-
Notifications
You must be signed in to change notification settings - Fork 2
/
virustotal.py
executable file
·139 lines (130 loc) · 6.28 KB
/
virustotal.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# upload PE file to VirusTotal
# then get info about the results
# of analysis, print if malicious
import os
import sys
import time
import json
import requests
import argparse
import hashlib
# for terminal colors
class Colors:
BLUE = '\033[94m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
RED = '\033[91m'
PURPLE = '\033[95m'
ENDC = '\033[0m'
# VirusTotal API key
VT_API_KEY = "< PUT UR KEY HERE >"
# VirusTotal API v3 URL
VT_API_URL = "https://www.virustotal.com/api/v3/"
# upload malicious file to VirusTotal and analyse
class VTScan:
def __init__(self):
self.headers = {
"x-apikey" : VT_API_KEY,
"User-Agent" : "vtscan v.1.0",
"Accept-Encoding" : "gzip, deflate",
}
def upload(self, malware_path):
print (Colors.BLUE + "upload file: " + malware_path + "..." + Colors.ENDC)
self.malware_path = malware_path
upload_url = VT_API_URL + "files"
files = {"file" : (
os.path.basename(malware_path),
open(os.path.abspath(malware_path), "rb"))
}
print (Colors.YELLOW + "upload to " + upload_url + Colors.ENDC)
res = requests.post(upload_url, headers = self.headers, files = files)
if res.status_code == 200:
result = res.json()
self.file_id = result.get("data").get("id")
print (Colors.YELLOW + self.file_id + Colors.ENDC)
print (Colors.GREEN + "successfully upload PE file: OK" + Colors.ENDC)
else:
print (Colors.RED + "failed to upload PE file :(" + Colors.ENDC)
print (Colors.RED + "status code: " + str(res.status_code) + Colors.ENDC)
sys.exit()
def analyse(self):
print (Colors.BLUE + "get info about the results of analysis..." + Colors.ENDC)
analysis_url = VT_API_URL + "analyses/" + self.file_id
res = requests.get(analysis_url, headers = self.headers)
if res.status_code == 200:
result = res.json()
status = result.get("data").get("attributes").get("status")
if status == "completed":
stats = result.get("data").get("attributes").get("stats")
results = result.get("data").get("attributes").get("results")
print (Colors.RED + "malicious: " + str(stats.get("malicious")) + Colors.ENDC)
print (Colors.YELLOW + "undetected : " + str(stats.get("undetected")) + Colors.ENDC)
print ()
for k in results:
if results[k].get("category") == "malicious":
print ("==================================================")
print (Colors.GREEN + results[k].get("engine_name") + Colors.ENDC)
print ("version : " + results[k].get("engine_version"))
print ("category : " + results[k].get("category"))
print ("result : " + Colors.RED + results[k].get("result") + Colors.ENDC)
print ("method : " + results[k].get("method"))
print ("update : " + results[k].get("engine_update"))
print ("==================================================")
print ()
print (Colors.GREEN + "successfully analyse: OK" + Colors.ENDC)
sys.exit()
elif status == "queued":
print (Colors.BLUE + "status QUEUED..." + Colors.ENDC)
with open(os.path.abspath(self.malware_path), "rb") as malware_path:
b = malware_path.read()
hashsum = hashlib.sha256(b).hexdigest()
self.info(hashsum)
else:
print (Colors.RED + "failed to get results of analysis :(" + Colors.ENDC)
print (Colors.RED + "status code: " + str(res.status_code) + Colors.ENDC)
sys.exit()
def run(self, malware_path):
self.upload(malware_path)
self.analyse()
def info(self, file_hash):
print (Colors.BLUE + "get file info by ID: " + file_hash + Colors.ENDC)
info_url = VT_API_URL + "files/" + file_hash
res = requests.get(info_url, headers = self.headers)
if res.status_code == 200:
result = res.json()
if result.get("data").get("attributes").get("last_analysis_results"):
stats = result.get("data").get("attributes").get("last_analysis_stats")
results = result.get("data").get("attributes").get("last_analysis_results")
print (Colors.RED + "malicious: " + str(stats.get("malicious")) + Colors.ENDC)
print (Colors.YELLOW + "undetected : " + str(stats.get("undetected")) + Colors.ENDC)
print ()
for k in results:
if results[k].get("category") == "malicious":
print ("==================================================")
print (Colors.GREEN + results[k].get("engine_name") + Colors.ENDC)
print ("version : " + results[k].get("engine_version"))
print ("category : " + results[k].get("category"))
print ("result : " + Colors.RED + results[k].get("result") + Colors.ENDC)
print ("method : " + results[k].get("method"))
print ("update : " + results[k].get("engine_update"))
print ("==================================================")
print ()
print (Colors.GREEN + "successfully analyse: OK" + Colors.ENDC)
sys.exit()
else:
print (Colors.BLUE + "failed to analyse :(..." + Colors.ENDC)
else:
print (Colors.RED + "failed to get information :(" + Colors.ENDC)
print (Colors.RED + "status code: " + str(res.status_code) + Colors.ENDC)
sys.exit()
def hand_sign(signum, frame):
res = input("Ctrl-c was pressed. Do you really want to exit? y/n ")
if res == 'y':
print(red,"QUitting !")
exit(1)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-m','--mal', required = True, help = "PE file path for scanning")
args = vars(parser.parse_args())
vtscan = VTScan()
vtscan.run(args["mal"])