Skip to content

Instantly share code, notes, and snippets.

@jeansouzak
Created June 26, 2023 06:14
Show Gist options
  • Save jeansouzak/58424863da6558539569ab3cfea0edea to your computer and use it in GitHub Desktop.
Save jeansouzak/58424863da6558539569ab3cfea0edea to your computer and use it in GitHub Desktop.
VirusTotal URL Scanner: Analyzing URLs from a List and Generating a Suspicious URL Output File
import requests
import argparse
class URLAnalyzerInterface:
def is_suspicious(self, url):
pass
class VirusTotalAnalyzer(URLAnalyzerInterface):
def __init__(self, api_key):
self.api_key = api_key
def send_url(self, url):
endpoint = "https://www.virustotal.com/api/v3/urls"
payload = f"url={url}"
headers = {
"accept": "application/json",
"x-apikey": self.api_key,
"content-type": "application/x-www-form-urlencoded"
}
response = requests.post(endpoint, data=payload, headers=headers)
response.raise_for_status()
return response.json()
def analyze_result(self, analysis_id):
endpoint = f"https://www.virustotal.com/api/v3/analyses/{analysis_id}"
headers = {
"x-apikey": self.api_key
}
response = requests.get(endpoint, headers=headers)
response.raise_for_status()
return response.json()
def is_suspicious(self, url):
try:
analysis_response = self.send_url(url)
analysis_id = analysis_response["data"]["id"]
result_response = self.analyze_result(analysis_id)
status = result_response["data"]["attributes"]["status"]
if status == "completed":
stats = result_response["data"]["attributes"]["stats"]
malicious = stats["malicious"]
suspicious = stats["suspicious"]
is_suspicious = malicious > 0 or suspicious > 0
print(f"[Suspicious - {is_suspicious}] {url}")
return is_suspicious
except requests.exceptions.HTTPError as e:
print(f"Failed to verify URL {url}: {e}")
return False
def main(api_key):
virus_total_analyzer = VirusTotalAnalyzer(api_key)
url_analyzer = virus_total_analyzer
with open("check_urls.txt", "r") as file:
urls = file.readlines()
suspicious_urls = []
for url in urls:
url = url.strip()
if url_analyzer.is_suspicious(url):
suspicious_urls.append(url)
with open("suspicious_urls.txt", "w") as file:
file.write("\n".join(suspicious_urls))
print("Analysis completed. Suspicious URLs has been saved in suspicious_urls.txt.")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Scans URLs in a file for suspected viruses.")
parser.add_argument("api_key", help="VirusTotal API Key")
args = parser.parse_args()
main(args.api_key)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment