-
Notifications
You must be signed in to change notification settings - Fork 6
/
virustotal.py
executable file
·131 lines (107 loc) · 3.58 KB
/
virustotal.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/usr/bin/env python
from __future__ import print_function
# Install virustotal-api from pip before using API:
from virus_total_apis import PublicApi as VirusTotalPublicApi
import argparse
import json
import sys
import time
import HTML # Install module before using HTML
import html_gen
import webserver
# ===== PARSING COMMAND LINE ARGUMENTS TO SCRIPT =====
desc = '''
Specify the text file containing a list of hashes
to be checked against the virustotal.com database
'''
p = argparse.ArgumentParser(description=desc)
# Positional arguments:
p.add_argument('file', type=str, help='list of hashes')
# Optional arguments:
p.add_argument('-p', '--port', type=int, default=8000, help='webserver port')
args = p.parse_args()
# ====================================================
# ============ ACCESS Virustotal.com API =============
API_KEY = '2a11b9bed44b9580bde1033624b38d32fad0c470a8611dc5928ee8d85060745a'
virustotal = VirusTotalPublicApi(API_KEY)
# ====================================================
# ============== BUILDING HTML TABLE =================
msg = '''
This may take a while...
API quota is 4 queries per minute.
If the file contains 100 hashes, it will take about 20 minutes...
Go, grab some green tea...
'''
print(msg)
HEADER_ROW = [
'hash_value (MD5)',
'FORTINET detection names',
'Number of engines detected',
'Scan Date'
]
table_data = []
# open the file as first command line argument for hash list analysis
f = open(sys.argv[1])
lines = f.readlines()
for line in lines:
response = virustotal.get_file_report(line)
# Convert json to dictionary:
json_data = json.loads(json.dumps(response))
if json_data['results']['response_code'] == 1 and \
'Fortinet' in json_data['results']['scans']:
table_data.append([
json_data['results']['md5'],
json_data['results']['scans']['Fortinet']['result'],
json_data['results']['positives'],
json_data['results']['scan_date']
])
elif json_data['results']['response_code'] == 1 and \
'Fortinet' not in json_data['results']['scans']:
table_data.append([
json_data['results']['md5'],
'--',
json_data['results']['positives'],
json_data['results']['scan_date']
])
else:
table_data.append([
line,
'Hash is not in database',
'--',
'--'
])
time.sleep(15)
f.close()
htmltable = HTML.table(table_data, header_row=HEADER_ROW)
# ====================================================
# =============== BUILDING HTML PAGE =================
cont_start = """
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
<title>Virustotal Results Page</title>
<link rel="icon"
type="image/png"
href="http://localhost:%s/favicon.png">
</head>
<body>
<center>
<h4>Hash analysis results from Virustotal.com</h4>
""" % args.port
cont_end = """
</center>
</body>
</html>
"""
contents = "%s %s %s" % (cont_start, htmltable, cont_end)
html_gen.str_to_file(contents, filename='index.html')
# ====================================================
# ================= RUN WEB SERVER ===================
msg1 = """
To see the results please open browser and navigate to
http://localhost:%s\n\r""" % args.port
print(msg1)
# second command line argument is web server port# (integer):
webserver.start(port=args.port)
# ====================================================