def setup(self):
self.vt_key = self.options.get("api_key")
self.vt_type = self.options.get("key_type", "")
if self.vt_type == "public":
self.vt = PublicApi(key=self.vt_key)
elif self.vt_type == "":
self.vt = PublicApi(key=self.vt_key)
elif self.vt_type == "private":
self.vt = PrivateApi(key=self.vt_key)
def test_scan_file_stream(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.scan_file(EICAR), sort_keys=False, indent=4)
except Exception as e:
self.fail(e)
def send_hash(self, filehash):
# De PublicApi wordt doorgegeven aan api
api = PublicApi(self.api)
# response terugvragen van virustotal
response = api.get_file_report(filehash)
return response
def get_VT_name(hashes):
try:
vt = PublicApi(api_key=os.environ["VIRUSTOTAL_API_KEY"])
generator = ComputeVtUniqueName()
names = [
generator.build_unique_name(vt.get_file_report(hash_) or "")
for hash_ in hashes
]
if len(names) >= 2 and all(names[0] == name for name in names[1:]):
name = names[0]
if name["pup"]:
log.error(
"PUA signatures are not implemented yet. Excpected name was: %s",
str(name))
pass
else:
return "{}.{}.{}".format(name["platform"], name["category"],
name["unique_name"])
except KeyError:
log.warn(
"No VIRUSTOTAL_API_KEY specified. Falling back to generic name.")
except Exception:
log.exception(
"White trying to compute VT name. Falling back to generic name.")
return GENERIC_CLAMAV_MALWARE_NAME
def validate_virus_total_account():
normal("<*> VirusTotal API KEY Validation")
EICAR = "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*".encode(
'utf-8')
# EICAR_MD5 = hashlib.md5(EICAR).hexdigest()
# EICAR_SHA1 = hashlib.sha1(EICAR).hexdigest()
EICAR_SHA256 = hashlib.sha256(EICAR).hexdigest()
for account in VIRUSTOTAL_ACCOUNT:
vt = PublicApi(account['apikey'])
try:
vt_response = vt.get_file_report(EICAR_SHA256)
normal("email : %s" % account['email'])
normal("apikey : %s" % account['apikey'])
if int(vt_response['response_code'] / 100) == 5:
account['valid'] = False
warning("valid : False")
critical(vt_response['error'])
elif int(vt_response['response_code'] / 100) == 4:
account['valid'] = False
warning("valid : False")
critical(vt_response['error'])
else:
account['valid'] = True
messageBold("valid : True")
except:
pass
def test_bad_creds(self):
try:
vt_error = PublicApi()
except ApiError:
pass
else:
self.fail("Should have raised an ApiError")
def analizarRe(carpeta):
API_KEY = "a9089095456a6c812626239b837c894abcea66938853813118ebf16a5fff1690"
api = PublicApi(API_KEY)
archivos = carpetas = 0
for i in os.listdir(carpeta):
if os.path.isfile(os.path.join(carpeta, i)):
print(i + ": ")
with open(os.path.join(carpeta, i), "rb") as f:
file_hash = md5(f.read()).hexdigest()
response = api.get_file_report(file_hash)
if response["response_code"] == 200:
if response["results"]["positives"] > 0:
print("Archivo malicioso.")
else:
print("Archivo seguro.")
else:
print("No ha podido obtenerse el análisis del archivo.")
print("==================================================")
if os.path.isdir(os.path.join(carpeta, i)):
carpetas += 1
for i in os.listdir(carpeta):
if os.path.isdir(os.path.join(carpeta, i)):
analizarRe(os.path.join(carpeta, i))
def get_public_vt(self):
block = self.VTAPI
config_dict = self.my_config.get(block, None)
if config_dict is None:
raise Exception("Missing %s config" % block)
apikey = config_dict.get(self.API_KEY)
return PublicApi(apikey)
def test_hash_not_found(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_file_report('A' * 32),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_sha256_hash(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_file_report(EICAR_SHA256),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_md5_hash(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.get_file_report(EICAR_MD5),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_scan_file_binary(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.scan_file('test.exe'),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_get_domain_report(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_domain_report('www.wired.com'),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_get_ip_report(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_ip_report('23.6.113.133'),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_scan_url(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.scan_url('www.wired.com'),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_put_comments(self):
vt = PublicApi(API_KEY)
comment = 'This is just a test of the virus-total-api. https://github.com/blacktop/virustotal-api'
try:
print json.dumps(vt.put_comments(resource=EICAR_MD5,
comment=comment),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_rescan_file(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.rescan_file(EICAR_MD5),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_scan_file_binary(self):
vt = PublicApi(API_KEY)
vt.scan_file()
try:
print(
json.dumps(vt.scan_file('virus_total_apis/test/test.exe'),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_hash_found(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(
vt.get_file_report('44cda81782dc2a346abd7b2285530c5f'),
sort_keys=False,
indent=4)
except Exception as e:
self.fail(e)
def test_hash_found(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.get_file_report(
'8E7FF6FDA061B782446A5968D43AE32DAF4FAE65'),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def vt(self, domain, conf, verbose):
print('## Searching subdomains in Virus Total')
if conf["VirusTotal"]["type"] == "public":
vt = PublicApi(conf["VirusTotal"]["key"])
else:
vt = PrivateApi(conf["VirusTotal"]["key"])
res = vt.get_domain_report(domain)
try:
for d in res['results']['subdomains']:
print(d)
except KeyError:
pass
def main():
config_handler.set_global(bar='classic', spinner='classic')
argparser = argparse.ArgumentParser(
prog="helper_virustotal",
description='VirusTotal helper to scan/gather results.')
argparser.add_argument('-i',
'--input',
required=True,
help=("Folder path to scan or "
"file path with HASH - URL pattern."))
argparser.add_argument('-o',
'--output',
default='virustotal',
help=("File name for url/detection output."))
argparser.add_argument('-k',
'--key',
default='.key_virustotal',
help="File containing VirusTotal API key.")
group = argparser.add_mutually_exclusive_group(required=True)
group.add_argument('-s',
'--scan',
action='store_true',
help="Scan directory given as input.")
group.add_argument('-r',
'--results',
action='store_true',
help="Collect results of files given as input.")
args = argparser.parse_args()
with open(args.key, 'r') as f:
key = f.read().strip()
api = PublicApi(key)
if args.scan:
if not os.path.isdir(args.input):
print("Error: Invalid input folder path.")
else:
samples = [
f'{os.path.join(args.input, sample)}'
for sample in os.listdir(args.input)
]
with open(f'{args.output}.url', 'w') as f:
scan_phase(args, api, f, samples)
if args.results:
if not os.path.isfile(args.input):
print("Error: Invalid input file path.")
else:
with open(f'{args.output}.detection', 'w') as f:
results_phase(args, api, f)
def test_scan_file_binary_filename(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.scan_file(
'C:\\Users\\YES24\\Desktop\\자료정리\\분류전\\cmd.exe',
filename='othertest.exe'),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_scan_file_stream_filename(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.scan_file(EICAR,
from_disk=False,
filename='my_eicar_file.txt'),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_md5_hashes(self):
vt = PublicApi(API_KEY)
try:
print(
json.dumps(vt.get_file_report([
'fc3242be666d669e963eb87a6d8d20b6decf93cb',
'f1906392c1d81d402fe38235a908cd19349481f3'
]),
sort_keys=False,
indent=4))
except Exception as e:
self.fail(e)
def test_hash_bad_input(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_file_report('This is not a hash'),
sort_keys=False,
indent=4)
print json.dumps(vt.get_file_report(None),
sort_keys=False,
indent=4)
print json.dumps(vt.get_file_report(False),
sort_keys=False,
indent=4)
print json.dumps(vt.get_file_report(-1), sort_keys=False, indent=4)
except Exception as e:
self.fail(e)
def __init__(self):
"""
The function is a constructor of the Virus Scanner object.
"""
self._status = None
try:
self._virus_total_service = PublicApi(
Virus_Total_Service_Secret_API)
except:
try:
self._virus_total_service = PrivateApi(
Virus_Total_Service_Secret_API)
except ApiError as e:
print(f'Could not active Virus Total Virus Scanner Service.'
f'The error {e} occured.')
sys.exit(0) # Stopping the function
def scan(path):
# Fill in your VirusTotal public api key
api_key = ''
if api_key != '':
try:
vt = PublicApi(api_key)
res = vt.scan_file(path)
if res["response_code"] == 200:
print("Complete Requesting Scan", path)
else:
print("Error")
except Exception as e:
print("Error:", e)
else:
print("Need VirusTotal API Key")
def analizar():
insInicial = time.time()
print("Procesando...")
API_KEY = "a9089095456a6c812626239b837c894abcea66938853813118ebf16a5fff1690"
api = PublicApi(API_KEY)
with open(sys.argv[2], "rb") as f:
file_hash = md5(f.read()).hexdigest()
response = api.get_file_report(file_hash)
if response["response_code"] == 200:
if response["results"]["positives"] > 0:
print("Archivo malicioso.")
else:
print("Archivo seguro.")
else:
print("No ha podido obtenerse el análisis del archivo.")
insFinal = time.time()
tiempo = insFinal - insInicial
print("Tiempo de Ejecucion", tiempo)
def is_dangerous(con, file_to_scan, extract_mail, email_id, file_name):
try:
virus_total_scanner = PublicApi(API_KEY)
response = virus_total_scanner.scan_file(file_to_scan, from_disk=False)
time.sleep(1)
f_md5 = hashlib.md5(file_to_scan).hexdigest()
response = virus_total_scanner.get_file_report(f_md5)
if response['results']['positives'] > 0:
delete_email(con, email_id)
print(
"\n---> System filtered-out an email from {}. Reason: dangerous attachment detected\n"
.format(extract_mail))
return True
except Exception as e:
print('Scan file Failed: {}'.format(e))
download_attachment(file_name, file_to_scan)
return False
