[PYTHON] Regarding VirusTotal API

Purpose

A meeting to learn how to use VirusTotal's API and create a tool that contributes to the anti-malware industry

Premise

python 2.7.5

Repository for the time being in both rabbits and horns

https://github.com/kanokanoka/virustotal_api/

What is VirusTotal?

it's here. https://www.virustotal.com/

The page is, for example, how to use it, but if you insert a suspicious file, it will be applied to various antiviruses to judge whether it is suspicious or not, and it will return various analysis information. You can also see the results of other people's calls, so you can, for example, know the hash value and see if it has already been parsed.

So what is the VirusTotal API?

An API that allows you to use the functions of virustotal programmatically is open to the public, and you can probably get information returned by throwing a hash value, and you can do various other things (Reference 1.).

How to use the basics

If you register as a user, the API key will be issued individually, so enter it. For hash, enter the file hash.

#!/usr/bin/env python

import sys
import json
import urllib

#hash = "this is hash area"
hash= "hash"

url= "https://www.virustotal.com/vtapi/v2/file/report"
param = {"resource":hash, "apikey": "Write your own api key"}

data= urllib.urlencode(param)
req=urllib.urlopen(url,data)
json=req.read()
print json

This will bring json back.

What to make

If you look at the API collection roughly, it seems that the following are APIs.

--Send files to scan, rescan --Send a hash to search the report --Send URL and scan --Send IP address and scan

Mental arithmetic is a "GUI that can be easily executed by each", but there is no trick. You just have to use the official. Try a little more thought.

References

  1. Official API https://www.virustotal.com/ja/documentation/public-api/

  2. How to use VirusTotal API http://www.morihi-soc.net/?p=600

Recommended Posts

Regarding VirusTotal API
Regarding transformer
Regarding Pyston 0.3