-
Notifications
You must be signed in to change notification settings - Fork 0
/
virustotal.py
31 lines (28 loc) · 1.04 KB
/
virustotal.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
""" utility functions for virustotal API """
import hashlib
import json
import requests
HEXCHARS = "0123456789abcdef"
def scan(filename, apikey):
""" checks virustotal for given filename hash for pre-generated reports """
url = "https://www.virustotal.com/vtapi/v2/file/report"
count = len(filename)
if (count == 64 or count == 40 or count == 32) and all(
x in filename for x in HEXCHARS
):
print("Treating {} as a hash, not as a filename".format(filename))
sha256 = filename
elif (
count == 75
and filename[64] == "-"
and all(x in filename for x in HEXCHARS + "-")
):
print("Treating {} as a VirusTotal scan ID, not as a filename".format(filename))
sha256 = filename
else:
with open(filename, "rb") as infile:
contents = infile.read()
sha256 = hashlib.sha256(contents).hexdigest()
params = {"apikey": apikey, "resource": sha256, "allinfo": True}
response = requests.get(url, params=params)
return json.loads(response.text)