Created
March 22, 2011 03:32
-
-
Save 9b/880718 to your computer and use it in GitHub Desktop.
Take the existing VirusTotal format and put it into a more user-friendly output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __description__ = 'Convert VT format to a user-friendly format' | |
| __author__ = 'Brandon Dixon' | |
| __version__ = '1.0' | |
| __date__ = '2011/03/21' | |
| import simplejson as json | |
| import urllib | |
| import urllib2 | |
| import hashlib | |
| def get_hash_data(file, type): | |
| if type == "md5": | |
| output = hashlib.md5() | |
| elif type == "sha1": | |
| output = hashlib.sha1() | |
| elif type == "sha256": | |
| output = hashlib.sha256() | |
| else: | |
| output = "Error" | |
| with open(file,'rb') as f: | |
| for chunk in iter(lambda: f.read(8192), ''): | |
| output.update(chunk) | |
| return output.hexdigest() | |
| def get_hash_object(file): | |
| md5 = get_hash_data(file, "md5") | |
| sha1 = get_hash_data(file, "sha1") | |
| sha256 = get_hash_data(file, "sha256") | |
| hashes = { 'md5': md5, 'sha1': sha1, 'sha256': sha256 } | |
| return hashes | |
| def get_vt_obj(file): | |
| md5 = get_hash_data(file,"md5") | |
| key = 'YOUR_API_KEY' | |
| url = "https://www.virustotal.com/api/get_file_report.json" | |
| parameters = {"resource": md5, "key": key} | |
| data = urllib.urlencode(parameters) | |
| req = urllib2.Request(url, data) | |
| response = urllib2.urlopen(req) | |
| vtobj = response.read() | |
| preprocess = json.loads(vtobj) | |
| report = preprocess.get("report") | |
| permalink = preprocess.get("permalink") | |
| result = preprocess.get("result") | |
| hashes = get_hash_object(file) | |
| if int(result) == 1: | |
| scanners = [] | |
| last_scan = report[0] | |
| for k, v in report[1].iteritems(): | |
| scanner = { 'antivirus' : k, 'signature' : v } | |
| scanners.append(scanner) | |
| vtobj = { 'report' : { 'last_scan':last_scan, 'permalink':permalink, 'hashes' : hashes, 'results' : { 'scanners' : scanners } } } | |
| else: | |
| vtobj = { 'report' : { 'error': "not available" } } | |
| return json.dumps(vtobj) | |
| #remember to define your file and API key | |
| hash = "YOUR_FILE" | |
| vtobject = json.loads(get_vt_obj(hash)) | |
| print vtobject |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment