def Analyze(self, hashes):
"""Looks up hashes in nsrlsvr.
Args:
hashes (list[str]): hash values to look up.
Returns:
list[HashAnalysis]: analysis results, or an empty list on error.
"""
logging.debug('Opening connection to {0:s}:{1:d}'.format(
self._host, self._port))
nsrl_socket = self._GetSocket()
if not nsrl_socket:
self.SignalAbort()
return []
hash_analyses = []
for digest in hashes:
response = self._QueryHash(nsrl_socket, digest)
if response is None:
continue
hash_analysis = interface.HashAnalysis(digest, response)
hash_analyses.append(hash_analysis)
nsrl_socket.close()
logging.debug('Closed connection to {0:s}:{1:d}'.format(
self._host, self._port))
return hash_analyses
def Analyze(self, hashes):
"""Looks up hashes in VirusTotal using the VirusTotal HTTP API.
The API is documented here:
https://www.virustotal.com/en/documentation/public-api/
Args:
hashes (list[str]): hashes to look up.
Returns:
list[HashAnalysis]: analysis results.
Raises:
RuntimeError: If the VirusTotal API key has not been set.
"""
if not self._api_key:
raise RuntimeError('No API key specified for VirusTotal lookup.')
hash_analyses = []
json_response = self._QueryHashes(hashes) or []
# VirusTotal returns a dictionary when a single hash is queried
# and a list when multiple hashes are queried.
if isinstance(json_response, dict):
json_response = [json_response]
for result in json_response:
resource = result['resource']
hash_analysis = interface.HashAnalysis(resource, result)
hash_analyses.append(hash_analysis)
return hash_analyses
def Analyze(self, hashes):
"""Looks up hashes in VirusTotal using the VirusTotal HTTP API.
The API is documented here:
https://www.virustotal.com/en/documentation/public-api/
Args:
hashes: A list of hashes (strings) to look up.
Returns:
A list of HashAnalysis objects.
Raises:
RuntimeError: If the VirusTotal API key has not been set.
"""
if not self._api_key:
raise RuntimeError(u'No API key specified for VirusTotal lookup.')
hash_analyses = []
resource_string = u', '.join(hashes)
params = {u'apikey': self._api_key, u'resource': resource_string}
try:
json_response = self.MakeRequestAndDecodeJSON(
self._VIRUSTOTAL_API_REPORT_URL, u'GET', params=params)
except errors.ConnectionError as exception:
logging.error(
(u'Error communicating with VirusTotal {0:s}. VirusTotal plugin is '
u'aborting.').format(exception))
self.SignalAbort()
return hash_analyses
# The content of the response from VirusTotal has a different structure if
# one or more than one hash is looked up at once.
if isinstance(json_response, dict):
# Only one result.
resource = json_response[u'resource']
hash_analysis = interface.HashAnalysis(resource, json_response)
hash_analyses.append(hash_analysis)
else:
for result in json_response:
resource = result[u'resource']
hash_analysis = interface.HashAnalysis(resource, result)
hash_analyses.append(hash_analysis)
return hash_analyses
def Analyze(self, hashes):
"""Looks up hashes in Viper using the Viper HTTP API.
The API is documented here:
https://viper-framework.readthedocs.org/en/latest/usage/web.html#api
Args:
hashes: A list of hashes (strings) to look up. The Viper plugin supports
only one hash at a time.
Returns:
A list of hash analysis objects (instances of HashAnalysis).
Raises:
RuntimeError: If no host has been set for Viper.
ValueError: If the hashes list contains a number of hashes other than
one.
"""
if not self._host:
raise RuntimeError(u'No host specified for Viper lookup.')
if len(hashes) != 1:
raise ValueError(
u'Unsupported number of hashes provided. Viper supports only one '
u'hash at a time.')
sha256 = hashes[0]
hash_analyses = []
url = u'{0:s}://{1:s}/{2:s}'.format(self._protocol, self._host,
self._VIPER_API_PATH)
params = {u'sha256': sha256}
try:
json_response = self.MakeRequestAndDecodeJSON(url,
u'POST',
data=params)
except errors.ConnectionError as exception:
logging.error(
(u'Error communicating with Viper {0:s}. Viper plugin is '
u'aborting.').format(exception))
self.SignalAbort()
return hash_analyses
hash_analysis = interface.HashAnalysis(sha256, json_response)
hash_analyses.append(hash_analysis)
return hash_analyses
def Analyze(self, hashes):
"""Looks up hashes in Viper using the Viper HTTP API.
Args:
hashes (list[str]): hashes to look up.
Returns:
list[HashAnalysis]: hash analysis.
Raises:
RuntimeError: If no host has been set for Viper.
"""
hash_analyses = []
for digest in hashes:
json_response = self._QueryHash(digest)
hash_analysis = interface.HashAnalysis(digest, json_response)
hash_analyses.append(hash_analysis)
return hash_analyses