Skip to content

Instantly share code, notes, and snippets.

@wirehack7

wirehack7/Virustotal.class.php

Last active September 5, 2015 18:18
Show Gist options
  • Save wirehack7/fccc32806221c4c803dd to your computer and use it in GitHub Desktop.
Save wirehack7/fccc32806221c4c803dd to your computer and use it in GitHub Desktop.
Download ZIP
Simpe VT API 2.0 PHP class
Raw
Virustotal.class.php
<?php
/*
* VirusTotal API 2.0 class
* by @wirehack7
*
* License:
* GNU GENERAL PUBLIC LICENSE
* Version 3, 29 June 2007
*
* This is just a small class I made for me to have a fast way to access the VT API via PHP.
* It hasn't a really good error response, just returns false if something is wrong. Yet... I will add that later.
* [] = choose one option, this param is neccesary
* {} = this param is optional
*
* Usage:
* Prepare the class: $vt = new Virustotal([API key], {json OR array});
* Put your public API key in. The second parameter is to choose between returning JSON string or array.
*
* Functions:
* getScan([file/domain/url/ip], type [file/domain/url/ip], {json OR array})
* Will return the API response of VT as JSON string or array.
* redoScan([file], {json OR array})
* Rescan a file.
* comment([comment], [item], {json OR array})
* Comment on an entry. To add line breaks put the comment string in "" for the var and use \n for line break.
* Item is md5/sha1/sha256 hash or the url you want to comment on
* sendItem([file OR url], [file OR url], {json OR array})
* Send a file or URL to check. When submitting a URL, you can also choose send up to 4 URL's, put them in a one dimensional array.
* When sending a file you can specify the filename manualy, just use an array with first item the file path, second one the filename. ie: $file = array('/home/me/asd5a7s65dsa6dad.bin','spam.exe');
*
* Optional notes:
* define DEBUG to true for a more verbose output, class will echo curl verbose.
*
*/
class Virustotal {
private $apikey;
private $url;
private $post;
private $post_string;
private $request;
private $file;
private $filename;
protected $method;
protected $result;
protected $output;
protected $param;
# Switch this to 'true' if you want to verify the peer, set to false because this causes errors on some machines
private $SSLverifypeer = true;
function __construct($apikey = false, $output = 'json')
{
if($apikey == false) return false;
$this->apikey = $apikey;
$this->output = $output;
}
private function checkdomain($domain)
{
if(preg_match('/^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+$/',$domain)) return true;
return false;
}
private function sendcURL($request = false, $method = false, $url = false, $output = false, $upload = false)
{
if(!$output){ $output = $this->output; }
if(!$request || !$method || !$url || !is_array($request) || !filter_var($url,FILTER_VALIDATE_URL)) return false;
foreach($request as $key=>$value) { $this->post_string .= $key.'='.$value.'&'; }
$this->post_string = rtrim($this->post_string, '&');
if($method == 'GET') $url = $url.'?'.$this->post_string;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
if(DEBUG == true){ curl_setopt($ch,CURLOPT_VERBOSE, true); }
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_setopt($ch, CURLOPT_FORBID_REUSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->SSLverifypeer);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->SSLverifypeer);
if($method == 'POST')
{
if($upload != false)
{
#curl_setopt($ch, CURLOPT_INFILESIZE, filesize(realpath($upload)));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
}
else
{
curl_setopt($ch, CURLOPT_POST, count($request));
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->post_string);
}
}
$this->result = curl_exec($ch);
if(DEBUG == true) echo "HTTP/1.0 ".curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if(empty($this->result)) return "No response, API key wrong?";
if($output != 'json'){ $this->result = json_decode($this->result, true); }
return $this->result;
}
function getScan($item = false, $type = 'file', $output = false)
{
if(!$output){ $output = $this->output; }
$type = strtolower($type);
# Switch case on type, will set correct URL and request method
switch($type)
{
case 'file':
$this->url = 'https://www.virustotal.com/vtapi/v2/file/report';
$this->method = 'POST';
$this->param = 'resource';
break;
case 'url':
if(!filter_var($item,FILTER_VALIDATE_URL))
{
if(DEBUG == true){ echo 'Not a valid URL!'; }
return false;
break;
}
$this->url = 'http://www.virustotal.com/vtapi/v2/url/report';
$this->method = 'POST';
$this->param = 'resource';
break;
case 'ip':
if(!filter_var($item,FILTER_VALIDATE_IP,FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_IPV4))
{
if(DEBUG == true){ echo 'Not a valid IP!'; }
return false;
break;
}
$this->url = 'http://www.virustotal.com/vtapi/v2/ip-address/report';
$this->method = 'GET';
$this->param = 'ip';
break;
case 'domain':
if(!$this->checkdomain($item))
{
if(DEBUG == true){ echo 'Not a valid domain!'; }
return false;
break;
}
$this->url = 'http://www.virustotal.com/vtapi/v2/domain/report';
$this->method = 'GET';
$this->param = 'domain';
break;
default:
return false;
break;
}
if(empty($item) && empty($this->apikey)) return false;
$this->request = array($this->param => $item, 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,$this->method,$this->url, $output);
return $this->result;
}
function redoScan($item,$output = false)
{
if(!$output){ $output = $this->output; }
if(empty($item) && empty($this->apikey)) return false;
$this->request = array('resource' => $item, 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,'POST','https://www.virustotal.com/vtapi/v2/file/rescan', $output);
return $this->result;
}
function comment($comment = false, $item = false, $output = false)
{
if(!$output){ $output = $this->output; }
if(empty($comment) || empty($item) || $comment == false || $item == false) return false;
$this->request = array('comment' => $comment, 'resource' => $item, 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,'POST','https://www.virustotal.com/vtapi/v2/comments/put', $output);
return $this->result;
}
function sendItem($item = false, $type = 'file', $output = false)
{
if(!$output){ $output = $this->output; }
if($type == 'file'){
if(is_array($item))
{
if(count($item) != 2) return false;
$this->file = $item[0];
$this->filename = $item[1];
if(!is_readable($this->file)) return false;
$this->request = array('file' => '@'.realpath($this->file).';type='.mime_content_type($this->file).';filename='.$this->filename, 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,'POST','https://www.virustotal.com/vtapi/v2/file/scan', $output);
return $this->result;
}
else
{
$this->file = $item;
if(!is_readable($this->file)) return false;
$this->request = array('file' => '@'.realpath($this->file).';type='.mime_content_type($this->file).';filename='.basename($this->file), 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,'POST','https://www.virustotal.com/vtapi/v2/file/scan', $output, $this->file);
return $this->result;
}
}
else
{
if(is_array($item) && count($item) > 4) return false;
if(!is_array($item)) $item = array($item);
if(!is_array($item)) return false;
$request = '';
foreach($item as $url)
{
if(!filter_var($url,FILTER_VALIDATE_URL)) return false;
$request = $request.$url."\n";
}
$request = rtrim($request,PHP_EOL);
$this->request = array('url' => $request, 'apikey' => $this->apikey);
$this->result = $this->sendcURL($this->request,'POST','https://www.virustotal.com/vtapi/v2/url/scan');
return $this->result;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment