def Analyze(self, hashes): """Looks up hashes in nsrlsvr. Args: hashes (list[str]): hash values to look up. Returns: list[HashAnalysis]: analysis results, or an empty list on error. """ logging.debug('Opening connection to {0:s}:{1:d}'.format( self._host, self._port)) nsrl_socket = self._GetSocket() if not nsrl_socket: self.SignalAbort() return [] hash_analyses = [] for digest in hashes: response = self._QueryHash(nsrl_socket, digest) if response is None: continue hash_analysis = interface.HashAnalysis(digest, response) hash_analyses.append(hash_analysis) nsrl_socket.close() logging.debug('Closed connection to {0:s}:{1:d}'.format( self._host, self._port)) return hash_analyses
def Analyze(self, hashes): """Looks up hashes in VirusTotal using the VirusTotal HTTP API. The API is documented here: https://www.virustotal.com/en/documentation/public-api/ Args: hashes (list[str]): hashes to look up. Returns: list[HashAnalysis]: analysis results. Raises: RuntimeError: If the VirusTotal API key has not been set. """ if not self._api_key: raise RuntimeError('No API key specified for VirusTotal lookup.') hash_analyses = [] json_response = self._QueryHashes(hashes) or [] # VirusTotal returns a dictionary when a single hash is queried # and a list when multiple hashes are queried. if isinstance(json_response, dict): json_response = [json_response] for result in json_response: resource = result['resource'] hash_analysis = interface.HashAnalysis(resource, result) hash_analyses.append(hash_analysis) return hash_analyses
def Analyze(self, hashes): """Looks up hashes in VirusTotal using the VirusTotal HTTP API. The API is documented here: https://www.virustotal.com/en/documentation/public-api/ Args: hashes: A list of hashes (strings) to look up. Returns: A list of HashAnalysis objects. Raises: RuntimeError: If the VirusTotal API key has not been set. """ if not self._api_key: raise RuntimeError(u'No API key specified for VirusTotal lookup.') hash_analyses = [] resource_string = u', '.join(hashes) params = {u'apikey': self._api_key, u'resource': resource_string} try: json_response = self.MakeRequestAndDecodeJSON( self._VIRUSTOTAL_API_REPORT_URL, u'GET', params=params) except errors.ConnectionError as exception: logging.error( (u'Error communicating with VirusTotal {0:s}. VirusTotal plugin is ' u'aborting.').format(exception)) self.SignalAbort() return hash_analyses # The content of the response from VirusTotal has a different structure if # one or more than one hash is looked up at once. if isinstance(json_response, dict): # Only one result. resource = json_response[u'resource'] hash_analysis = interface.HashAnalysis(resource, json_response) hash_analyses.append(hash_analysis) else: for result in json_response: resource = result[u'resource'] hash_analysis = interface.HashAnalysis(resource, result) hash_analyses.append(hash_analysis) return hash_analyses
def Analyze(self, hashes): """Looks up hashes in Viper using the Viper HTTP API. The API is documented here: https://viper-framework.readthedocs.org/en/latest/usage/web.html#api Args: hashes: A list of hashes (strings) to look up. The Viper plugin supports only one hash at a time. Returns: A list of hash analysis objects (instances of HashAnalysis). Raises: RuntimeError: If no host has been set for Viper. ValueError: If the hashes list contains a number of hashes other than one. """ if not self._host: raise RuntimeError(u'No host specified for Viper lookup.') if len(hashes) != 1: raise ValueError( u'Unsupported number of hashes provided. Viper supports only one ' u'hash at a time.') sha256 = hashes[0] hash_analyses = [] url = u'{0:s}://{1:s}/{2:s}'.format(self._protocol, self._host, self._VIPER_API_PATH) params = {u'sha256': sha256} try: json_response = self.MakeRequestAndDecodeJSON(url, u'POST', data=params) except errors.ConnectionError as exception: logging.error( (u'Error communicating with Viper {0:s}. Viper plugin is ' u'aborting.').format(exception)) self.SignalAbort() return hash_analyses hash_analysis = interface.HashAnalysis(sha256, json_response) hash_analyses.append(hash_analysis) return hash_analyses
def Analyze(self, hashes): """Looks up hashes in Viper using the Viper HTTP API. Args: hashes (list[str]): hashes to look up. Returns: list[HashAnalysis]: hash analysis. Raises: RuntimeError: If no host has been set for Viper. """ hash_analyses = [] for digest in hashes: json_response = self._QueryHash(digest) hash_analysis = interface.HashAnalysis(digest, json_response) hash_analyses.append(hash_analysis) return hash_analyses