def __init__(self):
super(VirusTotal, self).__init__()
if not HAVE_VT:
self.log('error', "Missing dependency, install virustotal-api (`pip install virustotal-api`)")
return
self.cur_path = __project__.get_path()
if cfg.virustotal.virustotal_has_private_key:
self.vt = vt_priv(cfg.virustotal.virustotal_key)
else:
self.vt = vt(cfg.virustotal.virustotal_key)
if cfg.virustotal.virustotal_has_intel_key:
self.vt_intel = vt_intel(cfg.virustotal.virustotal_key)
self.parser.add_argument('--search', help='Search a hash.')
self.parser.add_argument('-c', '--comment', nargs='+', help='Comment to add to the file')
self.parser.add_argument('-d', '--download', action='store_true', help='Hash of the file to download')
self.parser.add_argument('-dl', '--download_list', action='store_true', help='List the downloaded files')
self.parser.add_argument('-do', '--download_open', type=int, help='Open a file from the list of the DL files (ID)')
self.parser.add_argument('-don', '--download_open_name', help='Open a file by name from the list of the DL files (NAMe)')
self.parser.add_argument('-dd', '--download_delete', help='Delete a file from the list of the DL files can be an ID or all.')
self.parser.add_argument('-s', '--submit', action='store_true', help='Submit file or a URL to VirusTotal (by default it only looks up the hash/url)')
self.parser.add_argument('-i', '--ip', help='IP address to lookup in the passive DNS')
self.parser.add_argument('-dm', '--domain', help='Domain to lookup in the passive DNS')
self.parser.add_argument('-u', '--url', help='URL to lookup on VT')
self.parser.add_argument("-v", "--verbose", action='store_true', help="Turn on verbose mode.")
self.parser.add_argument('-m', '--misp', default=None, choices=['hashes', 'ips', 'domains', 'urls', 'download', 'download_all'],
help='Searches for the hashes, ips, domains or URLs from the current MISP event, or download the samples if possible. Be carefull with download_all: it will download *all* the samples of all the MISP events in the current project.')
def __init__(self):
super(VirusTotal, self).__init__()
if not HAVE_VT:
self.log('error', "Missing dependency, install virustotal-api (`pip install virustotal-api`)")
return
self.cur_path = __project__.get_path()
if cfg.virustotal.virustotal_has_private_key:
self.vt = vt_priv(cfg.virustotal.virustotal_key)
else:
self.vt = vt(cfg.virustotal.virustotal_key)
if cfg.virustotal.virustotal_has_intel_key:
self.vt_intel = vt_intel(cfg.virustotal.virustotal_key)
self.parser.add_argument('--search', help='Search a hash.')
self.parser.add_argument('-c', '--comment', nargs='+', help='Comment to add to the file')
self.parser.add_argument('-d', '--download', action='store_true', help='Hash of the file to download')
self.parser.add_argument('-dl', '--download_list', action='store_true', help='List the downloaded files')
self.parser.add_argument('-do', '--download_open', type=int, help='Open a file from the list of the DL files (ID)')
self.parser.add_argument('-don', '--download_open_name', help='Open a file by name from the list of the DL files (NAMe)')
self.parser.add_argument('-dd', '--download_delete', help='Delete a file from the list of the DL files can be an ID or all.')
self.parser.add_argument('-s', '--submit', action='store_true', help='Submit file or a URL to VirusTotal (by default it only looks up the hash/url)')
self.parser.add_argument('-i', '--ip', help='IP address to lookup in the passive DNS')
self.parser.add_argument('-dm', '--domain', help='Domain to lookup in the passive DNS')
self.parser.add_argument('-u', '--url', help='URL to lookup on VT')
self.parser.add_argument("-v", "--verbose", action='store_true', help="Turn on verbose mode.")
self.parser.add_argument('-m', '--misp', default=None, choices=['hashes', 'ips', 'domains', 'urls', 'download', 'download_all'],
help='Searches for the hashes, ips, domains or URLs from the current MISP event, or download the samples if possible. Be carefull with download_all: it will download *all* the samples of all the MISP events in the current project.')