def judge(self, filepath): ''' virustotal에 특정 파일 검사 :param filepath: 검사 대상 path :param api_key: virustotal API_KEY :return: 결과 boolean True : Non-malware, False : malware ''' # Normal Initialisation. vtotal = Virustotal(self.api_key) result = vtotal.file_scan(filepath) print('>> Virustotal Search report. <<') json_resp = result['json_resp'] md5 = json_resp['md5'].strip() print('result link : ', json_resp['permalink']) url = 'https://www.virustotal.com/vtapi/v2/file/report' params = {'apikey': self.api_key, 'resource': md5} response = requests.get(url, params=params) total = response.json()['total'] positives = response.json()['positives'] print('Result : (' + str(total) + ' / ' + str(positives) + ')') if positives == 0: vtotal_judge = True else: vtotal_judge = False # 최종 검사 결과, 탐지 횟 수 return vtotal_judge, positives, total, json_resp['permalink']
def check_file(key, file): msg() # prints scanning message scanner = Virustotal(key) # passing api key to Virustotal class scanner.file_scan(file) # scans the file for virus with open(file, 'rb') as f: # opens file in read binary mode read = f.read() # reads opened file file_hash = hashlib.sha256(read).hexdigest() # Get sha256 hash of file report = scanner.file_report([file_hash]) # passing hash value of file to file_report function and returns report try: print('\n\nREPORT:\nStatus code:', report['status_code']) # Prints all the reports print('Scan date:', report['json_resp']['scan_date']) print('Verbose msg:', report['json_resp']['verbose_msg']) print('Antivirus Scanned:', report['json_resp']['total']) print('Positives:', report['json_resp']['positives']) print('sha256:', report['json_resp']['sha256']) print('md5:', report['json_resp']['md5']) except KeyError: print('\n""Maximum four scans per minute""')
class StartModule(): def __init__(self): self._main_gui_func_ = 'isBadFile' self.__gui_label__ = 'Virustotal Search' def help(self): Logger.printMessage( message=ht.getFunctionsNamesFromModule('ht_virustotal'), debug_module=True) def isBadFileHash(self, fileHash, virustotal_api=None, session_id=None): try: if not virustotal_api: virustotal_api = ht.Config.getAPIKey('virustotal_api', session_id) self.vtotal = Virustotal(virustotal_api) resp = self.vtotal.file_report([fileHash]) if resp["status_code"] in (200, 204): if resp["status_code"] == 204: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) while resp["json_resp"]["response_code"] == -2: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) no_detected_list = [] detected_list = [] detected_types = [] for antivirus in resp["json_resp"]["scans"]: if resp["json_resp"]["scans"][antivirus]["detected"]: detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if not resp["json_resp"]["scans"][antivirus][ "result"] in detected_types: detected_types.append(resp["json_resp"]["scans"] [antivirus]["result"]) else: no_detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if detected_list: data = {} data["detected_list"] = detected_list data["detected_types"] = detected_types data["no_detected_list"] = no_detected_list return json.dumps({"Detected": data}, indent=4, sort_keys=True) return json.dumps({"No detected": no_detected_list}, indent=4, sort_keys=True) return resp except Exception as e: Logger.printMessage(message="isBadFileHash", description=str(e), is_error=True) return str(e) def isBadFile(self, filename, virustotal_api=None): try: if not virustotal_api: virustotal_api = ht.Config.config['API']['virustotal'] Logger.printMessage(message="isBadFile", description=filename, debug_module=True) self.vtotal = Virustotal(virustotal_api) response = self.vtotal.file_scan(filename) if response["status_code"] == 200: scan_id = str(response["json_resp"]["scan_id"]) time.sleep(2) resp = self.isBadFileHash(scan_id, virustotal_api) return resp except Exception as e: Logger.printMessage(message="isBadFile", description=str(e), is_error=True) return str(e)
async def vt(event): await event.edit(f"Analyzing Datas......") input_str = event.pattern_match.group(1) if not os.path.isdir(TEMP_DOWNLOAD_DIRECTORY): os.makedirs(TEMP_DOWNLOAD_DIRECTORY) if "|" in input_str: url, file_name = input_str.split("|") url = url.strip() file_name = file_name.strip() head, tail = os.path.split(file_name) if head: if not os.path.isdir(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)): os.makedirs(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)) file_name = os.path.join(head, tail) downloaded_file_name = TEMP_DOWNLOAD_DIRECTORY + "" + file_name downloader = SmartDL(url, downloaded_file_name, progress_bar=False) downloader.start(blocking=False) c_time = time.time() display_message = None while not downloader.isFinished(): status = downloader.get_status().capitalize() total_length = downloader.filesize if downloader.filesize else None downloaded = downloader.get_dl_size() now = time.time() diff = now - c_time percentage = downloader.get_progress() * 100 speed = downloader.get_speed() elapsed_time = round(diff) * 1000 progress_str = "[{0}{1}] {2}%".format( ''.join(["█" for i in range(math.floor(percentage / 10))]), ''.join(["░" for i in range(10 - math.floor(percentage / 10))]), round(percentage, 2)) estimated_total_time = downloader.get_eta(human=True) try: current_message = f"{status}..\ \nURL: {url}\ \nFile Name: {file_name}\ \n{progress_str}\ \n{humanbytes(downloaded)} of {humanbytes(total_length)}\ \nETA: {estimated_total_time}" if round(diff % 10.00) == 0 and current_message != display_message: await event.edit(current_message) display_message = current_message except Exception as e: LOGS.info(str(e)) if downloader.isSuccessful(): await event.edit(f"{text} \n\nDownloaded successfully !!") else: await event.edit("Incorrect URL\n{}".format(url)) elif event.reply_to_msg_id: try: c_time = time.time() downloaded_file_name = await event.client.download_media( await event.get_reply_message(), TEMP_DOWNLOAD_DIRECTORY, progress_callback=lambda d, t: asyncio.get_event_loop( ).create_task( progress(d, t, event, c_time, f"{text} \n\nDownloading..."))) except Exception as e: # pylint:disable=C0103,W0703 await event.edit(str(e)) else: await event.edit(f"{text} \n\nDownloaded successfully !!") else: return await event.edit(f"Error\n`Reply to a file to scan.`") await event.edit(" `Scanning......`") vscan = downloaded_file_name if a ==2: return await event.edit("`You need to Update wolfs to use this command.......`") if not vscan: return await event.edit("`Unknown command type !help virus_scan for more info`") try: vtotal = Virustotal(Vapi) except: return await event.edit("Failed to connect virus total , is api key added? type `!help virus_scan` for more info") try: vr = vtotal.file_scan(vscan) except: return await event.edit("`Unknown command type !help virus_scan for more info") test = vr['json_resp'] ; link = test['permalink'] ; scan_id = test['scan_id'] ; response_code = test['response_code'] return await event.edit("" f"• **Virus Total Response Code:** `{response_code}`\n" f"• **Scan Results:** [ClickHere]({link}) ")
def main(): parser = argparse.ArgumentParser( description= "Scan a single file in VirusTotal and waits until report is complete") parser.add_argument('file', help='File to be scanned') args = parser.parse_args() if 'VT_API_KEY' not in os.environ: LOGGER.error('VT_API_KEY environment variable not set.') sys.exit(SCAN_ERROR) LOGGER.debug('Initialzing VirusTotal API') vt_api_key = os.environ['VT_API_KEY'] vt = Virustotal(vt_api_key) # Hash file LOGGER.info('Checking if report already exists via file hash.') file_hash = sha256sum(args.file) try: response = vt.file_report([file_hash]) except ConnectionError as e: err_str = str(e) LOGGER.error(f"Connection error to VT: {err_str}.") sys.exit(SCAN_ERROR) ret = parse_response(response) # If report is available, just exit with the appropriate RC if ret != SCAN_NOT_FOUND: ret_str = RET_STR_INFECTED if ret else RET_STR_CLEAN LOGGER.info(f"Report found. Status: {ret_str}.") sys.exit(ret) # Send file to VT for scanning try: LOGGER.info( 'Report not found. Sending file to VirusTotal for scanning.') vt.file_scan(args.file) except ConnectionError as e: err_str = str(e) LOGGER.error(f"Connection error to VT: {err_str}") sys.exit(SCAN_ERROR) while ret == SCAN_NOT_FOUND: LOGGER.info(f"Scan still running, sleeping for {WAIT_TIME} seconds.") sleep(WAIT_TIME) # Try again try: response = vt.file_report([file_hash]) except ConnectionError as e: err_str = str(e) LOGGER.error( f"Temporary connection error to VT: {err_str}... Retrying in {WAIT_TIME} seconds." ) continue ret = parse_response(response) ret_str = RET_STR_INFECTED if ret else RET_STR_CLEAN LOGGER.info(f"Scan finished. Status: {ret_str}.") sys.exit(ret)
async def vt(event): await event.edit(f"Analyzing Datas......") input_str = event.pattern_match.group(1) if not os.path.isdir(TEMP_DOWNLOAD_DIRECTORY): os.makedirs(TEMP_DOWNLOAD_DIRECTORY) if "|" in input_str: url, file_name = input_str.split("|") url = url.strip() file_name = file_name.strip() head, tail = os.path.split(file_name) if head: if not os.path.isdir(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)): os.makedirs(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)) file_name = os.path.join(head, tail) downloaded_file_name = TEMP_DOWNLOAD_DIRECTORY + "" + file_name downloader = SmartDL(url, downloaded_file_name, progress_bar=False) downloader.start(blocking=False) c_time = time.time() display_message = None while not downloader.isFinished(): status = downloader.get_status().capitalize() total_length = downloader.filesize if downloader.filesize else None downloaded = downloader.get_dl_size() now = time.time() diff = now - c_time percentage = downloader.get_progress() * 100 speed = downloader.get_speed() elapsed_time = round(diff) * 1000 progress_str = "[{0}{1}] {2}%".format( ''.join(["█" for i in range(math.floor(percentage / 10))]), ''.join(["░" for i in range(10 - math.floor(percentage / 10))]), round(percentage, 2)) estimated_total_time = downloader.get_eta(human=True) try: current_message = f"{status}..\ \nURL: {url}\ \nFile Name: {file_name}\ \n{progress_str}\ \n{humanbytes(downloaded)} of {humanbytes(total_length)}\ \nETA: {estimated_total_time}" if round(diff % 10.00) == 0 and current_message != display_message: await event.edit(current_message) display_message = current_message except Exception as e: LOGS.info(str(e)) if downloader.isSuccessful(): await event.edit(f"{text} \n\nDownloaded successfully !!") else: await event.edit("Incorrect URL\n{}".format(url)) elif event.reply_to_msg_id: try: c_time = time.time() downloaded_file_name = await event.client.download_media( await event.get_reply_message(), TEMP_DOWNLOAD_DIRECTORY, progress_callback=lambda d, t: asyncio.get_event_loop( ).create_task( progress(d, t, event, c_time, f"{text} \n\nDownloading...") )) except Exception as e: # pylint:disable=C0103,W0703 await event.edit(str(e)) else: await event.edit(f"{text} \n\nDownloaded successfully !!") else: return await event.edit(f"Error\n`Reply to a file to scan.`") await event.edit(" `Scanning......`") vscan = downloaded_file_name if not vscan: return await event.edit("`downloaded_file missing`") try: vtotal = Virustotal(Vapi) except: return await event.edit( "Failed to connect virus total , is api key added? type `!help virus_scan` for more info" ) try: vr = vtotal.file_scan(vscan) test = vr['json_resp'] link = test['permalink'] scan_id = test['scan_id'] response_code = test['response_code'] return await event.edit( "" f"• **Virus Total Response Code:** `{response_code}`\n" f"• **Scan Results:** [ClickHere]({link}) ") except: url = "https://www.virustotal.com/vtapi/v2/file/scan" params = {"apikey": Vapi} files = { "file": (downloaded_file_name, open(downloaded_file_name, "rb")) } response = requests.post(url, files=files, params=params) try: a = response.json() b = a["permalink"] except Exception as e: await event.edit(str(e)) try: await event.edit( f"<b><u> File Scan Request Complete</u></b>\n\n<b>Link of the report:-</b>\n{b}\n\nNote:- Please open the link after 5-10 minutes.", parse_mode="HTML", ) except Exception as e: await event.edit(str(e)) else: await event.edit("Some Internal Issus")