def judge(self, filepath): ''' virustotal에 특정 파일 검사 :param filepath: 검사 대상 path :param api_key: virustotal API_KEY :return: 결과 boolean True : Non-malware, False : malware ''' # Normal Initialisation. vtotal = Virustotal(self.api_key) result = vtotal.file_scan(filepath) print('>> Virustotal Search report. <<') json_resp = result['json_resp'] md5 = json_resp['md5'].strip() print('result link : ', json_resp['permalink']) url = 'https://www.virustotal.com/vtapi/v2/file/report' params = {'apikey': self.api_key, 'resource': md5} response = requests.get(url, params=params) total = response.json()['total'] positives = response.json()['positives'] print('Result : (' + str(total) + ' / ' + str(positives) + ')') if positives == 0: vtotal_judge = True else: vtotal_judge = False # 최종 검사 결과, 탐지 횟 수 return vtotal_judge, positives, total, json_resp['permalink']
def virustotal(host): # VT接口,主要用来查询PDNS,绕过CDN pdns = [] history_ip = [] # sys.stdout.write(bcolors.RED + "\nPDNS:\n" + bcolors.ENDC) if VIRUSTOTAL_API: try: vtotal = Virustotal(VIRUSTOTAL_API) if re.search(r'\d+\.\d+\.\d+\.\d+', host): return None resp = vtotal.domain_report(host) if resp.get('status_code') != 403: for i in resp.get('json_resp').get('resolutions'): address = i.get('ip_address') timeout = i.get('last_resolved') if iscdn(address): history_ip.append(address + ' : ' + timeout) pdns = history_ip[10:] except: pass pdns.extend(ipinfo(host)) if pdns: for i in pdns[:10]: console('PDNS', host, i + '\n') else: console('PDNS', host, 'None\n') return pdns
def isBadFileHash(self, fileHash, virustotal_api=None, session_id=None): try: if not virustotal_api: virustotal_api = ht.Config.getAPIKey('virustotal_api', session_id) self.vtotal = Virustotal(virustotal_api) resp = self.vtotal.file_report([fileHash]) if resp["status_code"] in (200, 204): if resp["status_code"] == 204: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) while resp["json_resp"]["response_code"] == -2: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) no_detected_list = [] detected_list = [] detected_types = [] for antivirus in resp["json_resp"]["scans"]: if resp["json_resp"]["scans"][antivirus]["detected"]: detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if not resp["json_resp"]["scans"][antivirus][ "result"] in detected_types: detected_types.append(resp["json_resp"]["scans"] [antivirus]["result"]) else: no_detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if detected_list: data = {} data["detected_list"] = detected_list data["detected_types"] = detected_types data["no_detected_list"] = no_detected_list return json.dumps({"Detected": data}, indent=4, sort_keys=True) return json.dumps({"No detected": no_detected_list}, indent=4, sort_keys=True) return resp except Exception as e: Logger.printMessage(message="isBadFileHash", description=str(e), is_error=True) return str(e)
def check_api(key): try: urllib.request.urlopen('https://www.duckduckgo.com') # opens url to check internet connection scanner = Virustotal(key) scanner.url_scan(['www.vulnweb.com']) report = scanner.url_report(['www.vulnweb.com']) if report['status_code'] == 403: # checks if status code is 403 return True else: return False except urllib.error.URLError: input('Connect to internet...') exit()
def virustotal(host): # VT接口,主要用来查询PDNS,绕过CDN vtotal = Virustotal(virustotal_api) if re.search(r'\d+\.\d+\.\d+\.\d+', host): return ['None'] resp = vtotal.domain_report(host) history_ip = [] if resp.get('status_code') != 403: for i in resp.get('json_resp').get('resolutions'): address = i.get('ip_address') timeout = i.get('last_resolved') if iscdn(address): history_ip.append(address + ' : ' + timeout) return history_ip[-10:] else: return ['None']
def check_file(key, file): msg() # prints scanning message scanner = Virustotal(key) # passing api key to Virustotal class scanner.file_scan(file) # scans the file for virus with open(file, 'rb') as f: # opens file in read binary mode read = f.read() # reads opened file file_hash = hashlib.sha256(read).hexdigest() # Get sha256 hash of file report = scanner.file_report([file_hash]) # passing hash value of file to file_report function and returns report try: print('\n\nREPORT:\nStatus code:', report['status_code']) # Prints all the reports print('Scan date:', report['json_resp']['scan_date']) print('Verbose msg:', report['json_resp']['verbose_msg']) print('Antivirus Scanned:', report['json_resp']['total']) print('Positives:', report['json_resp']['positives']) print('sha256:', report['json_resp']['sha256']) print('md5:', report['json_resp']['md5']) except KeyError: print('\n""Maximum four scans per minute""')
def check_url(key): url = input('\nEnter URL: ') # Get url from the user try: urllib.request.urlopen('http://' + url) # Checks the given url is valid msg() # prints scanning message scanner = Virustotal(key) # passing api key to Virustotal class scanner.url_scan([url]) # passing url to url_scan function report = scanner.url_report([url]) # returns report of the url try: print('\n\nREPORT:\nStatus_code:', report['status_code']) # Prints all the reports print('Scan date:', report['json_resp']['scan_date']) print('URL:', report['json_resp']['url']) print('Verbose msg:', report['json_resp']['verbose_msg']) print('Total Scanned:', report['json_resp']['total']) print('Positives:', report['json_resp']['positives']) except KeyError: print('\n""Maximum four scans per minute""') # prints if you reach maximum attempts except: print('Invalid URL')
def isBadFile(self, filename, virustotal_api=None): try: if not virustotal_api: virustotal_api = ht.Config.config['API']['virustotal'] Logger.printMessage(message="isBadFile", description=filename, debug_module=True) self.vtotal = Virustotal(virustotal_api) response = self.vtotal.file_scan(filename) if response["status_code"] == 200: scan_id = str(response["json_resp"]["scan_id"]) time.sleep(2) resp = self.isBadFileHash(scan_id, virustotal_api) return resp except Exception as e: Logger.printMessage(message="isBadFile", description=str(e), is_error=True) return str(e)
class VirusTotalExtractor(FeatureExtractor): def __init__(self, file, pefile_parsed=None, lief_parsed=None): super().__init__(file, pefile_parsed, lief_parsed) self.endpoint = Virustotal(API_KEY=VIRUSTOTAL_API_KEY) def extract(self, **kwargs): features = {} # First hash the file so we don't re-request analysis on previously analyzed files md5_hash = hashlib.md5(open(self.file, 'rb').read()).hexdigest() # Should there be a delay before analysis_response? analysis_response = self.endpoint.request("file/report", { "resource": md5_hash }).json() # Send over the file if we don't have a response if analysis_response["response_code"] == 0: encoding = { "file": (os.path.basename(self.file), open(os.path.abspath(self.file), "rb")) } queue_response = self.endpoint.request("file/scan", files=encoding, method="POST").json() analysis_response = self.endpoint.request( "file/report", { "resource": queue_response["resource"] }).json() # Features for each scanner for scan in analysis_response['scans']: features['virustotal_' + scan] = analysis_response['scans'][scan]['detected'] # Total # of positives features['virustotal_total_positives'] = analysis_response['positives'] for key, value in features.items(): features[key] = int(value) return features
def virustotal_object(request): API_KEY = "Insert API Key Here." yield Virustotal(API_KEY) def fin(): """ Sleep for 30 seconds after each test; to avoid Virustotal 403 rate quota limit. """ print("Sleeping for 30 seconds...") sleep(30) request.addfinalizer(fin)
class StartModule(): def __init__(self): self._main_gui_func_ = 'isBadFile' self.__gui_label__ = 'Virustotal Search' def help(self): Logger.printMessage( message=ht.getFunctionsNamesFromModule('ht_virustotal'), debug_module=True) def isBadFileHash(self, fileHash, virustotal_api=None, session_id=None): try: if not virustotal_api: virustotal_api = ht.Config.getAPIKey('virustotal_api', session_id) self.vtotal = Virustotal(virustotal_api) resp = self.vtotal.file_report([fileHash]) if resp["status_code"] in (200, 204): if resp["status_code"] == 204: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) while resp["json_resp"]["response_code"] == -2: Logger.printMessage( message="isBadFileHash", description="Testing - {hash} - Waiting 2 seconds...". format(hash=fileHash), debug_module=True) time.sleep(2) return self.isBadFileHash(fileHash, virustotal_api) no_detected_list = [] detected_list = [] detected_types = [] for antivirus in resp["json_resp"]["scans"]: if resp["json_resp"]["scans"][antivirus]["detected"]: detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if not resp["json_resp"]["scans"][antivirus][ "result"] in detected_types: detected_types.append(resp["json_resp"]["scans"] [antivirus]["result"]) else: no_detected_list.append( (antivirus, resp["json_resp"]["scans"][antivirus]["version"])) if detected_list: data = {} data["detected_list"] = detected_list data["detected_types"] = detected_types data["no_detected_list"] = no_detected_list return json.dumps({"Detected": data}, indent=4, sort_keys=True) return json.dumps({"No detected": no_detected_list}, indent=4, sort_keys=True) return resp except Exception as e: Logger.printMessage(message="isBadFileHash", description=str(e), is_error=True) return str(e) def isBadFile(self, filename, virustotal_api=None): try: if not virustotal_api: virustotal_api = ht.Config.config['API']['virustotal'] Logger.printMessage(message="isBadFile", description=filename, debug_module=True) self.vtotal = Virustotal(virustotal_api) response = self.vtotal.file_scan(filename) if response["status_code"] == 200: scan_id = str(response["json_resp"]["scan_id"]) time.sleep(2) resp = self.isBadFileHash(scan_id, virustotal_api) return resp except Exception as e: Logger.printMessage(message="isBadFile", description=str(e), is_error=True) return str(e)
class ExternalTesting: # This requires a virustotal API key VIRUSTOTAL = 4 # This requires the installation of the Malice multiscanner along with installed scanner plugins MALICE = 2 NONE = 0 MALICE_SCANNERS = [ 'malice/avast', 'malice/avg', 'malice/clamav', 'malice/comodo', 'malice/escan', 'malice/fprot', 'malice/fsecure', 'malice/mcafee', 'malice/sophos', 'malice/zoner' ] # Initialize module logfile and tool output file to STDOUT, initialize output headers def __init__(self): self.logfile = stdout self.output = False self.virus_total = None self.virus_total_output_path = '' self.malice_output_path = '' self.scanners = ExternalTesting.NONE @staticmethod def check_or_make_path(target_path): if not path.isdir(target_path): mkdir(target_path) def get_scanners(self): return self.MALICE_SCANNERS # Specify module logfile manually def set_logfile(self, logfile_path): self.logfile = open(logfile_path, 'w') # Specify module logfile directory, but use default name for logfile def set_logfile_by_directory(self, logfile_directory): self.logfile = open( path.join(logfile_directory, 'external_scanner.log'), 'w') # Flush module logfile def flush_logfile(self): self.logfile.flush() # Close module logfile def close_logfile(self): if self.logfile != stdout: self.logfile.close() # Specify tool output file def set_output_directory(self, output_path): self.check_or_make_path(output_path) if self.scanners and self.VIRUSTOTAL: self.virus_total_output_path = path.join(output_path, 'VirusTotal') ExternalTesting.check_or_make_path(self.virus_total_output_path) if self.scanners and self.MALICE: self.malice_output_path = path.join(output_path, 'Malice') ExternalTesting.check_or_make_path(self.malice_output_path) self.output = True # Flush tool output file def flush_output(self): self.output.flush() # Close tool output file def close_output(self): if self.output != stdout: self.output.close() # Close all logfiles (tool output, module logs) def close(self): self.close_logfile() self.close_output() def set_virus_total_key(self, key): self.virus_total = Virustotal(key) def set_external_scanners(self, setting): if setting in [ ExternalTesting.NONE, ExternalTesting.MALICE, ExternalTesting.VIRUSTOTAL, ExternalTesting.MALICE | ExternalTesting.VIRUSTOTAL ]: self.scanners = setting return True else: return False def check_virus_total(self): if self.virus_total: return True else: return False # This function expects input in the form of destination filename, md5 sum, and path to file to scan. The output is # a .json file (if the VirusTotal api is enabled) and an .md file (if the Malice command is enabled). def process_file_list_multiscanner(self, md5_list): if (self.scanners == self.NONE): return False if (self.scanners and self.VIRUSTOTAL) and not (self.check_virus_total()): raise AttributeError( 'VirusTotal API invoked without providing a key using the virus_total_key(key) method' ) for entry in md5_list: if self.scanners and self.VIRUSTOTAL: self.logfile.write('Invoking VirusTotal on {}.'.format( entry[2])) destination_file_path = path.join(self.virus_total_output_path, '{}.json'.format(entry[0])) print(destination_file_path) virus_total_report = self.virus_total.file_report([entry[1]]) if self.output: with open(destination_file_path, 'w') as write_file: pprint(virus_total_report, write_file) self.logfile.write( "Wrote VirusTotal report for {} to {}".format( entry[2], destination_file_path)) else: pprint(virus_total_report) if self.scanners and self.MALICE: self.logfile.write('Invoking Malice Scanner on {}.'.format( entry[2])) destination_file_path = path.join(self.malice_output_path, '{}.md'.format(entry[0])) malice_output = "" for scanner in self.MALICE_SCANNERS: print(entry[2], scanner) command = "docker run --rm -v {}:/malware:ro {} -t " \ "/malware/{}".format(path.dirname(entry[2]), scanner, path.basename(entry[2])) malice = run(command, shell=True, encoding=getfilesystemencoding(), stdout=PIPE) malice_output += malice.stdout if self.output: with open(destination_file_path, 'w') as write_file: write_file.write(malice_output) self.logfile.write( "Wrote Malice output {} to {}".format( entry[2], destination_file_path)) else: print(malice_output) return True
CONFIG = json.load(f) except FileNotFoundError: with open("Config.json", "w") as f: json.dump( { 'Discord_Bot_Token': 'YOURTOKEN', 'VirusTotalToken': 'YOURTOKEN', 'YourDiscordId': '0', 'Prefix': '&' }, f) raise Exception( "Missing Config.json. I added it, please fill it out yourself! (Intended at first excecution)" ) print("url tester unit loaded with key " + CONFIG['VirusTotalToken']) vtotal = Virustotal(API_KEY=CONFIG['VirusTotalToken'], API_VERSION="v3") async def get_url_embed(url: str, ctx): embed = discord.Embed(title="VirusTotalBot URL Check", description="Information about " + url, color=discord.Colour.green()) embed.set_author(name=str(ctx.author)) try: # See https://github.com/dbrennand/virustotal-python resp = vtotal.request("urls", data={"url": url}, method="POST") await sleep( 12 ) # This is supoptimal but seems to be necessary in order of ensuring that the url gets testet url_id = urlsafe_b64encode(url.encode()).decode().strip("=") analysis_resp = vtotal.request(f"urls/{url_id}")
#!/usr/bin/python3 #Author: Nicholas Roddy #The goal of this program is to take a malicious URL and defang it inorder to allow it to be shared safely, or for it to be refanged for further analysis. #Additionally, this program takes the refanged URL and runs scans against it using the Virus Total API and returns the results for initial analysis. #Imports modules for menu and defanging process import argparse from pprint import pprint from defang import defang, refang from pyfiglet import Figlet from colorama import init, Fore, Style from virustotal_python import Virustotal from virustotal_python.virustotal import VirustotalError init(convert=True) #Allows colorama to be initialized vtotal = Virustotal(API_KEY="ENTER API KEY") #imports Virus Total API #Takes a Malcious URL and defangs them def defang_func(): #Determines fonts custom_fig = Figlet(font='doom') subtext_fig = Figlet(font='digital') sub = "With all the stuff you care about & none of the stuff you don\'t!" #Subtext for menu #Main Menu print(Fore.CYAN + custom_fig.renderText('URL Pacifier v4.1')) print(Style.DIM + Fore.YELLOW + subtext_fig.renderText(sub.center(40))) print( Fore.CYAN +
def set_virus_total_key(self, key): self.virus_total = Virustotal(key)
# Obtain the URL ID URL_ID = urlsafe_b64encode(DOMAIN.encode()).decode().strip("=") # Example IP address (Google DNS) IP = "8.8.8.8" # Example ID of a graph ## NOTE: There are no comments on this graph so an empty list is returned GRAPH_ID = "g70fae134aefc4e2f90f069aba47d15a92e0073564310443aa0b6ca3384f5240d" # Example comment ID COMMENT_ID = "f-9f101483662fc071b7c10f81c64bb34491ca4a877191d464ff46fd94c7247115-07457619" # v2 examples vtotal = Virustotal(API_KEY=API_KEY) # Retrieve comments for a given file ID resp = vtotal.request("comments/get", params={"resource": FILE_ID}) pprint(resp.json()) # Create a comment for a given file ID resp = vtotal.request("comments/put", params={"resource": FILE_ID, "comment": "Wow, this looks like a #malicious file!"}, method="POST") pprint(resp.json()) # v3 examples vtotal = Virustotal(API_KEY=API_KEY, API_VERSION="v3") ## Retriving comments for resources
import olefile import os import sys import shutil import hashlib from virustotal_python import Virustotal import json from pprint import pprint BUFFER_SIZE=8899 file_l=[] virus_total = Virustotal("#virus_total api key") def hash_to_vtotal(): global ole_win file_hash_SHA256= hashlib.sha256() file_hash_MD5=hashlib.md5() for file in file_l: with open(file,'rb') as f: file_bs=f.read(BUFFER_SIZE) while len(file_bs)>0: file_bs=f.read(BUFFER_SIZE) file_hash_SHA256.update(file_bs) file_hash_MD5.update(file_bs) print(file) print(file+":macro/vba detected") print(os.path.abspath(file)) print('SHA-256:',file_hash_SHA256.hexdigest()) print('MD5:',file_hash_MD5.hexdigest()) meta=ole_win.get_metadata() shutil.copy(file,sys.argv[2]) print('Macro copied to',sys.argv[2])
from virustotal_python import Virustotal import time import json from pprint import pprint import re # api_key = <YOUR VIRUSTOTAL API KEY> get one here: https://developers.virustotal.com/reference # save your api key in a text file named "vt_api.txt". This snippet of code will read the api key instead of hardcoding it, for security. # or delete this and hard code it above with open("vt_api.txt", "r") as f: api_key = f.readline() vtotal = Virustotal(api_key) # virustotal API key # the urls flagged malicious are saved here LIKELY_PHISHES = [] API_LIMIT_SECONDS = 15 GET_SCAN_REPORT_SECONDS = 5 def main(): print( "Welcome. Enter 1 or more URLS. Press ENTER again after last entry:") urls = get_urls() decoded_urls = decode_url(urls) scan_all_urls(decoded_urls) print( str(len(LIKELY_PHISHES)) + " out of " + str(len(decoded_urls)) + " are phishes.\nHere they are:") display_phishes()
Retrieve information about a file from the VirusTotal API. Documentation: * v2 documentation - https://developers.virustotal.com/reference#file-report * v3 documentation - https://developers.virustotal.com/v3.0/reference#file-info """ from virustotal_python import Virustotal from pprint import pprint API_KEY = "Insert API key here." # The ID (either SHA-256, SHA-1 or MD5) identifying the file FILE_ID = "9f101483662fc071b7c10f81c64bb34491ca4a877191d464ff46fd94c7247115" # v2 example vtotal = Virustotal(API_KEY=API_KEY) resp = vtotal.request("file/report", {"resource": FILE_ID}) print(resp.response_code) pprint(resp.json()) # v3 example vtotal = Virustotal(API_KEY=API_KEY, API_VERSION="v3") resp = vtotal.request(f"files/{FILE_ID}") pprint(resp.data)
Documentation: * v2 documentation - https://developers.virustotal.com/reference#ip-address-report * v3 documentation - https://developers.virustotal.com/v3.0/reference#ip-addresses """ from virustotal_python import Virustotal from pprint import pprint API_KEY = "Insert API key here." # Example IP address (Google DNS) IP = "8.8.8.8" # v2 examples vtotal = Virustotal(API_KEY=API_KEY) ## Retrieve information about an IP address resp = vtotal.request("ip-address/report", params={"ip": IP}) pprint(resp.json()) # v3 examples vtotal = Virustotal(API_KEY=API_KEY, API_VERSION="v3") # Retrieve information about an IP address resp = vtotal.request(f"ip_addresses/{IP}") # Retrieve objects (relationships) related to an IP address # Retrieve historical_whois relationship to the IP address # For other relationships, see the table at: https://developers.virustotal.com/v3.0/reference#ip-relationships resp = vtotal.request(f"ip_addresses/{IP}/historical_whois")
def virustotal(host): # VT接口,主要用来查询PDNS,绕过CDN vtotal = Virustotal(virustotal_api) if re.search(r'\d+\.\d+\.\d+\.\d+', host): return ['None'] resp = vtotal.domain_report(host) history_ip = [] # 通过VT查询pdns,然后排除国内外常见的cdn段,如果出现极有可能是真实ip cdns = [ '173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18', '108.162.192.0/18', '190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15', '104.16.0.0/12', '172.64.0.0/13', '131.0.72.0/22', '13.124.199.0/24', '144.220.0.0/16', '34.226.14.0/24', '52.124.128.0/17', '54.230.0.0/16', '54.239.128.0/18', '52.82.128.0/19', '99.84.0.0/16', '52.15.127.128/26', '35.158.136.0/24', '52.57.254.0/24', '18.216.170.128/25', '13.54.63.128/26', '13.59.250.0/26', '13.210.67.128/26', '35.167.191.128/26', '52.47.139.0/24', '52.199.127.192/26', '52.212.248.0/26', '205.251.192.0/19', '52.66.194.128/26', '54.239.192.0/19', '70.132.0.0/18', '13.32.0.0/15', '13.224.0.0/14', '13.113.203.0/24', '34.195.252.0/24', '35.162.63.192/26', '34.223.12.224/27', '13.35.0.0/16', '204.246.172.0/23', '204.246.164.0/22', '52.56.127.0/25', '204.246.168.0/22', '13.228.69.0/24', '34.216.51.0/25', '71.152.0.0/17', '216.137.32.0/19', '205.251.249.0/24', '99.86.0.0/16', '52.46.0.0/18', '52.84.0.0/15', '54.233.255.128/26', '130.176.0.0/16', '64.252.64.0/18', '52.52.191.128/26', '204.246.174.0/23', '64.252.128.0/18', '205.251.254.0/24', '143.204.0.0/16', '205.251.252.0/23', '52.78.247.128/26', '204.246.176.0/20', '52.220.191.0/26', '13.249.0.0/16', '54.240.128.0/18', '205.251.250.0/23', '52.222.128.0/17', '54.182.0.0/16', '54.192.0.0/16', '34.232.163.208/29', '58.250.143.0/24', '58.251.121.0/24', '59.36.120.0/24', '61.151.163.0/24', '101.227.163.0/24', '111.161.109.0/24', '116.128.128.0/24', '123.151.76.0/24', '125.39.46.0/24', '140.207.120.0/24', '180.163.22.0/24', '183.3.254.0/24', '223.166.151.0/24', '113.107.238.0/24', '106.42.25.0/24', '183.222.96.0/24', '117.21.219.0/24', '116.55.250.0/24', '111.202.98.0/24', '111.13.147.0/24', '122.228.238.0/24', '58.58.81.0/24', '1.31.128.0/24', '123.155.158.0/24', '106.119.182.0/24', '180.97.158.0/24', '113.207.76.0/24', '117.23.61.0/24', '118.212.233.0/24', '111.47.226.0/24', '219.153.73.0/24', '113.200.91.0/24', '1.32.240.0/24', '203.90.247.0/24', '183.110.242.0/24', '202.162.109.0/24', '182.23.211.0/24', '1.32.242.0/24', '1.32.241.0/24', '202.162.108.0/24', '185.254.242.0/24', '109.94.168.0/24', '109.94.169.0/24', '1.32.243.0/24', '61.120.154.0/24', '1.255.41.0/24', '112.90.216.0/24', '61.213.176.0/24', '1.32.238.0/24', '1.32.239.0/24', '1.32.244.0/24', '111.32.135.0/24', '111.32.136.0/24', '125.39.174.0/24', '125.39.239.0/24', '112.65.73.0/24', '112.65.74.0/24', '112.65.75.0/24', '119.84.92.0/24', '119.84.93.0/24', '113.207.100.0/24', '113.207.101.0/24', '113.207.102.0/24', '180.163.188.0/24', '180.163.189.0/24', '163.53.89.0/24', '101.227.206.0/24', '101.227.207.0/24', '119.188.97.0/24', '119.188.9.0/24', '61.155.149.0/24', '61.156.149.0/24', '61.155.165.0/24', '61.182.137.0/24', '61.182.136.0/24', '120.52.29.0/24', '120.52.113.0/24', '222.216.190.0/24', '219.159.84.0/24', '183.60.235.0/24', '116.31.126.0/24', '116.31.127.0/24', '117.34.13.0/24', '117.34.14.0/24', '42.236.93.0/24', '42.236.94.0/24', '119.167.246.0/24', '150.138.149.0/24', '150.138.150.0/24', '150.138.151.0/24', '117.27.149.0/24', '59.51.81.0/24', '220.170.185.0/24', '220.170.186.0/24', '183.61.236.0/24', '14.17.71.0/24', '119.147.134.0/24', '124.95.168.0/24', '124.95.188.0/24', '61.54.46.0/24', '61.54.47.0/24', '101.71.55.0/24', '101.71.56.0/24', '183.232.51.0/24', '183.232.53.0/24', '157.255.25.0/24', '157.255.26.0/24', '112.25.90.0/24', '112.25.91.0/24', '58.211.2.0/24', '58.211.137.0/24', '122.190.2.0/24', '122.190.3.0/24', '183.61.177.0/24', '183.61.190.0/24', '117.148.160.0/24', '117.148.161.0/24', '115.231.186.0/24', '115.231.187.0/24', '113.31.27.0/24', '222.186.19.0/24', '122.226.182.0/24', '36.99.18.0/24', '123.133.84.0/24', '221.204.202.0/24', '42.236.6.0/24', '61.130.28.0/24', '61.174.9.0/24', '223.94.66.0/24', '222.88.94.0/24', '61.163.30.0/24', '223.94.95.0/24', '223.112.227.0/24', '183.250.179.0/24', '120.241.102.0/24', '125.39.5.0/24', '124.193.166.0/24', '122.70.134.0/24', '111.6.191.0/24', '122.228.198.0/24', '121.12.98.0/24', '60.12.166.0/24', '118.180.50.0/24', '183.203.7.0/24', '61.133.127.0/24', '113.7.183.0/24', '210.22.63.0/24', '60.221.236.0/24', '122.227.237.0/24', '123.6.13.0/24', '202.102.85.0/24', '61.160.224.0/24', '182.140.227.0/24', '221.204.14.0/24', '222.73.144.0/24', '61.240.144.0/24', '36.27.212.0/24', '125.88.189.0/24', '120.52.18.0/24', '119.84.15.0/24', '180.163.224.0/24' ] if resp.get('status_code') != 403: for i in resp.get('json_resp').get('resolutions'): address = i.get('ip_address') timeout = i.get('last_resolved') result = True for cdn in cdns: if (ipaddress.ip_address(address) in ipaddress.ip_network(cdn)): result = False if result: history_ip.append(address + ' : ' + timeout) return history_ip[-10:] else: return ['None']
def main(): parser = argparse.ArgumentParser( description= "Scan a single file in VirusTotal and waits until report is complete") parser.add_argument('file', help='File to be scanned') args = parser.parse_args() if 'VT_API_KEY' not in os.environ: LOGGER.error('VT_API_KEY environment variable not set.') sys.exit(SCAN_ERROR) LOGGER.debug('Initialzing VirusTotal API') vt_api_key = os.environ['VT_API_KEY'] vt = Virustotal(vt_api_key) # Hash file LOGGER.info('Checking if report already exists via file hash.') file_hash = sha256sum(args.file) try: response = vt.file_report([file_hash]) except ConnectionError as e: err_str = str(e) LOGGER.error(f"Connection error to VT: {err_str}.") sys.exit(SCAN_ERROR) ret = parse_response(response) # If report is available, just exit with the appropriate RC if ret != SCAN_NOT_FOUND: ret_str = RET_STR_INFECTED if ret else RET_STR_CLEAN LOGGER.info(f"Report found. Status: {ret_str}.") sys.exit(ret) # Send file to VT for scanning try: LOGGER.info( 'Report not found. Sending file to VirusTotal for scanning.') vt.file_scan(args.file) except ConnectionError as e: err_str = str(e) LOGGER.error(f"Connection error to VT: {err_str}") sys.exit(SCAN_ERROR) while ret == SCAN_NOT_FOUND: LOGGER.info(f"Scan still running, sleeping for {WAIT_TIME} seconds.") sleep(WAIT_TIME) # Try again try: response = vt.file_report([file_hash]) except ConnectionError as e: err_str = str(e) LOGGER.error( f"Temporary connection error to VT: {err_str}... Retrying in {WAIT_TIME} seconds." ) continue ret = parse_response(response) ret_str = RET_STR_INFECTED if ret else RET_STR_CLEAN LOGGER.info(f"Scan finished. Status: {ret_str}.") sys.exit(ret)
import requests from virustotal_python import Virustotal import os.path import time import 文件操作 # 初始化对象,填入API_Key # vtotal = Virustotal("51f9194a2d0e7d60cb7952f8bed2849a65617614e9edaa615c1e7d3ea45cb954") vtotal = Virustotal( "5af41c462b8cb6b9b02f1641ab3ebbbe6bc289b723de142c9765beb691f704b6") # 上传文件,参数为文件路径,返回值为查询结果 def scanFile(filePath): file_hash_list = [文件操作.getFileMD5(filePath)] try: resp = vtotal.file_report(file_hash_list) except Exception as e: print(e) time.sleep(5) try: resp = vtotal.file_report(file_hash_list) except Exception as err: print("重试失败") print(err) return None file_report_num = 0 while resp["status_code"] == 204: print("超过请求速率", filePath, "将在60S后重试") time.sleep(60) try:
Documentation: * v3 documentation - https://developers.virustotal.com/v3.0/reference#search-1 * https://developers.virustotal.com/v3.0/reference#metadata """ from virustotal_python import Virustotal from pprint import pprint API_KEY = "Insert API key here." # The ID (either SHA-256, SHA-1 or MD5) identifying the file FILE_ID = "9f101483662fc071b7c10f81c64bb34491ca4a877191d464ff46fd94c7247115" # v3 examples vtotal = Virustotal(API_KEY=API_KEY, API_VERSION="v3") ## Search the VirusTotal API for google.com resp = vtotal.request("search", params={"query": "google.com"}) ## Search the VirusTotal API for information related to Google's DNS (8.8.8.8) resp = vtotal.request("search", params={"query": "8.8.8.8"}) ## Search the VirusTotal API for a file ID resp = vtotal.request("search", params={"query": FILE_ID}) ## Search the VirusTotal API for the tag comment '#malicious' resp = vtotal.request("search", params={"query": "#malicious"}) ## Retrieve VirusTotal metadata resp = vtotal.request("metadata") ## Print out a list of VirusTotal's supported engines resp = vtotal.request("metadata") engines_dict = resp.data["engines"]
from virustotal_python import Virustotal from pprint import pprint import json import streamlit as st url = st.text_input('Enter the url') vtotal = Virustotal( "939b160778c93a24ed0985dbc90a98d2def25cf82ed92046a95cfe553f63ade1") url_scan = vtotal.url_report([url]) a = url_scan['json_resp']['positives'] if (a > 0): print('malicious website') else: print('Clean Website')
from virustotal_python import Virustotal import os # from dotenv import load_dotenv import random # load_dotenv(dotenv_path='./secret.env') # Normal Initialisation. vtotal = Virustotal(os.environ.get('VIRUS_TOTAL_API_KEY')) observations = [ "This is disgusting. I hate my life.", "This URL may contain harmful code. . . Let's let Marvin look at it first :unamused:", "I hope this kills me.", "This could be my last web request. . .", "This is @ihuman 's fault, and I will never forget." ] def get_scan(url): # mock_report = # report = json.loads(mock_report) # Query url(s) to VirusTotal. # A list containing a url to be scanned by VirusTotal. # resp = vtotal.url_scan(["ihaveaproblem.info"]) # Query a single url. # A list of url(s) to be scanned by VirusTotal (MAX 4 per standard request rate). scan = vtotal.url_scan( [url] ) # Retrieve scan report(s) for given file(s) from Virustotal. # A list containing the resource (SHA256) HASH of a known malicious file. report = vtotal.url_report(
import os import sqlite3 import json import shutil import hashlib from virustotal_python import Virustotal vtotal = Virustotal("Insert API key here") cwd = "/home/pixelweaver/.cuckoo" init_db = False if not os.path.isfile('samples.db'): init_db = True else: if os.path.isfile('samples.bak'): os.remove('samples.bak') shutil.copyfile('samples.db', 'samples.bak') conn = sqlite3.connect('samples.db') c = conn.cursor() if init_db: c.execute('''CREATE TABLE samples (rowid INTEGER PRIMARY KEY, sha256 TEXT, mark_count INTEGER)''') c.execute('''CREATE TABLE snapshots (sample_id INTEGER, cpu_user REAL, cpu_system REAL, cpu_idle REAL, cpu_interrupt REAL, cpu_dpc REAL, v_mem_total INTEGER, v_mem_available INTEGER, v_mem_used INTEGER, v_mem_free INTEGER, s_mem_total INTEGER, s_mem_used INTEGER, s_mem_free INTEGER, s_mem_per REAL, s_mem_sin INTEGER, s_mem_sout INTEGER, d_io_read_count INTEGER, d_io_write_count INTEGER, d_io_read_bytes INTEGER, d_io_write_bytes REAL, d_io_read_time INTEGER, d_io_write_time INTEGER, n_io_bytes_sent INTEGER, m_io_bytes_recv INTEGER, n_io_packets_sent INTEGER, n_io_packets_recv INTEGER,
async def vt(event): await event.edit(f"Analyzing Datas......") input_str = event.pattern_match.group(1) if not os.path.isdir(TEMP_DOWNLOAD_DIRECTORY): os.makedirs(TEMP_DOWNLOAD_DIRECTORY) if "|" in input_str: url, file_name = input_str.split("|") url = url.strip() file_name = file_name.strip() head, tail = os.path.split(file_name) if head: if not os.path.isdir(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)): os.makedirs(os.path.join(TEMP_DOWNLOAD_DIRECTORY, head)) file_name = os.path.join(head, tail) downloaded_file_name = TEMP_DOWNLOAD_DIRECTORY + "" + file_name downloader = SmartDL(url, downloaded_file_name, progress_bar=False) downloader.start(blocking=False) c_time = time.time() display_message = None while not downloader.isFinished(): status = downloader.get_status().capitalize() total_length = downloader.filesize if downloader.filesize else None downloaded = downloader.get_dl_size() now = time.time() diff = now - c_time percentage = downloader.get_progress() * 100 speed = downloader.get_speed() elapsed_time = round(diff) * 1000 progress_str = "[{0}{1}] {2}%".format( ''.join(["█" for i in range(math.floor(percentage / 10))]), ''.join(["░" for i in range(10 - math.floor(percentage / 10))]), round(percentage, 2)) estimated_total_time = downloader.get_eta(human=True) try: current_message = f"{status}..\ \nURL: {url}\ \nFile Name: {file_name}\ \n{progress_str}\ \n{humanbytes(downloaded)} of {humanbytes(total_length)}\ \nETA: {estimated_total_time}" if round(diff % 10.00) == 0 and current_message != display_message: await event.edit(current_message) display_message = current_message except Exception as e: LOGS.info(str(e)) if downloader.isSuccessful(): await event.edit(f"{text} \n\nDownloaded successfully !!") else: await event.edit("Incorrect URL\n{}".format(url)) elif event.reply_to_msg_id: try: c_time = time.time() downloaded_file_name = await event.client.download_media( await event.get_reply_message(), TEMP_DOWNLOAD_DIRECTORY, progress_callback=lambda d, t: asyncio.get_event_loop( ).create_task( progress(d, t, event, c_time, f"{text} \n\nDownloading..."))) except Exception as e: # pylint:disable=C0103,W0703 await event.edit(str(e)) else: await event.edit(f"{text} \n\nDownloaded successfully !!") else: return await event.edit(f"Error\n`Reply to a file to scan.`") await event.edit(" `Scanning......`") vscan = downloaded_file_name if a ==2: return await event.edit("`You need to Update wolfs to use this command.......`") if not vscan: return await event.edit("`Unknown command type !help virus_scan for more info`") try: vtotal = Virustotal(Vapi) except: return await event.edit("Failed to connect virus total , is api key added? type `!help virus_scan` for more info") try: vr = vtotal.file_scan(vscan) except: return await event.edit("`Unknown command type !help virus_scan for more info") test = vr['json_resp'] ; link = test['permalink'] ; scan_id = test['scan_id'] ; response_code = test['response_code'] return await event.edit("" f"• **Virus Total Response Code:** `{response_code}`\n" f"• **Scan Results:** [ClickHere]({link}) ")
from virustotal_python import Virustotal from pprint import pprint from json2html import * import json vtotal = Virustotal( "50473a41f47913496c613e67dee646f6a36ebf434ce4e99fec30198f5014d29c") resp = vtotal.file_report( ["09de776902ca7d32abdab8a7ccd177fb917addf502bd4bd5aa25a93ab41cc869"]) data = json.dumps(resp) data = data.replace("'", '"') html_parser = json2html.convert(json=data) with open("./templates/program/data_tep.html", "w") as f: f.write(html_parser)
Auth = 'Bearer ' + Access_Token headers2 = {'Authorization': Auth, 'Content-Type': 'text/plain'} response2 = requests.post(Url2, headers=headers2, data=payload2).json() print("[+] Incident Details were received Successfully") #Entities loading Entities = response2["Tables"][0]["Rows"][0][21] Parsed_Entities = json.loads(Entities) print("[+] Entities were received Successfully") for i in range(len(Parsed_Entities)): if "Value" in Parsed_Entities[i]: hash = Parsed_Entities[i]["Value"] vtotal = Virustotal(API_KEY=VT_API_KEY, API_VERSION="v3") """ Public API constraints and restrictions The Public API is limited to 500 requests per day and a rate of 4 requests per minute. The Public API must not be used in commercial products or services. The Public API must not be used in business workflows that do not contribute new files. """ VT_resp = vtotal.request(f"files/{hash}").json() results = VT_resp["data"]["attributes"]["last_analysis_results"] magic = VT_resp["data"]["attributes"]["magic"] print("[+] The File Magic is: " + magic) for key, value in results.items(): print("[+] " + value["engine_name"] + " - The scan result is: " +