Create a gist now

Instantly share code, notes, and snippets.

A python script that checks if a file is malicious or not against 40+ antivirus databases using the VirusTotal API.
import sys
try:
from termcolor import colored,cprint
except:
print "[*]Please install termcolor[*]"
sys.exit()
try:
import simplejson
except:
print "[*]Please install simplejson library[*]"
import urllib
import urllib2
import hashlib
import os
def check(rsc,file):
parameters= {"resource":rsc,"apikey":"VIRUS_TOTAL_KEY"}
data = urllib.urlencode(parameters)
req = urllib2.Request(url,data)
response = urllib2.urlopen(req)
try:
dt=simplejson.load(response)
except:
cprint(file+": Server Error","yellow")
return
if dt and dt.get('positives'):
cprint("%s INFECTED Detections:%d AV "%(file,dt.get('positives')),'red')
dt=""
else:
cprint("%s CLEAN"%(file),'green')
if len(sys.argv) is not 3:
print "Usage:\n"+sys.argv[0]+" OPTIONS"
print "OPTIONS:\n -f file_name\n -d directory_name"
sys.exit()
url= "https://www.virustotal.com/vtapi/v2/file/report"
if sys.argv[1]=="-d":
path=sys.argv[2]
for (path, dirs, files) in os.walk(path):
for file in files:
f = open(os.path.join(path,file),'rb')
filehash = hashlib.md5()
response=None
while True:
data = f.read(10240)
if len(data) == 0:
break
filehash.update(data)
rsc=filehash.hexdigest()
# print rsc
check(rsc,file)
if sys.argv[1]=="-f":
f=open(sys.argv[2])
filehash=hashlib.md5()
while True:
data = f.read(10240)
if len(data) == 0:
break
filehash.update(data)
rsc=filehash.hexdigest()
check(rsc,sys.argv[2])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment