salawank

VT_Url-IP.py

Feb 17th, 2014
120
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. import json
  3. import json as simplejson
  4. import urllib
  5. import urllib2
  6. import sys
  7. import time
  8. from IPy import IP
  9.  
  10. """
  11. VirusTotal encourage you to retrieve the latest report on the URL before performing the submission,
  12. if it is recent enough you might want to save time and bandwidth by making use of it.
  13. Keep in mind that URLs sent using the API have the lowest scanning priority, depending on VirusTotal's load,
  14. it may take several hours before the URL is scanned, so query the report at regular intervals until the result shows up
  15. and do not keep submitting the URL once and over again.
  16. """
  17. apikey = "YOUR VT API KEY"
  18.  
  19. def howto():
  20.     print '\n===============================================\
  21.           \nVT URL / IP Scan tdr[dot]local[at]gmail[dot]com\n==============================================='
  22.     print 'Usage: VT_Url-IP.py <-url|-ip> <parameter>'
  23.     sys.exit(1)
  24.    
  25. def main():
  26.  
  27.     if len(sys.argv)<=2:
  28.         howto()
  29.        
  30.     global input_options
  31.     global input_para
  32.    
  33.     input_options = sys.argv[1]
  34.     input_para = sys.argv[2]
  35.    
  36.     if input_options == '-url':
  37.                
  38.         url2 = "https://www.virustotal.com/vtapi/v2/url/report"
  39.         parameters2 = {"resource": input_para, "apikey": apikey}
  40.         data2 = urllib.urlencode(parameters2)
  41.         req2 = urllib2.Request(url2, data2)
  42.         response2 = urllib2.urlopen(req2)
  43.         json2 = response2.read()
  44.         #print json2
  45.         try:
  46.             global response_dict
  47.             response_dict = simplejson.loads(json2)
  48.         except ValueError:
  49.             print "No JSON object could be decoded. Sending for submission.."
  50.             return scan()
  51.    
  52.         date = response_dict.get("scan_date")
  53.         if response_dict.get("verbose_msg") == 'The requested resource is not among the finished, queued or pending scans':
  54.             print '\nURL report is not available!'
  55.             s = raw_input('Send for scan? Keep in mind that URLs sent using the API \nhave the lowest scanning priority (y/n)')
  56.             if s == 'y':
  57.                 return scan()
  58.             else:
  59.                 print 'Bye-bye'
  60.                 sys.exit()
  61.         else:
  62.             if date[0:4] == '2012':
  63.                 print '\nReport is older than current year: '+date
  64.                 s = raw_input('Send for rescan? Keep in mind that URLs sent using the API \nhave the lowest scanning priority (y/n)')
  65.                 if s == 'y':
  66.                     return scan()
  67.                 elif s == 'n':
  68.                     return result()
  69.                 else:
  70.                     print 'Invalid option.Exiting.'
  71.                     sys.exit()
  72.             result()
  73.            
  74.     elif input_options == '-ip':
  75.         try:
  76.             IP(input_para) #test for valid IP from IPy module
  77.             url = 'https://www.virustotal.com/vtapi/v2/ip-address/report'
  78.             parameters = {'ip': input_para, 'apikey': '47e428f4e7b84a1bbdbeff0108d97163e6a27c3b8af5802b9554801c493da747'}
  79.             response = urllib.urlopen('%s?%s' % (url, urllib.urlencode(parameters))).read()
  80.             response_dict = json.loads(response)
  81.             #print response_dict
  82.  
  83.             lala = response_dict.get("resolutions")
  84.             detect_url = response_dict.get("detected_urls")
  85.  
  86.             #print detect_url
  87.             print "\n======================\nVT IP address reports\n======================"
  88.             print "\nIP address: " + input_para + "\n"
  89.             print "last_resolved\t\t\thostname\n----------------------------------------"
  90.  
  91.             try:
  92.                 for k in lala:
  93.                 #print k
  94.                     t = '\t\t'.join(str(e) for e in k.values())
  95.                     if 'None' in t:
  96.                         t = '\t\t\t\t'.join(str(e) for e in k.values())
  97.                         print t
  98.                     else: print t
  99.                 print '\nDetected URLs\n---------------'
  100.                 print 'Date\t\t\tRatio\t\t\tURL\n'
  101.                 for detected in detect_url:
  102.                     value = detected.values()
  103.                     print value[3] +"     "+ str(value[1]) + "/" + str(value[2]) + "\t" + value[0]
  104.             except TypeError:
  105.                 print '*Not detected/Not in dataset*'
  106.         except ValueError:
  107.             print '\nLimit 4 submissions per minute or Please insert valid IP address!'
  108.     else:
  109.         howto()
  110.    
  111. def result():
  112.     print "\nOlder/Most recent report:\n------------------------"
  113.     print "Scan date on: " +response_dict.get("scan_date")
  114.     print "URL: " +response_dict.get("url")
  115.     print "Total scanner: " + str(response_dict.get("total"))
  116.     print "Positives: " + str(response_dict.get("positives")) +"\n"
  117.    
  118.     lala = response_dict.get("scans").items()
  119.     print 'URL scanner results:\n-------------------\n'
  120.     for k, v in lala:
  121.         #detect = ' '.join('{}->{}'.format(key, val) for key, val in v.items())
  122.         value = v.values()
  123.         if 'True' in str(value[0]):
  124.             print ('%25s     %s' % (k , value[1]))
  125.     print '\n\t\t  **End of results**'
  126.     print '_______________________________\nPermalink:'
  127.     print response_dict.get("permalink")
  128.    
  129. def scan():
  130.     url = "https://www.virustotal.com/vtapi/v2/url/scan"
  131.     parameters = {"url": input_para, "apikey": apikey}
  132.     data = urllib.urlencode(parameters)
  133.     req = urllib2.Request(url, data)
  134.     response = urllib2.urlopen(req)
  135.     json = response.read()
  136.     #print json
  137.     try:
  138.         response_dict = simplejson.loads(json)
  139.         print "\n"+response_dict.get("scan_date")
  140.         print response_dict.get("verbose_msg")
  141.     except ValueError:
  142.         print "No JSON object could be decoded..retrying in 60secs"
  143.         time.sleep(60)
  144.  
  145. if __name__ == '__main__':
  146.     main()
RAW Paste Data