = line.strip()  #Removal of empty lines
        if (line.find('api_key_virustotal') != -1):
            api_key_virustotal = line.partition('=')[2]
    file.close()
    client = vt.Client(api_key_virustotal)

    ############# String title #############
    stringvt = "##VirusTotal"

    ############# IP #############
    if ip != None:
        stringvt, last_analysis_stats = vtip(vt, client, ip, stringvt)
    ############# URL #############
    if url != None:
        stringvt, last_analysis_stats = vturl(vt, client, url, stringvt)

    ############# Rating #############
    grade = rating(last_analysis_stats)

    ############# API close #############
    client.close()

    return stringvt, grade
Ejemplo n.º 12
0
async def enqueue_urls(queue, apikey):
  """Enqueues URLs in VirusTotal."""
  async with vt.Client(apikey) as client:
    while not queue.empty():
      url = await queue.get()
      await client.scan_url_async(url)
      print(f'URL {url} enqueued for scanning.')
      queue.task_done()
Ejemplo n.º 13
0
async def upload_hashes(queue, apikey):
    """Uploads selected files to VirusTotal."""
    async with vt.Client(apikey) as client:
        while not queue.empty():
            file_path = await queue.get()
            await client.scan_file_async(file=file_path)
            print(f'File {file_path} uploaded.')
            queue.task_done()
Ejemplo n.º 14
0
async def download_files(queue, args):
    async with vt.Client(args.apikey) as client:
        while not queue.empty():
            file_hash = await queue.get()
            file_path = os.path.join(args.output, file_hash)
            with open(file_path, 'wb') as f:
                await client.download_file_async(file_hash, f)
            print(file_hash)
            queue.task_done()
Ejemplo n.º 15
0
def scan_url(user_input):
    client = vt.Client(os.environ.get('VIRUS_TOTAL_API_KEY'))
    try:
        analysis = client.scan_url(user_input, wait_for_completion=True)
        result = analysis.to_dict()
        client.close()
        return result['attributes']['results']
    except Exception as ec:
        print(ec)
Ejemplo n.º 16
0
 async def _get_from_feed_and_enqueue(self):
     """Get files from the file feed and put them into a queue."""
     async with vt.Client(self._apikey) as client:
         feed = client.feed(vt.FeedType.FILES, cursor=self._cursor)
         async for file_obj in feed:
             await self._queue.put(file_obj)
             if self._aborted:
                 break
         self._cursor = feed.cursor
Ejemplo n.º 17
0
    async def get_file_async(self, checksum, relationships=None):
        """Look up a file object."""
        url = '/files/{}'
        async with vt.Client(self.apikey) as client:
            if isinstance(relationships, str) and relationships:
                url += '?relationships={}'.format(relationships)
            file_obj = await client.get_object_async(url.format(checksum))

        return file_obj
Ejemplo n.º 18
0
async def get_provenance_info(apikey, hash):
    async with vt.Client(apikey) as client:
        file_obj = await client.get_object_async(f'/files/{hash}')

    return (getattr(file_obj, 'monitor_info',
                    None), getattr(file_obj, 'nsrl_info', None),
            getattr(file_obj, 'signature_info',
                    None), getattr(file_obj, 'tags', []),
            getattr(file_obj, 'trusted_verdict', None))
Ejemplo n.º 19
0
async def bulk_get_files(sha256s: List[str]) -> List[vt.Object]:
    if str(VIRUSTOTAL_API_KEY) == "":
        return []

    if len(sha256s) == 0:
        return []

    async with vt.Client(str(VIRUSTOTAL_API_KEY)) as client:
        files = await aiometer.run_all(
            [partial(get_file, client, sha256) for sha256 in sha256s])
        return [file_ for file_ in files if file_ is not None]
Ejemplo n.º 20
0
    async def get_sample_info(self):
        """ Retrieves summary information about a sample
        """

        samples = []
        async with vt.Client(self.options["virustotal"]) as client:
            while not self.info_queue.empty():
                try:
                    sample_id = await self.info_queue.get()
                    path = os.path.join("/files", sample_id)

                    # this call should be always performed to check if the sample exists
                    # and get context information for a hash value
                    result = await client.get_object_async(path)

                    sample_report = os.path.join(self.options["info_dir"],
                                                 sample_id)
                    super().display_information(result, sample_report)

                    samples.append(result)
                except vt.error.APIError as err:
                    if err.code == "NotFoundError":
                        self.options["auxiliary"].log(
                            "Sample was not found: {0}\n".format(sample_id),
                            level="WARNING")
                        self.info_queue.task_done()
                        continue
                    elif err.code in [
                            "AuthenticationRequiredError", "ForbiddenError",
                            "UserNotActiveError", "WrongCredentialsError"
                    ]:
                        self.auxiliary.log(
                            "The API key is not valid for accessing the VirusTotal Private API, or there was a problem with the user account.",
                            level="ERROR")
                    elif err.code in [
                            "QuotaExceededError", "TooManyRequestsError"
                    ]:
                        self.auxiliary.log(
                            "The quota for the API key or the number of issued requests has been exceeded.",
                            level="ERROR")
                    else:
                        self.auxiliary.log(
                            "There was an error while processing the request: {0}"
                            .format(err.code),
                            level="ERROR")

                    # clear all remaining items in the queue
                    while not self.info_queue.empty():
                        await self.info_queue.get()
                        self.info_queue.task_done()

                self.info_queue.task_done()

        return samples
Ejemplo n.º 21
0
    def check_indicators_in_vt(self, indicators_list):

        self.verified_indicators_list = copy.deepcopy(indicators_list)
        for indicator in indicators_list:
            # validate to indicator for vt engine
            indicator = self.validate_indicator(indicator)
            #check if the indicator has been checked before
            if indicator in self.indicator_checked_dict:
                logging.info("malicious stats for " + indicator + ":")
                if (self.indicator_checked_dict[indicator] == False):
                    self.remove_indicator(indicator)
                    logging.info(
                        "indicator :" + indicator +
                        " - was found BENIGN, according to previous checks")
                else:
                    logging.info(
                        "indicator :" + indicator +
                        " - was found MALICIOUS, according to previous checks")

                continue

            with vt.Client(self.vt_api_key) as client:
                logging.info("malicious stats for " + indicator + ":")
                check_benign = False
                total_results = self.get_matches_files_from_vt(
                    client, indicator, check_benign)
                check_benign = True
                amount_of_benign = self.get_matches_files_from_vt(
                    client, indicator, check_benign)
                if total_results > 0:
                    percentage_of_malicious = 100 - (amount_of_benign /
                                                     total_results) * 100
                    if percentage_of_malicious > self.threshold:
                        logging.info("indicator: " + indicator +
                                     " - was found MALICIOUS because: ")
                        logging.info("number of files found: " +
                                     str(total_results))
                        logging.info("percentage of malicious hits: " +
                                     str(percentage_of_malicious) + "%")
                        self.indicator_checked_dict[indicator] = True
                    else:
                        logging.info("indicator: " + indicator +
                                     " - was found BENIGN because: ")
                        logging.info("less than " + str(self.threshold) +
                                     " % of the files found malicious")
                        self.indicator_checked_dict[indicator] = False
                        self.remove_indicator(indicator)
                else:
                    logging.info("indicator: " + indicator +
                                 " - was found BENIGN because: ")
                    logging.info("no results on vt from the last 3 months")
                    self.indicator_checked_dict[indicator] = False
                    self.remove_indicator(indicator)
        """
Ejemplo n.º 22
0
 def vt_upload_file(self, full_file_path):
     file_size = os.path.getsize(full_file_path)
     if file_size >= 32000000:
         with vt.Client(self.vt_api_key) as client:
             unique_url = client.get_json('/files/upload_url')['data']
         header = {'X-Apikey': self.vt_api_key}
         file_to_scan = {
             'file': (full_file_path, open(full_file_path, 'rb'))
         }
         response = requests.post(unique_url,
                                  files=file_to_scan,
                                  headers=header)
         """
         response.json() output
         {'data': {'id': 'Y2IzOTJlYjdmOTllMzhmNzFkNGEzYmE5YWM2ZjI3MDA6MTYwOTk0NjgyNg==', 'type': 'analysis'}}
         """
         id = response.json()['data']['id']
         with vt.Client(self.vt_api_key) as client:
             analysis = client.get_json('/analyses/{0}', id)
             """
             print(analysis) output
             {'data': {'attributes': {'date': 1609946826, 'results': {'ALYac': {'category': 'timeout', 'engine_name': 'ALYac', 'engine_update': '20210106', 'engine_version': '1.1.3.1', 'method': 'blacklist', 'result': None}, 'APEX': {'category': 'undetected', 'engine_name': 'APEX', 'engine_update': '20210105', 'engine_version': '6.117', 'method': 'blacklist', 'result': None}, 'AVG': {'category': 'timeout', 'engine_name': 'AVG', 'engine_update': '20210106', 'engine_version': '21.1.5827.0', 'method': 'blacklist', 'result': None}, 'Acronis': {'category': 'undetected', 'engine_name': 'Acronis', 'engine_update': '20201023', 'engine_version': '1.1.1.80', 'method': 'blacklist', 'result': None}, 'Ad-Aware': {'category': 'undetected', 'engine_name': 'Ad-Aware', 'engine_update': '20210106', 'engine_version': '3.0.16.117', 'method': 'blacklist', 'result': None}, 'AhnLab-V3': {'category': 'undetected', 'engine_name': 'AhnLab-V3', 'engine_update': '20210106', 'engine_version': '3.19.4.10106', 'method': 'blacklist', 'result': None}, 'Alibaba': {'category': 'undetected', 'engine_name': 'Alibaba', 'engine_update': '20190527', 'engine_version': '0.3.0.5', 'method': 'blacklist', 'result': None}, 'Antiy-AVL': {'category': 'undetected', 'engine_name': 'Antiy-AVL', 'engine_update': '20210106', 'engine_version': '3.0.0.1', 'method': 'blacklist', 'result': None}, 'Arcabit': {'category': 'undetected', 'engine_name': 'Arcabit', 'engine_update': '20210106', 'engine_version': '1.0.0.881', 'method': 'blacklist', 'result': None}, 'Avast': {'category': 'timeout', 'engine_name': 'Avast', 'engine_update': '20210106', 'engine_version': '21.1.5827.0', 'method': 'blacklist', 'result': None}, 'Avast-Mobile': {'category': 'type-unsupported', 'engine_name': 'Avast-Mobile', 'engine_update': '20210106', 'engine_version': '210106-00', 'method': 'blacklist', 'result': None}, 'Avira': {'category': 'undetected', 'engine_name': 'Avira', 'engine_update': '20210106', 'engine_version': '8.3.3.10', 'method': 'blacklist', 'result': None}, 'Baidu': {'category': 'undetected', 'engine_name': 'Baidu', 'engine_update': '20190318', 'engine_version': '1.0.0.2', 'method': 'blacklist', 'result': None}, 'BitDefender': {'category': 'timeout', 'engine_name': 'BitDefender', 'engine_update': '20210106', 'engine_version': '7.2', 'method': 'blacklist', 'result': None}, 'BitDefenderFalx': {'category': 'type-unsupported', 'engine_name': 'BitDefenderFalx', 'engine_update': '20200916', 'engine_version': '2.0.936', 'method': 'blacklist', 'result': None}, 'BitDefenderTheta': {'category': 'timeout', 'engine_name': 'BitDefenderTheta', 'engine_update': '20210105', 'engine_version': '7.2.37796.0', 'method': 'blacklist', 'result': None}, 'Bkav': {'category': 'undetected', 'engine_name': 'Bkav', 'engine_update': '20210106', 'engine_version': '1.3.0.9899', 'method': 'blacklist', 'result': None}, 'CAT-QuickHeal': {'category': 'timeout', 'engine_name': 'CAT-QuickHeal', 'engine_update': '20210106', 'engine_version': None, 'method': 'blacklist', 'result': None}, 'CMC': {'category': 'undetected', 'engine_name': 'CMC', 'engine_update': '20210106', 'engine_version': '2.10.2019.1', 'method': 'blacklist', 'result': None}, 'ClamAV': {'category': 'undetected', 'engine_name': 'ClamAV', 'engine_update': '20210106', 'engine_version': '0.102.3.0', 'method': 'blacklist', 'result': None}, 'Comodo': {'category': 'timeout', 'engine_name': 'Comodo', 'engine_update': '20210106', 'engine_version': None, 'method': 'blacklist', 'result': None}, 'CrowdStrike': {'category': 'undetected', 'engine_name': 'CrowdStrike', 'engine_update': '20190702', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Cylance': {'category': 'type-unsupported', 'engine_name': 'Cylance', 'engine_update': '20210106', 'engine_version': '2.3.1.101', 'method': 'blacklist', 'result': None}, 'Cynet': {'category': 'type-unsupported', 'engine_name': 'Cynet', 'engine_update': '20210106', 'engine_version': '4.0.0.25', 'method': 'blacklist', 'result': None}, 'Cyren': {'category': 'timeout', 'engine_name': 'Cyren', 'engine_update': '20210106', 'engine_version': '6.3.0.2', 'method': 'blacklist', 'result': None}, 'DrWeb': {'category': 'timeout', 'engine_name': 'DrWeb', 'engine_update': '20210106', 'engine_version': '7.0.49.9080', 'method': 'blacklist', 'result': None}, 'ESET-NOD32': {'category': 'timeout', 'engine_name': 'ESET-NOD32', 'engine_update': '20210106', 'engine_version': '22601', 'method': 'blacklist', 'result': None}, 'Elastic': {'category': 'type-unsupported', 'engine_name': 'Elastic', 'engine_update': '20201214', 'engine_version': '4.0.14', 'method': 'blacklist', 'result': None}, 'Emsisoft': {'category': 'undetected', 'engine_name': 'Emsisoft', 'engine_update': '20210106', 'engine_version': '2018.12.0.1641', 'method': 'blacklist', 'result': None}, 'F-Secure': {'category': 'timeout', 'engine_name': 'F-Secure', 'engine_update': '20210106', 'engine_version': '12.0.86.52', 'method': 'blacklist', 'result': None}, 'FireEye': {'category': 'timeout', 'engine_name': 'FireEye', 'engine_update': '20210106', 'engine_version': '32.36.1.0', 'method': 'blacklist', 'result': None}, 'Fortinet': {'category': 'undetected', 'engine_name': 'Fortinet', 'engine_update': '20210106', 'engine_version': '6.2.142.0', 'method': 'blacklist', 'result': None}, 'GData': {'category': 'timeout', 'engine_name': 'GData', 'engine_update': '20210106', 'engine_version': None, 'method': 'blacklist', 'result': None}, 'Gridinsoft': {'category': 'undetected', 'engine_name': 'Gridinsoft', 'engine_update': '20210106', 'engine_version': '1.0.23.114', 'method': 'blacklist', 'result': None}, 'Ikarus': {'category': 'failure', 'engine_name': 'Ikarus', 'engine_update': '20210106', 'engine_version': '0.1.5.2', 'method': 'blacklist', 'result': None}, 'Jiangmin': {'category': 'timeout', 'engine_name': 'Jiangmin', 'engine_update': '20210106', 'engine_version': None, 'method': 'blacklist', 'result': None}, 'K7AntiVirus': {'category': 'undetected', 'engine_name': 'K7AntiVirus', 'engine_update': '20210106', 'engine_version': '11.159.36128', 'method': 'blacklist', 'result': None}, 'K7GW': {'category': 'undetected', 'engine_name': 'K7GW', 'engine_update': '20210106', 'engine_version': '11.159.36131', 'method': 'blacklist', 'result': None}, 'Kaspersky': {'category': 'timeout', 'engine_name': 'Kaspersky', 'engine_update': '20210106', 'engine_version': '15.0.1.13', 'method': 'blacklist', 'result': None}, 'Kingsoft': {'category': 'undetected', 'engine_name': 'Kingsoft', 'engine_update': '20210106', 'engine_version': '2017.9.26.565', 'method': 'blacklist', 'result': None}, 'MAX': {'category': 'timeout', 'engine_name': 'MAX', 'engine_update': '20210106', 'engine_version': '2019.9.16.1', 'method': 'blacklist', 'result': None}, 'Malwarebytes': {'category': 'undetected', 'engine_name': 'Malwarebytes', 'engine_update': '20210106', 'engine_version': '3.6.4.335', 'method': 'blacklist', 'result': None}, 'MaxSecure': {'category': 'undetected', 'engine_name': 'MaxSecure', 'engine_update': '20201212', 'engine_version': '1.0.0.1', 'method': 'blacklist', 'result': None}, 'McAfee': {'category': 'timeout', 'engine_name': 'McAfee', 'engine_update': '20210106', 'engine_version': '6.0.6.653', 'method': 'blacklist', 'result': None}, 'McAfee-GW-Edition': {'category': 'timeout', 'engine_name': 'McAfee-GW-Edition', 'engine_update': '20210105', 'engine_version': None, 'method': 'blacklist', 'result': None}, 'MicroWorld-eScan': {'category': 'undetected', 'engine_name': 'MicroWorld-eScan', 'engine_update': '20210106', 'engine_version': '14.0.409.0', 'method': 'blacklist', 'result': None}, 'Microsoft': {'category': 'undetected', 'engine_name': 'Microsoft', 'engine_update': '20210106', 'engine_version': '1.1.17700.4', 'method': 'blacklist', 'result': None}, 'NANO-Antivirus': {'category': 'timeout', 'engine_name': 'NANO-Antivirus', 'engine_update': '20210106', 'engine_version': '1.0.146.25255', 'method': 'blacklist', 'result': None}, 'Paloalto': {'category': 'undetected', 'engine_name': 'Paloalto', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Panda': {'category': 'timeout', 'engine_name': 'Panda', 'engine_update': '20210106', 'engine_version': '4.6.4.2', 'method': 'blacklist', 'result': None}, 'Qihoo-360': {'category': 'undetected', 'engine_name': 'Qihoo-360', 'engine_update': '20210106', 'engine_version': '1.0.0.1120', 'method': 'blacklist', 'result': None}, 'Rising': {'category': 'timeout', 'engine_name': 'Rising', 'engine_update': '20210106', 'engine_version': '25.0.0.26', 'method': 'blacklist', 'result': None}, 'SUPERAntiSpyware': {'category': 'undetected', 'engine_name': 'SUPERAntiSpyware', 'engine_update': '20210101', 'engine_version': '5.6.0.1032', 'method': 'blacklist', 'result': None}, 'SentinelOne': {'category': 'undetected', 'engine_name': 'SentinelOne', 'engine_update': '20201222', 'engine_version': '4.7.0.66', 'method': 'blacklist', 'result': None}, 'Sophos': {'category': 'undetected', 'engine_name': 'Sophos', 'engine_update': '20210106', 'engine_version': '1.0.2.0', 'method': 'blacklist', 'result': None}, 'Symantec': {'category': 'undetected', 'engine_name': 'Symantec', 'engine_update': '20210106', 'engine_version': '1.13.0.0', 'method': 'blacklist', 'result': None}, 'SymantecMobileInsight': {'category': 'type-unsupported', 'engine_name': 'SymantecMobileInsight', 'engine_update': '20200813', 'engine_version': '2.0', 'method': 'blacklist', 'result': None}, 'TACHYON': {'category': 'undetected', 'engine_name': 'TACHYON', 'engine_update': '20210106', 'engine_version': '2021-01-06.03', 'method': 'blacklist', 'result': None}, 'Tencent': {'category': 'undetected', 'engine_name': 'Tencent', 'engine_update': '20210106', 'engine_version': '1.0.0.1', 'method': 'blacklist', 'result': None}, 'TotalDefense': {'category': 'undetected', 'engine_name': 'TotalDefense', 'engine_update': '20201217', 'engine_version': '37.1.62.1', 'method': 'blacklist', 'result': None}, 'Trapmine': {'category': 'type-unsupported', 'engine_name': 'Trapmine', 'engine_update': '20200727', 'engine_version': '3.5.0.1023', 'method': 'blacklist', 'result': None}, 'TrendMicro': {'category': 'undetected', 'engine_name': 'TrendMicro', 'engine_update': '20210106', 'engine_version': '11.0.0.1006', 'method': 'blacklist', 'result': None}, 'TrendMicro-HouseCall': {'category': 'undetected', 'engine_name': 'TrendMicro-HouseCall', 'engine_update': '20210106', 'engine_version': '10.0.0.1040', 'method': 'blacklist', 'result': None}, 'Trustlook': {'category': 'type-unsupported', 'engine_name': 'Trustlook', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'VBA32': {'category': 'undetected', 'engine_name': 'VBA32', 'engine_update': '20210106', 'engine_version': '4.4.1', 'method': 'blacklist', 'result': None}, 'VIPRE': {'category': 'undetected', 'engine_name': 'VIPRE', 'engine_update': '20210106', 'engine_version': '89474', 'method': 'blacklist', 'result': None}, 'ViRobot': {'category': 'undetected', 'engine_name': 'ViRobot', 'engine_update': '20210106', 'engine_version': '2014.3.20.0', 'method': 'blacklist', 'result': None}, 'Webroot': {'category': 'failure', 'engine_name': 'Webroot', 'engine_update': '20210106', 'engine_version': '1.0.0.403', 'method': 'blacklist', 'result': None}, 'Yandex': {'category': 'timeout', 'engine_name': 'Yandex', 'engine_update': '20201229', 'engine_version': '5.5.2.24', 'method': 'blacklist', 'result': None}, 'Zillya': {'category': 'undetected', 'engine_name': 'Zillya', 'engine_update': '20210106', 'engine_version': '2.0.0.4263', 'method': 'blacklist', 'result': None}, 'ZoneAlarm': {'category': 'timeout', 'engine_name': 'ZoneAlarm', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Zoner': {'category': 'undetected', 'engine_name': 'Zoner', 'engine_update': '20210105', 'engine_version': '0.0.0.0', 'method': 'blacklist', 'result': None}}, 'stats': {'confirmed-timeout': 0, 'failure': 2, 'harmless': 0, 'malicious': 0, 'suspicious': 0, 'timeout': 23, 'type-unsupported': 8, 'undetected': 39}, 'status': 'completed'}, 'id': 'Y2IzOTJlYjdmOTllMzhmNzFkNGEzYmE5YWM2ZjI3MDA6MTYwOTk0NjgyNg==', 'type': 'analysis'}, 'meta': {'file_info': {'md5': 'cb392eb7f99e38f71d4a3ba9ac6f2700', 'name': 'C:\\\\Users\\\\IEUser\\\\Downloads\\\\controlled_test\\\\pycharm-community-2020.3.2.exe', 'sha1': '00076d8f9b84a6535a53fc6cee2385d8d2fd80ff', 'sha256': '82196cc453e0868f24a35c580a09c6369b2c5f484a7ef5af5d8a5d1bbcbbc98e', 'size': 365527656}}}
             """
             if analysis['data']['attributes']['stats'][
                     'malicious'] >= self.malicious_index:
                 return True
             else:
                 return False
     else:
         with vt.Client(self.vt_api_key) as client:
             with open(full_file_path, 'rb') as f:
                 analysis = client.scan_file(f, wait_for_completion=True)
                 if analysis.to_dict()['attributes']['stats'][
                         'malicious'] >= self.malicious_index:
                     return True
                     """
                     analysis.to_dict() output
                     {'type': 'analysis', 'id': 'ZmRkYzM2YzZlYWQ1ZTc3NjE2ZDkxMTk0NDAyM2RkMTU6MTYwOTk0MzA4NA==', 'attributes': {'date': 1609943084, 'results': {'ALYac': {'category': 'failure', 'engine_name': 'ALYac', 'engine_update': '20210106', 'engine_version': '1.1.3.1', 'method': 'blacklist', 'result': None}, 'APEX': {'category': 'type-unsupported', 'engine_name': 'APEX', 'engine_update': '20210105', 'engine_version': '6.117', 'method': 'blacklist', 'result': None}, 'AVG': {'category': 'undetected', 'engine_name': 'AVG', 'engine_update': '20210106', 'engine_version': '21.1.5827.0', 'method': 'blacklist', 'result': None}, 'Acronis': {'category': 'type-unsupported', 'engine_name': 'Acronis', 'engine_update': '20201023', 'engine_version': '1.1.1.80', 'method': 'blacklist', 'result': None}, 'Ad-Aware': {'category': 'undetected', 'engine_name': 'Ad-Aware', 'engine_update': '20210106', 'engine_version': '3.0.16.117', 'method': 'blacklist', 'result': None}, 'AegisLab': {'category': 'undetected', 'engine_name': 'AegisLab', 'engine_update': '20210106', 'engine_version': '4.2', 'method': 'blacklist', 'result': None}, 'AhnLab-V3': {'category': 'undetected', 'engine_name': 'AhnLab-V3', 'engine_update': '20210106', 'engine_version': '3.19.4.10106', 'method': 'blacklist', 'result': None}, 'Alibaba': {'category': 'type-unsupported', 'engine_name': 'Alibaba', 'engine_update': '20190527', 'engine_version': '0.3.0.5', 'method': 'blacklist', 'result': None}, 'Antiy-AVL': {'category': 'undetected', 'engine_name': 'Antiy-AVL', 'engine_update': '20210106', 'engine_version': '3.0.0.1', 'method': 'blacklist', 'result': None}, 'Arcabit': {'category': 'undetected', 'engine_name': 'Arcabit', 'engine_update': '20210106', 'engine_version': '1.0.0.881', 'method': 'blacklist', 'result': None}, 'Avast': {'category': 'undetected', 'engine_name': 'Avast', 'engine_update': '20210106', 'engine_version': '21.1.5827.0', 'method': 'blacklist', 'result': None}, 'Avast-Mobile': {'category': 'type-unsupported', 'engine_name': 'Avast-Mobile', 'engine_update': '20210106', 'engine_version': '210106-00', 'method': 'blacklist', 'result': None}, 'Avira': {'category': 'undetected', 'engine_name': 'Avira', 'engine_update': '20210106', 'engine_version': '8.3.3.10', 'method': 'blacklist', 'result': None}, 'Baidu': {'category': 'undetected', 'engine_name': 'Baidu', 'engine_update': '20190318', 'engine_version': '1.0.0.2', 'method': 'blacklist', 'result': None}, 'BitDefender': {'category': 'undetected', 'engine_name': 'BitDefender', 'engine_update': '20210106', 'engine_version': '7.2', 'method': 'blacklist', 'result': None}, 'BitDefenderFalx': {'category': 'type-unsupported', 'engine_name': 'BitDefenderFalx', 'engine_update': '20200916', 'engine_version': '2.0.936', 'method': 'blacklist', 'result': None}, 'BitDefenderTheta': {'category': 'undetected', 'engine_name': 'BitDefenderTheta', 'engine_update': '20210105', 'engine_version': '7.2.37796.0', 'method': 'blacklist', 'result': None}, 'Bkav': {'category': 'undetected', 'engine_name': 'Bkav', 'engine_update': '20210106', 'engine_version': '1.3.0.9899', 'method': 'blacklist', 'result': None}, 'CAT-QuickHeal': {'category': 'undetected', 'engine_name': 'CAT-QuickHeal', 'engine_update': '20210106', 'engine_version': '14.00', 'method': 'blacklist', 'result': None}, 'CMC': {'category': 'undetected', 'engine_name': 'CMC', 'engine_update': '20201224', 'engine_version': '2.10.2019.1', 'method': 'blacklist', 'result': None}, 'ClamAV': {'category': 'undetected', 'engine_name': 'ClamAV', 'engine_update': '20210106', 'engine_version': '0.102.3.0', 'method': 'blacklist', 'result': None}, 'Comodo': {'category': 'undetected', 'engine_name': 'Comodo', 'engine_update': '20210106', 'engine_version': '33146', 'method': 'blacklist', 'result': None}, 'CrowdStrike': {'category': 'type-unsupported', 'engine_name': 'CrowdStrike', 'engine_update': '20190702', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Cybereason': {'category': 'type-unsupported', 'engine_name': 'Cybereason', 'engine_update': '20210106', 'engine_version': '1.2.449', 'method': 'blacklist', 'result': None}, 'Cylance': {'category': 'type-unsupported', 'engine_name': 'Cylance', 'engine_update': '20210106', 'engine_version': '2.3.1.101', 'method': 'blacklist', 'result': None}, 'Cynet': {'category': 'undetected', 'engine_name': 'Cynet', 'engine_update': '20210106', 'engine_version': '4.0.0.25', 'method': 'blacklist', 'result': None}, 'Cyren': {'category': 'undetected', 'engine_name': 'Cyren', 'engine_update': '20210106', 'engine_version': '6.3.0.2', 'method': 'blacklist', 'result': None}, 'DrWeb': {'category': 'undetected', 'engine_name': 'DrWeb', 'engine_update': '20210106', 'engine_version': '7.0.49.9080', 'method': 'blacklist', 'result': None}, 'ESET-NOD32': {'category': 'undetected', 'engine_name': 'ESET-NOD32', 'engine_update': '20210106', 'engine_version': '22601', 'method': 'blacklist', 'result': None}, 'Elastic': {'category': 'type-unsupported', 'engine_name': 'Elastic', 'engine_update': '20201214', 'engine_version': '4.0.14', 'method': 'blacklist', 'result': None}, 'Emsisoft': {'category': 'undetected', 'engine_name': 'Emsisoft', 'engine_update': '20210106', 'engine_version': '2018.12.0.1641', 'method': 'blacklist', 'result': None}, 'F-Secure': {'category': 'undetected', 'engine_name': 'F-Secure', 'engine_update': '20210106', 'engine_version': '12.0.86.52', 'method': 'blacklist', 'result': None}, 'FireEye': {'category': 'undetected', 'engine_name': 'FireEye', 'engine_update': '20210106', 'engine_version': '32.36.1.0', 'method': 'blacklist', 'result': None}, 'Fortinet': {'category': 'undetected', 'engine_name': 'Fortinet', 'engine_update': '20210106', 'engine_version': '6.2.142.0', 'method': 'blacklist', 'result': None}, 'GData': {'category': 'undetected', 'engine_name': 'GData', 'engine_update': '20210106', 'engine_version': 'A:25.28272B:27.21493', 'method': 'blacklist', 'result': None}, 'Gridinsoft': {'category': 'undetected', 'engine_name': 'Gridinsoft', 'engine_update': '20210106', 'engine_version': '1.0.23.114', 'method': 'blacklist', 'result': None}, 'Ikarus': {'category': 'undetected', 'engine_name': 'Ikarus', 'engine_update': '20210106', 'engine_version': '0.1.5.2', 'method': 'blacklist', 'result': None}, 'Jiangmin': {'category': 'undetected', 'engine_name': 'Jiangmin', 'engine_update': '20210106', 'engine_version': '16.0.100', 'method': 'blacklist', 'result': None}, 'K7AntiVirus': {'category': 'undetected', 'engine_name': 'K7AntiVirus', 'engine_update': '20210106', 'engine_version': '11.159.36128', 'method': 'blacklist', 'result': None}, 'K7GW': {'category': 'undetected', 'engine_name': 'K7GW', 'engine_update': '20210106', 'engine_version': '11.159.36127', 'method': 'blacklist', 'result': None}, 'Kaspersky': {'category': 'undetected', 'engine_name': 'Kaspersky', 'engine_update': '20210106', 'engine_version': '15.0.1.13', 'method': 'blacklist', 'result': None}, 'Kingsoft': {'category': 'undetected', 'engine_name': 'Kingsoft', 'engine_update': '20210106', 'engine_version': '2017.9.26.565', 'method': 'blacklist', 'result': None}, 'MAX': {'category': 'undetected', 'engine_name': 'MAX', 'engine_update': '20210106', 'engine_version': '2019.9.16.1', 'method': 'blacklist', 'result': None}, 'Malwarebytes': {'category': 'undetected', 'engine_name': 'Malwarebytes', 'engine_update': '20210106', 'engine_version': '3.6.4.335', 'method': 'blacklist', 'result': None}, 'MaxSecure': {'category': 'undetected', 'engine_name': 'MaxSecure', 'engine_update': '20201212', 'engine_version': '1.0.0.1', 'method': 'blacklist', 'result': None}, 'McAfee': {'category': 'undetected', 'engine_name': 'McAfee', 'engine_update': '20210106', 'engine_version': '6.0.6.653', 'method': 'blacklist', 'result': None}, 'McAfee-GW-Edition': {'category': 'undetected', 'engine_name': 'McAfee-GW-Edition', 'engine_update': '20210105', 'engine_version': 'v2019.1.2+3728', 'method': 'blacklist', 'result': None}, 'MicroWorld-eScan': {'category': 'undetected', 'engine_name': 'MicroWorld-eScan', 'engine_update': '20210106', 'engine_version': '14.0.409.0', 'method': 'blacklist', 'result': None}, 'Microsoft': {'category': 'undetected', 'engine_name': 'Microsoft', 'engine_update': '20210106', 'engine_version': '1.1.17700.4', 'method': 'blacklist', 'result': None}, 'NANO-Antivirus': {'category': 'undetected', 'engine_name': 'NANO-Antivirus', 'engine_update': '20210106', 'engine_version': '1.0.146.25255', 'method': 'blacklist', 'result': None}, 'Paloalto': {'category': 'type-unsupported', 'engine_name': 'Paloalto', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Panda': {'category': 'undetected', 'engine_name': 'Panda', 'engine_update': '20210106', 'engine_version': '4.6.4.2', 'method': 'blacklist', 'result': None}, 'Qihoo-360': {'category': 'undetected', 'engine_name': 'Qihoo-360', 'engine_update': '20210106', 'engine_version': '1.0.0.1120', 'method': 'blacklist', 'result': None}, 'Rising': {'category': 'undetected', 'engine_name': 'Rising', 'engine_update': '20210106', 'engine_version': '25.0.0.26', 'method': 'blacklist', 'result': None}, 'SUPERAntiSpyware': {'category': 'undetected', 'engine_name': 'SUPERAntiSpyware', 'engine_update': '20210101', 'engine_version': '5.6.0.1032', 'method': 'blacklist', 'result': None}, 'Sangfor': {'category': 'undetected', 'engine_name': 'Sangfor', 'engine_update': '20210105', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'SentinelOne': {'category': 'type-unsupported', 'engine_name': 'SentinelOne', 'engine_update': '20201222', 'engine_version': '4.7.0.66', 'method': 'blacklist', 'result': None}, 'Sophos': {'category': 'undetected', 'engine_name': 'Sophos', 'engine_update': '20210106', 'engine_version': '1.0.2.0', 'method': 'blacklist', 'result': None}, 'Symantec': {'category': 'undetected', 'engine_name': 'Symantec', 'engine_update': '20210106', 'engine_version': '1.13.0.0', 'method': 'blacklist', 'result': None}, 'SymantecMobileInsight': {'category': 'type-unsupported', 'engine_name': 'SymantecMobileInsight', 'engine_update': '20200813', 'engine_version': '2.0', 'method': 'blacklist', 'result': None}, 'TACHYON': {'category': 'undetected', 'engine_name': 'TACHYON', 'engine_update': '20210106', 'engine_version': '2021-01-06.03', 'method': 'blacklist', 'result': None}, 'Tencent': {'category': 'undetected', 'engine_name': 'Tencent', 'engine_update': '20210106', 'engine_version': '1.0.0.1', 'method': 'blacklist', 'result': None}, 'TotalDefense': {'category': 'undetected', 'engine_name': 'TotalDefense', 'engine_update': '20201217', 'engine_version': '37.1.62.1', 'method': 'blacklist', 'result': None}, 'Trapmine': {'category': 'type-unsupported', 'engine_name': 'Trapmine', 'engine_update': '20200727', 'engine_version': '3.5.0.1023', 'method': 'blacklist', 'result': None}, 'TrendMicro': {'category': 'undetected', 'engine_name': 'TrendMicro', 'engine_update': '20210106', 'engine_version': '11.0.0.1006', 'method': 'blacklist', 'result': None}, 'TrendMicro-HouseCall': {'category': 'undetected', 'engine_name': 'TrendMicro-HouseCall', 'engine_update': '20210106', 'engine_version': '10.0.0.1040', 'method': 'blacklist', 'result': None}, 'Trustlook': {'category': 'type-unsupported', 'engine_name': 'Trustlook', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'VBA32': {'category': 'undetected', 'engine_name': 'VBA32', 'engine_update': '20210106', 'engine_version': '4.4.1', 'method': 'blacklist', 'result': None}, 'VIPRE': {'category': 'undetected', 'engine_name': 'VIPRE', 'engine_update': '20210106', 'engine_version': '89470', 'method': 'blacklist', 'result': None}, 'ViRobot': {'category': 'undetected', 'engine_name': 'ViRobot', 'engine_update': '20210106', 'engine_version': '2014.3.20.0', 'method': 'blacklist', 'result': None}, 'Webroot': {'category': 'type-unsupported', 'engine_name': 'Webroot', 'engine_update': '20210106', 'engine_version': '1.0.0.403', 'method': 'blacklist', 'result': None}, 'Yandex': {'category': 'undetected', 'engine_name': 'Yandex', 'engine_update': '20201229', 'engine_version': '5.5.2.24', 'method': 'blacklist', 'result': None}, 'Zillya': {'category': 'undetected', 'engine_name': 'Zillya', 'engine_update': '20210106', 'engine_version': '2.0.0.4263', 'method': 'blacklist', 'result': None}, 'ZoneAlarm': {'category': 'undetected', 'engine_name': 'ZoneAlarm', 'engine_update': '20210106', 'engine_version': '1.0', 'method': 'blacklist', 'result': None}, 'Zoner': {'category': 'undetected', 'engine_name': 'Zoner', 'engine_update': '20210105', 'engine_version': '0.0.0.0', 'method': 'blacklist', 'result': None}, 'eGambit': {'category': 'type-unsupported', 'engine_name': 'eGambit', 'engine_update': '20210106', 'engine_version': None, 'method': 'blacklist', 'result': None}}, 'stats': {'confirmed-timeout': 0, 'failure': 1, 'harmless': 0, 'malicious': 0, 'suspicious': 0, 'timeout': 0, 'type-unsupported': 16, 'undetected': 59}, 'status': 'completed'}}
                     """
                 else:
                     return False
Ejemplo n.º 23
0
    def __init__(self, vt_key: str):
        """
        Create a new instance of VTLookupV3 class.

        Parameters
        ----------
        vt_key: str
            VirusTotal API key

        """
        self._vt_key = vt_key
        self._vt_client = vt.Client(apikey=vt_key)
Ejemplo n.º 24
0
    def __init__(self, config: Dict[str, Any]):
        if 'apikey' not in config or config['apikey'] is None:
            self.available = False
            return

        self.available = True
        self.autosubmit = False
        self.client = vt.Client(config['apikey'])
        if config.get('autosubmit'):
            self.autosubmit = True
        self.storage_dir_vt = get_homedir() / 'vt_url'
        self.storage_dir_vt.mkdir(parents=True, exist_ok=True)
Ejemplo n.º 25
0
  async def queue_file_hashes(self, search):
    """Retrieve files from VT and enqueue them for being downloaded.

    Args:
      search: VT intelligence search query.
    """
    async with vt.Client(self.apikey) as client:
      it = client.iterator(
        '/intelligence/search',
        params={'query': search}, limit=self.num_files)
      async for file_obj in it:
        await self.queue.put(file_obj.sha256)
Ejemplo n.º 26
0
def query_vt_api(md5hash):
    """Queries the VirusTotal API using a file's hash (md5hash).
    
    Returns the vt_result variable as an Object.
    """

    # ENTER YOUR API KEY BELOW
    vt_api = vt.Client("<YOUR-API-KEY-HERE>")
    vt_result = vt_api.get_object("/files/{hash}".format(hash=md5hash))
    vt_api.close()

    return vt_result
Ejemplo n.º 27
0
def get_file_info(hash, apikey):
    """A function that gets file information from VirusTotal.

    @param hash: MD5 hash of the file that is sent to VirusTotal.
    @param apikey: VirusTotal API key.
    @return: Instance of vt.Object that contains information about about requested file.
    @raise: vt.error.APIError if file is not found or connection is not established.
    """
    vt_client = vt.Client(apikey)

    file_info = vt_client.get_object(f"/files/{hash}")

    return file_info
Ejemplo n.º 28
0
 def vt_file_exist(self, full_file_path):
     file_hash = self.md5_file(full_file_path)
     file_hash_url = "/files/" + str(file_hash)
     try:
         with vt.Client(self.vt_api_key) as client:
             file = client.get_object(file_hash_url)
             if file.last_analysis_stats[
                     'malicious'] >= self.malicious_index:
                 return True
             else:
                 return False
     except:
         return None
Ejemplo n.º 29
0
def scan_file(file):
    client = vt.Client(os.environ.get(apikey))

    print("Uploading file {}...".format(file), end='\r')
    fileScan = client.scan_file(file)
    print("Uploading file {}...done".format(file))
    while True:
        analysis = client.get_object("/analyses/{}", fileScan.id)
        if analysis.status == "completed":
            j = {"id": analysis.id, "file": file, "results": analysis.results}
            logger.info(json.dumps(j, indent=4))
            client.close()
            break
        time.sleep(5)
Ejemplo n.º 30
0
 def scan_file(self, file_path):
     self.started.emit(None)
     self.progress.emit("Uploading")
     self.client = vt.Client(self.apikey)
     with open(file_path, "rb") as f:
         analysis = self.client.scan_file(f)
     while True:
         analysis = self.client.get_object("/analyses/{}", analysis.id)
         self.progress.emit(analysis.status.capitalize())
         if analysis.status == "completed":
             break
         sleep(3)
     response = self.parse_response(analysis)
     self.finished.emit(response)