def setup(self): self.vt_key = self.options.get("api_key") self.vt_type = self.options.get("key_type", "") if self.vt_type == "public": self.vt = PublicApi(key=self.vt_key) elif self.vt_type == "": self.vt = PublicApi(key=self.vt_key) elif self.vt_type == "private": self.vt = PrivateApi(key=self.vt_key)
def test_scan_file_stream(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.scan_file(EICAR), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def send_hash(self, filehash): # De PublicApi wordt doorgegeven aan api api = PublicApi(self.api) # response terugvragen van virustotal response = api.get_file_report(filehash) return response
def get_VT_name(hashes): try: vt = PublicApi(api_key=os.environ["VIRUSTOTAL_API_KEY"]) generator = ComputeVtUniqueName() names = [ generator.build_unique_name(vt.get_file_report(hash_) or "") for hash_ in hashes ] if len(names) >= 2 and all(names[0] == name for name in names[1:]): name = names[0] if name["pup"]: log.error( "PUA signatures are not implemented yet. Excpected name was: %s", str(name)) pass else: return "{}.{}.{}".format(name["platform"], name["category"], name["unique_name"]) except KeyError: log.warn( "No VIRUSTOTAL_API_KEY specified. Falling back to generic name.") except Exception: log.exception( "White trying to compute VT name. Falling back to generic name.") return GENERIC_CLAMAV_MALWARE_NAME
def validate_virus_total_account(): normal("<*> VirusTotal API KEY Validation") EICAR = "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*".encode( 'utf-8') # EICAR_MD5 = hashlib.md5(EICAR).hexdigest() # EICAR_SHA1 = hashlib.sha1(EICAR).hexdigest() EICAR_SHA256 = hashlib.sha256(EICAR).hexdigest() for account in VIRUSTOTAL_ACCOUNT: vt = PublicApi(account['apikey']) try: vt_response = vt.get_file_report(EICAR_SHA256) normal("email : %s" % account['email']) normal("apikey : %s" % account['apikey']) if int(vt_response['response_code'] / 100) == 5: account['valid'] = False warning("valid : False") critical(vt_response['error']) elif int(vt_response['response_code'] / 100) == 4: account['valid'] = False warning("valid : False") critical(vt_response['error']) else: account['valid'] = True messageBold("valid : True") except: pass
def test_bad_creds(self): try: vt_error = PublicApi() except ApiError: pass else: self.fail("Should have raised an ApiError")
def analizarRe(carpeta): API_KEY = "a9089095456a6c812626239b837c894abcea66938853813118ebf16a5fff1690" api = PublicApi(API_KEY) archivos = carpetas = 0 for i in os.listdir(carpeta): if os.path.isfile(os.path.join(carpeta, i)): print(i + ": ") with open(os.path.join(carpeta, i), "rb") as f: file_hash = md5(f.read()).hexdigest() response = api.get_file_report(file_hash) if response["response_code"] == 200: if response["results"]["positives"] > 0: print("Archivo malicioso.") else: print("Archivo seguro.") else: print("No ha podido obtenerse el análisis del archivo.") print("==================================================") if os.path.isdir(os.path.join(carpeta, i)): carpetas += 1 for i in os.listdir(carpeta): if os.path.isdir(os.path.join(carpeta, i)): analizarRe(os.path.join(carpeta, i))
def get_public_vt(self): block = self.VTAPI config_dict = self.my_config.get(block, None) if config_dict is None: raise Exception("Missing %s config" % block) apikey = config_dict.get(self.API_KEY) return PublicApi(apikey)
def test_hash_not_found(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.get_file_report('A' * 32), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_sha256_hash(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.get_file_report(EICAR_SHA256), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_md5_hash(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.get_file_report(EICAR_MD5), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_scan_file_binary(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.scan_file('test.exe'), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_get_domain_report(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.get_domain_report('www.wired.com'), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_get_ip_report(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.get_ip_report('23.6.113.133'), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_scan_url(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.scan_url('www.wired.com'), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_put_comments(self): vt = PublicApi(API_KEY) comment = 'This is just a test of the virus-total-api. https://github.com/blacktop/virustotal-api' try: print json.dumps(vt.put_comments(resource=EICAR_MD5, comment=comment), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_rescan_file(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.rescan_file(EICAR_MD5), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_scan_file_binary(self): vt = PublicApi(API_KEY) vt.scan_file() try: print( json.dumps(vt.scan_file('virus_total_apis/test/test.exe'), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_hash_found(self): vt = PublicApi(API_KEY) try: print json.dumps( vt.get_file_report('44cda81782dc2a346abd7b2285530c5f'), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def test_hash_found(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.get_file_report( '8E7FF6FDA061B782446A5968D43AE32DAF4FAE65'), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def vt(self, domain, conf, verbose): print('## Searching subdomains in Virus Total') if conf["VirusTotal"]["type"] == "public": vt = PublicApi(conf["VirusTotal"]["key"]) else: vt = PrivateApi(conf["VirusTotal"]["key"]) res = vt.get_domain_report(domain) try: for d in res['results']['subdomains']: print(d) except KeyError: pass
def main(): config_handler.set_global(bar='classic', spinner='classic') argparser = argparse.ArgumentParser( prog="helper_virustotal", description='VirusTotal helper to scan/gather results.') argparser.add_argument('-i', '--input', required=True, help=("Folder path to scan or " "file path with HASH - URL pattern.")) argparser.add_argument('-o', '--output', default='virustotal', help=("File name for url/detection output.")) argparser.add_argument('-k', '--key', default='.key_virustotal', help="File containing VirusTotal API key.") group = argparser.add_mutually_exclusive_group(required=True) group.add_argument('-s', '--scan', action='store_true', help="Scan directory given as input.") group.add_argument('-r', '--results', action='store_true', help="Collect results of files given as input.") args = argparser.parse_args() with open(args.key, 'r') as f: key = f.read().strip() api = PublicApi(key) if args.scan: if not os.path.isdir(args.input): print("Error: Invalid input folder path.") else: samples = [ f'{os.path.join(args.input, sample)}' for sample in os.listdir(args.input) ] with open(f'{args.output}.url', 'w') as f: scan_phase(args, api, f, samples) if args.results: if not os.path.isfile(args.input): print("Error: Invalid input file path.") else: with open(f'{args.output}.detection', 'w') as f: results_phase(args, api, f)
def test_scan_file_binary_filename(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.scan_file( 'C:\\Users\\YES24\\Desktop\\자료정리\\분류전\\cmd.exe', filename='othertest.exe'), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_scan_file_stream_filename(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.scan_file(EICAR, from_disk=False, filename='my_eicar_file.txt'), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_md5_hashes(self): vt = PublicApi(API_KEY) try: print( json.dumps(vt.get_file_report([ 'fc3242be666d669e963eb87a6d8d20b6decf93cb', 'f1906392c1d81d402fe38235a908cd19349481f3' ]), sort_keys=False, indent=4)) except Exception as e: self.fail(e)
def test_hash_bad_input(self): vt = PublicApi(API_KEY) try: print json.dumps(vt.get_file_report('This is not a hash'), sort_keys=False, indent=4) print json.dumps(vt.get_file_report(None), sort_keys=False, indent=4) print json.dumps(vt.get_file_report(False), sort_keys=False, indent=4) print json.dumps(vt.get_file_report(-1), sort_keys=False, indent=4) except Exception as e: self.fail(e)
def __init__(self): """ The function is a constructor of the Virus Scanner object. """ self._status = None try: self._virus_total_service = PublicApi( Virus_Total_Service_Secret_API) except: try: self._virus_total_service = PrivateApi( Virus_Total_Service_Secret_API) except ApiError as e: print(f'Could not active Virus Total Virus Scanner Service.' f'The error {e} occured.') sys.exit(0) # Stopping the function
def scan(path): # Fill in your VirusTotal public api key api_key = '' if api_key != '': try: vt = PublicApi(api_key) res = vt.scan_file(path) if res["response_code"] == 200: print("Complete Requesting Scan", path) else: print("Error") except Exception as e: print("Error:", e) else: print("Need VirusTotal API Key")
def analizar(): insInicial = time.time() print("Procesando...") API_KEY = "a9089095456a6c812626239b837c894abcea66938853813118ebf16a5fff1690" api = PublicApi(API_KEY) with open(sys.argv[2], "rb") as f: file_hash = md5(f.read()).hexdigest() response = api.get_file_report(file_hash) if response["response_code"] == 200: if response["results"]["positives"] > 0: print("Archivo malicioso.") else: print("Archivo seguro.") else: print("No ha podido obtenerse el análisis del archivo.") insFinal = time.time() tiempo = insFinal - insInicial print("Tiempo de Ejecucion", tiempo)
def is_dangerous(con, file_to_scan, extract_mail, email_id, file_name): try: virus_total_scanner = PublicApi(API_KEY) response = virus_total_scanner.scan_file(file_to_scan, from_disk=False) time.sleep(1) f_md5 = hashlib.md5(file_to_scan).hexdigest() response = virus_total_scanner.get_file_report(f_md5) if response['results']['positives'] > 0: delete_email(con, email_id) print( "\n---> System filtered-out an email from {}. Reason: dangerous attachment detected\n" .format(extract_mail)) return True except Exception as e: print('Scan file Failed: {}'.format(e)) download_attachment(file_name, file_to_scan) return False