本文整理汇总了Python中virus_total_apis.PublicApi.get_file_report方法的典型用法代码示例。如果您正苦于以下问题:Python PublicApi.get_file_report方法的具体用法?Python PublicApi.get_file_report怎么用?Python PublicApi.get_file_report使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类virus_total_apis.PublicApi的用法示例。
在下文中一共展示了PublicApi.get_file_report方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_hash_bad_input
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def test_hash_bad_input(self):
vt = PublicApi(API_KEY)
try:
print(json.dumps(vt.get_file_report('This is not a hash'), sort_keys=False, indent=4))
print(json.dumps(vt.get_file_report(None), sort_keys=False, indent=4))
print(json.dumps(vt.get_file_report(False), sort_keys=False, indent=4))
print(json.dumps(vt.get_file_report(-1), sort_keys=False, indent=4))
except Exception as e:
self.fail(e)示例2: test_md5_hash
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def test_md5_hash(self):
vt = PublicApi(API_KEY)
try:
print json.dumps(vt.get_file_report(EICAR_MD5), sort_keys=False, indent=4)
except Exception as e:
self.fail(e)示例3: test_sha256_hash
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def test_sha256_hash(self):
vt = PublicApi(API_KEY)
try:
print(json.dumps(vt.get_file_report(EICAR_SHA256), sort_keys=False, indent=4))
except Exception as e:
self.fail(e)示例4: check_virustotal
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def check_virustotal(self, cr, uid, ids, context=None):
config_obj = self.pool.get('antivir.config')
config_ids = config_obj.search(cr, uid, [('active_config', '=', True)], context=context)
if config_ids:
config = config_obj.browse(cr, uid, config_ids, context=context)
if config[0].virustotal_api_url and config[0].virustotal_api_key:
quarantine_item = self.browse(cr, uid, ids, context=context)
vt = VirusTotalPublicApi(config[0].virustotal_api_key)
response = vt.get_file_report(quarantine_item[0].SHA256)
scans = response['results'].get('scans')
if scans:
scans_results = ["<li>[{}] detected:{} result:{}</li>".format(str(key), str(val.get('detected')),
str(val.get('result')))
for key, val in scans.iteritems()]
virustotal_summary = "<ul>{}</ul>".format(''.join(scans_results))
else:
virustotal_summary = _("Couldn't fetch virustotal_summary, try again later.")
self.write(cr, uid, ids, {'virustotal_summary': virustotal_summary}, context=context)
else:
raise ConfigError(_("There is no active config."))示例5: test_hash_not_found
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def test_hash_not_found(self):
vt = PublicApi(API_KEY)
try:
print(json.dumps(vt.get_file_report('A' * 32), sort_keys=False, indent=4))
except Exception as e:
self.fail(e)示例6: test_hash_found
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def test_hash_found(self):
vt = PublicApi(API_KEY)
try:
print(json.dumps(vt.get_file_report('44cda81782dc2a346abd7b2285530c5f'), sort_keys=False, indent=4))
except Exception as e:
self.fail(e)示例7: _lookup_iocs
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def _lookup_iocs(self):
"""Caches the OpenDNS info for a set of domains"""
vt = PublicApi(self._api_key)
for ioc in self._all_iocs:
report = vt.get_file_report(ioc)
self._threat_info_by_iocs[ioc] = report
sleep(15)示例8: processZipFile
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def processZipFile(filename):
"""Extract files from a ZIP archive and test them against VT"""
zf = zipfile.ZipFile(filename)
for f in zf.namelist():
try:
data = zf.read(f)
except KeyError:
writeLog("Cannot extract %s from zip file %s" % (f, filename))
return
fp = open(os.path.join(generateDumpDirectory(args.directory), f), 'wb')
fp.write(data)
fp.close()
md5 = hashlib.md5(data).hexdigest()
if dbMD5Exists(md5):
writeLog("DEBUG: MD5 %s exists" % md5)
continue
writeLog("DEBUG: Extracted MD5 %s from Zip" % md5)
vt = VirusTotalPublicApi(config['apiKey'])
response = vt.get_file_report(md5)
writeLog("DEBUG: VT Response received")
if config['esServer']:
# Save results to Elasticsearch
try:
response['@timestamp'] = time.strftime("%Y-%m-%dT%H:%M:%S+01:00")
res = es.index(index=config['esIndex'], doc_type="VTresult", body=json.dumps(response))
except:
writeLog("Cannot index to Elasticsearch")
writeLog("DEBUG: Step1")
# DEBUG
fp = open('/tmp/vt.debug', 'a')
fp.write(json.dumps(response, sort_keys=False, indent=4))
fp.close()
writeLog("DEBUG: Step1: %s" % response['results']['response_code'])
if response['response_code'] == 200:
if response['results']['response_code']:
positives = response['results']['positives']
total = response['results']['total']
scan_date = response['results']['scan_date']
writeLog('File: %s (%s) Score: %s/%s Scanned: %s (%s)' %
(f, md5, positives, total, scan_date, timeDiff(scan_date)))
else:
submit2vt(os.path.join(generateDumpDirectory(args.directory), f))
writeLog('File: %s (%s) not found, submited for scanning' %
(f, md5))
dbAddMD5(md5,f)
else:
writeLog('VT Error: %s' % response['error'])
# Analyze OLE documents if API is available
parseOLEDocument(os.path.join(generateDumpDirectory(args.directory), filename))
return示例9: get_result
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def get_result(API_KEY, HASH, full=False):
vt = VirusTotalPublicApi(API_KEY)
response = vt.get_file_report(HASH)
if full:
return response
try:
return {
"positives": response['results']['positives'],
"total": response['results']['total']
}
except:
return {
"positives": "",
"total": ""
}示例10: vt_hash
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def vt_hash(input):
vt = VirusTotalPublicApi("87ab79d0a21d9a7ae5c5558969c7d6b38defa1901b77d27796ae466b3823c776")
try:
input_list = [input_item.strip() for input_item in input.split(",")]
for hash in input_list:
scan_report = vt.get_file_report(hash)
return render_template(
"vt-hash.html",
sd=scan_report.get("results").get("scan_date"),
pos=scan_report.get("results").get("positives"),
total=scan_report.get("results").get("total"),
md5=scan_report.get("results").get("md5"),
sha1=scan_report.get("results").get("sha1"),
link=scan_report.get("results").get("permalink"),
)
except Exception as e:
return render_template("vt-hash.html", text="Error: Please try again.")示例11: main
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def main(virus_key):
matches = []
ret_val = dict()
starting_point = sys.argv[1]
v = None
if virus_key != 'UNCONFIGURED':
v = VirusTotalPublicApi(virus_key)
# directory
if os.path.isdir(starting_point):
#print('directory',starting_point)
for root, _, filenames in os.walk(starting_point):
for filename in fnmatch.filter(filenames, '*'):
matches.append(os.path.join(root, filename))
# single file
if os.path.isfile(starting_point):
#print('file',starting_point)
matches.append(starting_point)
for match in matches:
this_dict = {}
av_result = av_results(match).split(':')[-1].strip()
hash_result = hash_results(match)
this_dict['clamav_results'] = av_result
this_dict['hash_results'] = hash_result
if v is not None:
lookup = hash_result['md5']
response = v.get_file_report(lookup)
this_dict['virustotal_report'] = response
else:
this_dict['virustotal_report'] = None
ret_val[match]=this_dict
return ret_val示例12: virusTotalExtractor
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def virusTotalExtractor(fpath):
x=internet_on()
md5=prelim(fpath)
EICAR_MD5 = md5
if x:
vt = VirusTotalPublicApi(API_KEY)
response = vt.get_file_report(EICAR_MD5)
jso=json.dumps(response, sort_keys=False, indent=4)
pos=response["results"]["positives"]
retu={"positives":pos,
"connection":True
}
return retu
else :
print("Internet Connection Not Found")
retu={"postitves":0,
"connection":False
}
return retu示例13: ajax_handler
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
#.........这里部分代码省略.........
session = db.get_session(session_id)
plugin_data = plugin_details['plugin_output']
for row in plugin_data['rows']:
if str(row[0]) == rowid:
hive_offset = str(row[1])
# Run the plugin
vol_int = RunVol(session['session_profile'], session['session_path'])
hive_details = vol_int.run_plugin('hivedump', hive_offset=hive_offset)
# update the plugin / session
new_values = {key_name: hive_details}
db.update_plugin(ObjectId(ObjectId(pluginid)), new_values)
# Update the session
new_sess = {}
new_sess['modified'] = datetime.now()
db.update_session(session_id, new_sess)
return render(request, 'hive_details.html', {'hive_details': hive_details})
if command == 'virustotal':
if not VT_KEY or not VT_LIB:
return HttpResponse("Unable to use Virus Total. No Key or Library Missing. Check the Console for details")
if 'file_id' in request.POST:
file_id = request.POST['file_id']
file_object = db.get_filebyid(ObjectId(file_id))
sha256 = file_object.sha256
vt = PublicApi(API_KEY)
response = vt.get_file_report(sha256)
vt_fields = {}
if response['results']['response_code'] == 1:
vt_fields['permalink'] = response['results']['permalink']
vt_fields['total'] = response['results']['total']
vt_fields['positives'] = response['results']['positives']
vt_fields['scandate'] = response['results']['scan_date']
# Store the results in datastore
store_data = {}
store_data['file_id'] = ObjectId(file_id)
store_data['vt'] = vt_fields
update = db.create_datastore(store_data)
return render(request, 'file_details_vt.html', {'vt_results': vt_fields})
if command == 'yara':
if 'file_id' in request.POST:
file_id = request.POST['file_id']
if 'rule_file' in request.POST:
rule_file = request.POST['rule_file']
if rule_file and file_id and YARA:
file_object = db.get_filebyid(ObjectId(file_id))
file_data = file_object.read()
示例14: main
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
#.........这里部分代码省略.........
if args.dump_file:
try:
fp = open(args.dump_file, 'a')
except OSError as e:
writeLog('Cannot dump message to %s: %s' % (args.dump_file, e.errno))
fp.write(data)
fp.close()
# Process MIME parts
for part in msg.walk():
contenttype = part.get_content_type()
filename = part.get_param('name')
writeLog("DEBUG: Found data: %s (%s)" % (contenttype, filename))
data = part.get_payload(None, True)
if data:
md5 = hashlib.md5(data).hexdigest()
if dbMD5Exists(md5):
writeLog("Skipping existing MD5 %s" % md5)
continue
# New: Extract URLS
if contenttype in [ 'text/html', 'text/plain' ]:
urls = []
# Source: https://gist.github.com/uogbuji/705383
GRUBER_URLINTEXT_PAT = re.compile(ur'(?i)\b((?:https?://|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?\xab\xbb\u201c\u201d\u2018\u2019]))')
lines = data.split('\n')
for line in lines:
try:
#urls.append(re.search("(?P<url>https?://[^\s]+)", word).group("url"))
for url in GRUBER_URLINTEXT_PAT.findall(line):
if url[0]:
urls.append(url[0])
except:
pass
fp = open('/var/tmp/urls.log', 'a')
for url in urls:
fp.write("%s\n" % url)
fp.close()
# Process only interesting files
# if contenttype not in ('text/plain', 'text/html', 'image/jpeg', 'image/gif', 'image/png'):
if contenttype not in excludetypes:
if not filename:
filename = md5
mime_ext = mimetypes.guess_extension(contenttype)
if not mime_ext:
# Use a generic bag-of-bits extension
mime_ext = '.bin'
f_name, f_ext = os.path.splitext(filename)
if not f_ext:
filename += mime_ext
writeLog('Found interesting file: %s (%s)' % (filename, contenttype))
fp = open(os.path.join(generateDumpDirectory(args.directory), filename), 'wb')
fp.write(data)
fp.close()
if contenttype in ['application/zip', 'application/x-zip-compressed']:
# Process ZIP archive
writeLog('Processing zip archive: %s' % filename)
processZipFile(os.path.join(generateDumpDirectory(args.directory), filename))
else:
# Check VT score
vt = VirusTotalPublicApi(config['apiKey'])
response = vt.get_file_report(md5)
# Save results to Elasticsearch
if config['esServer']:
try:
response['@timestamp'] = time.strftime("%Y-%m-%dT%H:%M:%S+01:00")
response['filename'] = filename
response['mail'] = mailheaders
res = es.index(index=config['esIndex'], doc_type="VTresult", body=json.dumps(response))
except:
writeLog("Cannot index to Elasticsearch")
# DEBUG
fp = open('/tmp/vt.debug', 'a')
fp.write(json.dumps(response, sort_keys=False, indent=4))
fp.close()
if response['response_code'] == 200:
if response['results']['response_code']:
positives = response['results']['positives']
total = response['results']['total']
scan_date = response['results']['scan_date']
writeLog('File: %s (%s) Score: %s/%s Scanned: %s (%s)' %
(filename, md5, positives, total, scan_date, timeDiff(scan_date)))
else:
submit2vt(os.path.join(generateDumpDirectory(args.directory), filename))
writeLog('File: %s (%s) not found, submited for scanning' %
(filename, md5))
dbAddMD5(md5,filename)
else:
writeLog('VT Error: %s' % response['error'])
# Analyze OLE documents if API is available
parseOLEDocument(os.path.join(generateDumpDirectory(args.directory), filename))示例15: run
# 需要导入模块: from virus_total_apis import PublicApi [as 别名]
# 或者: from virus_total_apis.PublicApi import get_file_report [as 别名]
def run(self):
db = Database()
if 'file_id' in self.request.POST:
# Get file object from DB
file_id = self.request.POST['file_id']
file_object = db.get_filebyid(file_id)
sha256 = file_object.sha256
print self.config['virustotal']['api_key'], type(self.config['virustotal']['api_key'])
if self.config['virustotal']['api_key'] == 'None':
state = 'error'
vt_results = 'No API Key set in volutility.conf'
else:
# Init the API with key from config
vt = PublicApi(self.config['virustotal']['api_key'])
# If we upload
if 'upload' in self.request.POST:
response = vt.scan_file(file_object.read(), filename=file_object.filename, from_disk=False)
if response['results']['response_code'] == 1 and 'Scan request successfully queued' in response['results']['verbose_msg']:
print "File Uploaded and pending"
state = 'pending'
else:
print response
state = 'error'
vt_results = None
# Else just get the results
else:
# get results from VT
response = vt.get_file_report(sha256)
vt_results = {}
# Valid response
if response['response_code'] == 200:
print "Valid Response from server"
# Not present in data set prompt to uploads
if response['results']['response_code'] == 0:
state = 'missing'
# Still Pending
elif response['results']['response_code'] == -2:
# Still Pending
state = 'pending'
# Results availiable
elif response['results']['response_code'] == 1:
vt_results['permalink'] = response['results']['permalink']
vt_results['total'] = response['results']['total']
vt_results['positives'] = response['results']['positives']
vt_results['scandate'] = response['results']['scan_date']
vt_results['scans'] = response['results']['scans']
# Store the results in datastore
state = 'complete'
store_data = {'file_id': file_id, 'vt': vt_results}
db.create_datastore(store_data)
self.render_type = 'file'
self.render_data = {'VirusTotalSearch': {'state': state, 'vt_results': vt_results, 'file_id': file_id}}