Skip to content

Instantly share code, notes, and snippets.

@9b 9b/VtNewFormat.py
Created Mar 22, 2011

Embed
What would you like to do?
Take the existing VirusTotal format and put it into a more user-friendly output
__description__ = 'Convert VT format to a user-friendly format'
__author__ = 'Brandon Dixon'
__version__ = '1.0'
__date__ = '2011/03/21'
import simplejson as json
import urllib
import urllib2
import hashlib
def get_hash_data(file, type):
if type == "md5":
output = hashlib.md5()
elif type == "sha1":
output = hashlib.sha1()
elif type == "sha256":
output = hashlib.sha256()
else:
output = "Error"
with open(file,'rb') as f:
for chunk in iter(lambda: f.read(8192), ''):
output.update(chunk)
return output.hexdigest()
def get_hash_object(file):
md5 = get_hash_data(file, "md5")
sha1 = get_hash_data(file, "sha1")
sha256 = get_hash_data(file, "sha256")
hashes = { 'md5': md5, 'sha1': sha1, 'sha256': sha256 }
return hashes
def get_vt_obj(file):
md5 = get_hash_data(file,"md5")
key = 'YOUR_API_KEY'
url = "https://www.virustotal.com/api/get_file_report.json"
parameters = {"resource": md5, "key": key}
data = urllib.urlencode(parameters)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
vtobj = response.read()
preprocess = json.loads(vtobj)
report = preprocess.get("report")
permalink = preprocess.get("permalink")
result = preprocess.get("result")
hashes = get_hash_object(file)
if int(result) == 1:
scanners = []
last_scan = report[0]
for k, v in report[1].iteritems():
scanner = { 'antivirus' : k, 'signature' : v }
scanners.append(scanner)
vtobj = { 'report' : { 'last_scan':last_scan, 'permalink':permalink, 'hashes' : hashes, 'results' : { 'scanners' : scanners } } }
else:
vtobj = { 'report' : { 'error': "not available" } }
return json.dumps(vtobj)
#remember to define your file and API key
hash = "YOUR_FILE"
vtobject = json.loads(get_vt_obj(hash))
print vtobject
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.