forked from clairmont32/VirusTotal-Tools
-
Notifications
You must be signed in to change notification settings - Fork 1
/
VT_Hash_Search.py
63 lines (46 loc) · 1.7 KB
/
VT_Hash_Search.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"""
Prompt for apikey
Prompt for hash
Request hash report from VT
Parse only non-clean detections- AV name, detection name, version/definitions, VT updated date
Print above info
"""
import requests
from time import sleep
# requests setup
requests.urllib3.disable_warnings()
client = requests.session()
client.verify = False
apikey = input('Enter your API key.')
def get_hash_report(apikey, filehash):
url = 'https://www.virustotal.com/vtapi/v2/file/report'
params = {"apikey": apikey, "resource": filehash, "allinfo": True}
# perform call
r = client.get(url, params=params)
if r.status_code == 429:
print('Encountered rate-limiting. Sleeping for 45 seconds.')
sleep(45)
get_hash_report(apikey, filehash)
elif r.status_code != 200:
print('Encountered unanticipated HTTP error.')
print(r.status_code)
exit(1)
elif r.status_code == 200:
response = r.json()
parse_hash_report(response)
def parse_hash_report(response):
detections = response['positives']
if detections >= 1:
scan_results = response['scans']
print('\nAV Name, Malware Name, Definitions Version, Last Updated')
for vendor in scan_results:
if scan_results[vendor]['detected']:
info_date = scan_results[vendor]['update']
detected_name = scan_results[vendor]['result']
definition_version = scan_results[vendor]['version']
print('{!s}, {!s}, {!s}, {!s}'.format(vendor, detected_name, definition_version, info_date))
else:
print('No malicious detections found.')
while True:
filehash = input('Enter a file hash: \n')
get_hash_report(apikey, filehash)