Skip to content

Instantly share code, notes, and snippets.

@milo2012
Forked from rjzak/metascap.py
Created February 4, 2016 15:17
Show Gist options
  • Save milo2012/c71dfd5c75d82cc90a0b to your computer and use it in GitHub Desktop.
Save milo2012/c71dfd5c75d82cc90a0b to your computer and use it in GitHub Desktop.
Python interface to Meta Scan https://www.metascan-online.com
#!/usr/bin/python
import os
import json
import time
import hashlib
import httplib
avList=[]
infectedCount=0
class Result:
def __init__(self, data):
self.data = data
def verdict(self):
return self.data['scan_results']['scan_all_result_a']
def total_avs(self):
return self.data['scan_results']['total_avs']
def scan_percentage(self):
return self.data['scan_results']['progress_percentage']
def scan_result(self):
return self.data['scan_results']['scan_all_result_i']
def __iter__(self):
global infectedCount
for item in self.data['scan_results']['scan_details']:
brandName = (item,self.data['scan_results']['scan_details'][item]['scan_result_i'])[0]
threatFound = self.data['scan_results']['scan_details'][item]['threat_found']
if len(threatFound)>0:
infectedCount+=1
avList.append(brandName)
#yield (item, self.data['scan_results']['scan_details'][item]['scan_result_i'],
# self.data['scan_results']['scan_details'][item]['threat_found'],
# self.data['scan_results']['scan_details'][item]['def_time'])
class Metascan:
def __init__(self, apikey):
self.apikey = apikey
def scan_file(self, filepath, password=None, sharing=1):
headers = {'apikey': self.apikey, 'filename': os.path.basename(filepath)}
if sharing == 1 or sharing == True:
headers['samplesharing'] = 1
else:
headers['samplesharing'] = 0
if password:
headers['archivepwd'] = password
conn = httplib.HTTPSConnection("scan.metascan-online.com")
conn.request("POST", "/v2/file", body=open(filepath, 'rb').read(), headers=headers)
response = conn.getresponse()
if response.status != 200:
time.sleep(3)
return self.scan_file(filepath, password, sharing)
#print response.status, response.reason
data = json.loads(response.read())
conn.close()
return data
def get_result(self, filepath=None, filehash=None):
if filepath is None and filehash is None:
return None
if filepath and not filehash:
filehash = hashlib.sha256(open(filepath, 'rb').read()).hexdigest()
headers = {'apikey': self.apikey,}
conn = httplib.HTTPSConnection("hashlookup.metascan-online.com")
conn.request("GET", "/v2/hash/%s" % filehash, headers=headers)
response = conn.getresponse()
#print response.status, response.reason
data = json.loads(response.read())
conn.close()
return Result(data)
if __name__ == '__main__':
import sys
if len(sys.argv) == 1:
print "Usage: %s <FILE>" % sys.argv[0]
exit()
#if not os.environ.has_key('METASCAN_API_KEY'):
# print "Error: The Metascan API Key isn't in your environment variable."
# print "Please set METASCAN_API_KEY to your API Key value."
# exit()
#key = os.environ['METASCAN_API_KEY']
key = ""
ms = Metascan(key)
for item in sys.argv[1:]:
#print ms.scan_file(item)
ms.scan_file(item)
time.sleep(2)
answer = ms.get_result(filepath=item)
try:
for r in answer:
print r
except:
pass
#print "File is %s, scanned by %d AVs, threat found in %d AVs" % (answer.verdict(), answer.total_avs(), answer.scan_result())
print "- File is %s, scanned by %d AVs, threat found in %d AVs" % (answer.verdict(), answer.total_avs(), infectedCount)
print "- The file was detected on the below AVs as malicious\n"
print ', '.join(avList)
#print infectedCount
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment