本文实例讲述了python实现上传样本到virustotal并查询扫描信息的方法。分享给大家供大家参考。具体方法如下:
import simplejson
import urllib
import urllib2
import os
MD5 = "5248f774d2ee0a10936d0b1dc89107f1"
MD5 = "12fa5fb74201d9b6a14f63fbf9a81ff6" #do not have report on virustotal.com
########################################################################
APIKEY = "e0a50a50e77fxxxxxxxxxxxxxx4f17e31 这里用你自己在virustotal上申请的账号的KEY"
class VirusTotal:
""""""
def __init__(self, md5):
"""Constructor"""
self._virus_dict = {}
self._md5 = md5
def repr(self):
return str(self._virus_dict)
def submit_md5(self, file_path):
import postfile
#submit the file
FILE_NAME = os.path.basename(file_path)
host = "www.virustotal.com"
selector = "https://www.virustotal.com/vtapi/v2/file/scan"
fields = [("apikey", APIKEY)]
file_to_send = open(file_path, "rb").read()
files = [("file", FILE_NAME, file_to_send)]
json = postfile.post_multipart(host, selector, fields, files)
print json
pass
def get_report_dict(self):
result_dict = {}
url = "https://www.virustotal.com/vtapi/v2/file/report"
parameters = {"resource": self._md5,
"apikey": APIKEY}
data = urllib.urlencode(parameters)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
json = response.read()
response_dict = simplejson.loads(json)
if response_dict["response_code"]: #has result
scans_dict = response_dict.get("scans", {})
for anti_virus_comany, virus_name in scans_dict.iteritems():
if virus_name["detected"]:
self._virus_dict.setdefault(anti_virus_comany, virus_name["result"])
return self._virus_dict
返回的结果为:{u'Sophos': u'Sus/Behav-1010'},如果有扫描出的结果的话..
调用的方法如下:
MD5 = "12fa5fb74201d9b6a14f63fbf9a81ff6" #do not have report on virustotal.com
MD5 = "5248f774d2ee0a10936d0b1dc89107f1"
FILE_PATH = r"D:\backSample\10\9af41bc012d66c98ca2f9c68ba38e98f_ICQLiteShell.dll"
from getVirusTotalInfo import VirusTotal
#得到扫描结果并打印出来
virus_total = VirusTotal(MD5)
print virus_total.get_report_dict()
#提交文件到扫描,以后就可以根据这个MD5取扫描结果了
virus_total.submit_md5(FILE_PATH)
希望本文所述对大家的Python程序设计有所帮助。
您可能感兴趣的文章:完美解决node.js中使用https请求报CERT_UNTRUSTED的问题IntelliJ安装并使用Rust IDE插件在PHP程序中使用Rust扩展的方法python实现封装得到virustotal扫描结果you *might* want to use the less safe log_bin_trust_function_creators variable改进 JavaScript 和 Rust 的互操作性并深入认识 wasm-bindgen 组件