python实现上传样本到virustotal并查询扫描信息的方法
本文实例讲述了python实现上传样本到virustotal并查询扫描信息的方法。分享给大家供大家参考。具体方法如下:
importsimplejson
importurllib
importurllib2
importos
MD5="5248f774d2ee0a10936d0b1dc89107f1"
MD5="12fa5fb74201d9b6a14f63fbf9a81ff6"#donothavereportonvirustotal.com
########################################################################
APIKEY="e0a50a50e77fxxxxxxxxxxxxxx4f17e31这里用你自己在virustotal上申请的账号的KEY"
classVirusTotal:
""""""
def__init__(self,md5):
"""Constructor"""
self._virus_dict={}
self._md5=md5
defrepr(self):
returnstr(self._virus_dict)
defsubmit_md5(self,file_path):
importpostfile
#submitthefile
FILE_NAME=os.path.basename(file_path)
host="www.virustotal.com"
selector="https://www.virustotal.com/vtapi/v2/file/scan"
fields=[("apikey",APIKEY)]
file_to_send=open(file_path,"rb").read()
files=[("file",FILE_NAME,file_to_send)]
json=postfile.post_multipart(host,selector,fields,files)
printjson
pass
defget_report_dict(self):
result_dict={}
url="https://www.virustotal.com/vtapi/v2/file/report"
parameters={"resource":self._md5,
"apikey":APIKEY}
data=urllib.urlencode(parameters)
req=urllib2.Request(url,data)
response=urllib2.urlopen(req)
json=response.read()
response_dict=simplejson.loads(json)
ifresponse_dict["response_code"]:#hasresult
scans_dict=response_dict.get("scans",{})
foranti_virus_comany,virus_nameinscans_dict.iteritems():
ifvirus_name["detected"]:
self._virus_dict.setdefault(anti_virus_comany,virus_name["result"])
returnself._virus_dict
返回的结果为:{u'Sophos':u'Sus/Behav-1010'},如果有扫描出的结果的话..
调用的方法如下:
MD5="12fa5fb74201d9b6a14f63fbf9a81ff6"#donothavereportonvirustotal.com MD5="5248f774d2ee0a10936d0b1dc89107f1" FILE_PATH=r"D:\backSample\10\9af41bc012d66c98ca2f9c68ba38e98f_ICQLiteShell.dll" fromgetVirusTotalInfoimportVirusTotal #得到扫描结果并打印出来 virus_total=VirusTotal(MD5) printvirus_total.get_report_dict() #提交文件到扫描,以后就可以根据这个MD5取扫描结果了 virus_total.submit_md5(FILE_PATH)
希望本文所述对大家的Python程序设计有所帮助。