uirusu 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8fba998a37e7972030ea7e2e963634c191d1e0e0
4
- data.tar.gz: 2271e8d73ccf95edba19e4248a0f92d317c07234
3
+ metadata.gz: 0d8bd0db705cc4042aab3420b2cfca3d78485313
4
+ data.tar.gz: f4650d576d718833039845d83eb5ccebc4a7ef46
5
5
  SHA512:
6
- metadata.gz: f7d43fe9f146334af62dfa4cc425fb9401af52645b4c5baab6b641f24b9c03944ceb38ace7e1d8739333421a09dd3a3474d430efec8e4917b5d51bf38db7e42b
7
- data.tar.gz: dfd744984a492dd2103eca9f2474da73a716a9f4a4d5f335ac2a2cf4709e5767da855aa1a5ca9f4433660f164f5193ecbac1479fdfaf6d52f3588c6ce2738c5d
6
+ metadata.gz: 89be7b9bd3c0908e4f195dc1c2cbb47d87424b5e21000fc5fbe3859c87dbcd95e621aa70276f731112903216c401e23c96a67a034f94c735a29a759bf140034d
7
+ data.tar.gz: 8c73cd4a596243fa5d0a2ed40378d9bca99df2bf29dbe2708336915f7d571a2138154db0ddee6a44489bae7ceab54d1633751d7fd7a5c99676416191c842e95b
@@ -2,7 +2,7 @@
2
2
 
3
3
  uirusu is an [Virustotal](http://www.virustotal.com) automation and convenience tool for hash, file and URL submission.
4
4
 
5
- The current version is 1.0.1.
5
+ The current version is 1.0.2.
6
6
 
7
7
  ## Requirements
8
8
 
@@ -77,6 +77,45 @@ results = Uirusu::VTComment.post_comment(API_KEY, hash, comment)
77
77
  print results if results != nil
78
78
  ```
79
79
 
80
+ ### Private API Support
81
+ Private API support is supported by the gem, but is not yet supported in the CLI application.
82
+
83
+ Notes:
84
+ * Details on the private API can be found [here](https://www.virustotal.com/en/documentation/private-api)
85
+ * Optional parameters can be sent to the method calls as named parameters (see VTFile#query_report below)
86
+ * #feed and #false_positive are currently not supported, as they require a special API key
87
+
88
+ #### Examples
89
+ Below are some examples specific to the private API.
90
+
91
+ ##### Files
92
+ ```ruby
93
+ # Search for a hash and get additional metadata
94
+ Uirusu::VTFile.query_report(API_KEY, hash, allinfo: 1)
95
+
96
+ # Get a file upload URL for larger files
97
+ Uirusu::VTFile.scan_upload_url(API_KEY)
98
+
99
+ # Submit a file with a callback URL
100
+ Uirusu::VTFile.scan_file(API_KEY, filepath, notify_url: 'http://requestb.in/117n0hb1')
101
+
102
+ # Request a behavioural report on a hash
103
+ Uirusu::VTFile.behaviour(API_KEY, hash)
104
+
105
+ # Request a network traffic report on a hash
106
+ Uirusu::VTFile.network_traffic(API_KEY, hash)
107
+ ```
108
+
109
+ ##### Domains and IPs
110
+ ```ruby
111
+
112
+ # Get a report for a domain
113
+ Uirusu::VTDomain.query_report(API_KEY, domain)
114
+
115
+ # Get a report for an IP address
116
+ Uirusu::VTIPAddr.query_report(API_KEY, ip)
117
+ ```
118
+
80
119
  ##License
81
120
  Uirusu is licensed under the MIT license see the `LICENSE` file for the full license.
82
121
 
@@ -1,5 +1,8 @@
1
1
  # News
2
2
 
3
+ # 1.0.2 (September 21, 2016)
4
+ - Added Private API support [@joshporter1]
5
+
3
6
  # 1.0.1 (July 1, 2016)
4
7
  - Fixed email address
5
8
  - Changed License to MIT
@@ -22,6 +22,57 @@ module Uirusu
22
22
  CONFIG_FILE = "#{Dir.home}/.uirusu"
23
23
  VT_API = "https://www.virustotal.com/vtapi/v2"
24
24
  RESULT_FIELDS = [ :hash, :scanner, :version, :detected, :result, :md5, :sha1, :sha256, :update, :permalink ]
25
+
26
+ protected
27
+ # Queries the API using RestClient and parses the response.
28
+ #
29
+ # @param url [string] URL endpoint to send the request to
30
+ # @param params [hash] Hash of HTTP params
31
+ # @param post [boolean] (optional) Specifies whether to use POST or GET
32
+ #
33
+ # @return [JSON] Parsed response
34
+ def self.query_api(url, params, post=false)
35
+ if params[:apikey] == nil
36
+ raise "Invalid API Key"
37
+ end
38
+
39
+ begin
40
+ if post
41
+ response = RestClient.post url, **params
42
+ else
43
+ response = RestClient.get url, params: params
44
+ end
45
+ rescue => e
46
+ response = e.response
47
+ end
48
+ self.parse_response response
49
+ end
50
+
51
+ # Parses the response or raises an exception accordingly.
52
+ #
53
+ # @param response The response from RestClient
54
+ #
55
+ # @return [JSON] Parsed response
56
+ def self.parse_response(response)
57
+ case response.code
58
+ when 429, 204
59
+ raise "Virustotal limit reached. Try again later."
60
+ when 403
61
+ raise "Invalid privileges, please check your API key."
62
+ when 200
63
+ # attempt to parse it as json, otherwise return the raw response
64
+ # network_traffic and download return non-JSON data
65
+ begin
66
+ JSON.parse(response)
67
+ rescue
68
+ response
69
+ end
70
+ when 500
71
+ nil
72
+ else
73
+ raise "Unknown Server error. (#{response.code})"
74
+ end
75
+ end
25
76
  end
26
77
 
27
78
  require 'json'
@@ -32,6 +83,8 @@ require 'yaml'
32
83
  require 'uirusu/version'
33
84
  require 'uirusu/vtfile'
34
85
  require 'uirusu/vturl'
86
+ require 'uirusu/vtipaddr'
87
+ require 'uirusu/vtdomain'
35
88
  require 'uirusu/vtcomment'
36
89
  require 'uirusu/vtresult'
37
90
  require 'uirusu/scanner'
@@ -20,7 +20,7 @@
20
20
 
21
21
  module Uirusu
22
22
  APP_NAME = "uirusu"
23
- VERSION = "1.0.1"
23
+ VERSION = "1.0.2"
24
24
  HOME_PAGE = "http://arxopia.github.io/uirusu"
25
25
  AUTHOR = "Jacob Hammack"
26
26
  EMAIL = "jacob.hammack@arxopia.com"
@@ -23,6 +23,7 @@ module Uirusu
23
23
  # Virustotal.com public API
24
24
  module VTComment
25
25
  POST_URL = Uirusu::VT_API + "/comments/put"
26
+ GET_URL = Uirusu::VT_API + "/comments/get"
26
27
 
27
28
  # Submits a comment to Virustotal.com for a specific resource
28
29
  #
@@ -32,10 +33,6 @@ module Uirusu
32
33
  #
33
34
  # @return [JSON] Parsed response
34
35
  def self.post_comment(api_key, resource, comment)
35
- if api_key == nil
36
- raise "Invalid API Key"
37
- end
38
-
39
36
  if resource == nil
40
37
  raise "Invalid resource, must be a valid url"
41
38
  end
@@ -44,18 +41,32 @@ module Uirusu
44
41
  raise "You must provide a comment to submit."
45
42
  end
46
43
 
47
- response = RestClient.post POST_URL, :apikey => api_key, :resource => resource, :comment => comment
44
+ params = {
45
+ apikey: api_key,
46
+ resource: resource,
47
+ comment: comment
48
+ }
49
+ Uirusu.query_api POST_URL, params
50
+ end
48
51
 
49
- case response.code
50
- when 429, 204
51
- raise "Virustotal limit reached. Try again later."
52
- when 403
53
- raise "Invalid privileges, please check your API key."
54
- when 200
55
- JSON.parse(response)
56
- else
57
- raise "Unknown Server error."
52
+ # Retrieve a list of comments to Virustotal.com for a specific resource
53
+ #
54
+ # @param [String] api_key Virustotal.com API key
55
+ # @param [String] resource MD5/sha1/sha256/scan_id/URL to search for
56
+ # @param [DateTime] before A datetime token that allows you to iterate over all comments on a specific item whenever it has been commented on more than 25 times
57
+ #
58
+ # @return [JSON] Parsed response
59
+ def self.get_comments(api_key, resource, before=nil)
60
+ if resource == nil
61
+ raise "Invalid resource, must be a valid url"
58
62
  end
63
+
64
+ params = {
65
+ apikey: api_key,
66
+ resource: resource
67
+ }
68
+ params[:before] = before unless before.nil?
69
+ Uirusu.query_api GET_URL, params
59
70
  end
60
71
  end
61
72
  end
@@ -0,0 +1,45 @@
1
+ # Copyright (c) 2010-2016 Arxopia LLC.
2
+ #
3
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ # of this software and associated documentation files (the "Software"), to deal
5
+ # in the Software without restriction, including without limitation the rights
6
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ # copies of the Software, and to permit persons to whom the Software is
8
+ # furnished to do so, subject to the following conditions:
9
+ #
10
+ # The above copyright notice and this permission notice shall be included in
11
+ # all copies or substantial portions of the Software.
12
+ #
13
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ # FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
16
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ # THE SOFTWARE.
20
+
21
+ module Uirusu
22
+ #
23
+ #
24
+ module VTDomain
25
+ REPORT_URL = Uirusu::VT_API + "/domain/report"
26
+
27
+ # Searches reports by Domain from Virustotal.com
28
+ #
29
+ # @param api_key Virustotal.com API key
30
+ # @param domain domain name to search
31
+ #
32
+ # @return [JSON] Parsed response
33
+ def self.query_report(api_key, domain)
34
+ if domain == nil
35
+ raise "Invalid resource, must be a valid domain"
36
+ end
37
+
38
+ params = {
39
+ apikey: api_key,
40
+ domain: domain
41
+ }
42
+ Uirusu.query_api REPORT_URL, params
43
+ end
44
+ end
45
+ end
@@ -23,99 +23,219 @@ module Uirusu
23
23
  # Module for Accessing the File scan and report functionalities of the
24
24
  # Virustotal.com public API
25
25
  module VTFile
26
- SCAN_URL = Uirusu::VT_API + "/file/scan"
27
- RESCAN_URL = Uirusu::VT_API + "/file/rescan"
28
- REPORT_URL = Uirusu::VT_API + "/file/report"
26
+ SCAN_URL = Uirusu::VT_API + "/file/scan"
27
+ SCAN_UPLOAD_URL = Uirusu::VT_API + "/file/scan/upload_url"
28
+ RESCAN_URL = Uirusu::VT_API + "/file/rescan"
29
+ RESCAN_DELETE_URL = Uirusu::VT_API + "/file/rescan/delete"
30
+ REPORT_URL = Uirusu::VT_API + "/file/report"
31
+ BEHAVIOUR_URL = Uirusu::VT_API + "/file/behaviour"
32
+ NETWORK_TRAFFIC_URL = Uirusu::VT_API + "/file/network-traffic"
33
+ SEARCH_URL = Uirusu::VT_API + "/file/search"
34
+ CLUSTERS_URL = Uirusu::VT_API + "/file/clusters"
35
+ DOWNLOAD_URL = Uirusu::VT_API + "/file/download"
36
+ FEED_URL = Uirusu::VT_API + "/file/feed" #not implemented
37
+ FALSE_POSITIVES_URL = Uirusu::VT_API + "/file/false-positives" #not implemented
38
+
29
39
 
30
40
  # Queries a report from Virustotal.com
31
41
  #
32
42
  # @param api_key Virustotal.com API key
33
43
  # @param resource MD5/sha1/sha256/scan_id to search for
44
+ # @params **args named arguments for optional parameters - https://www.virustotal.com/en/documentation/private-api/#get-report
34
45
  #
35
46
  # @return [JSON] Parsed response
36
- def VTFile.query_report(api_key, resource)
37
- if api_key == nil
38
- raise "Invalid API Key"
47
+ def VTFile.query_report(api_key, resource, **args)
48
+ if resource == nil
49
+ raise "Invalid resource, must be md5/sha1/sha256/scan_id"
39
50
  end
40
51
 
52
+ params = {
53
+ apikey: api_key,
54
+ resource: resource
55
+ }
56
+ Uirusu.query_api REPORT_URL, params.merge!(args)
57
+ end
58
+
59
+ # Submits a file to Virustotal.com for analysis
60
+ #
61
+ # @param api_key Virustotal.com API key
62
+ # @param path_to_file Path to file on disk to upload
63
+ # @params **args named arguments for optional parameters - https://www.virustotal.com/en/documentation/private-api/#scan
64
+ #
65
+ # @return [JSON] Parsed response
66
+ def self.scan_file(api_key, path_to_file, **args)
67
+ if !File.exists?(path_to_file)
68
+ raise Errno::ENOENT
69
+ end
70
+
71
+ params = {
72
+ apikey: api_key,
73
+ filename: path_to_file,
74
+ file: File.new(path_to_file, 'rb')
75
+ }
76
+ Uirusu.query_api SCAN_URL, params.merge!(args), true
77
+ end
78
+
79
+ # Retrieves a custom upload URL for files larger than 32MB
80
+ #
81
+ # @param api_key Virustotal.com API key
82
+ #
83
+ # @return [JSON] Parsed response
84
+ def self.scan_upload_url(api_key)
85
+ params = {
86
+ apikey: api_key
87
+ }
88
+ Uirusu.query_api SCAN_UPLOAD_URL, params
89
+ end
90
+
91
+ # Requests an existing file to be rescanned.
92
+ #
93
+ # @param api_key Virustotal.com API key
94
+ # @param resource MD5/sha1/sha256/scan_id to rescan
95
+ # @params **args named arguments for optional parameters - https://www.virustotal.com/en/documentation/private-api/#rescan
96
+ #
97
+ # @return [JSON] Parsed response
98
+ def self.rescan_file(api_key, resource, **args)
99
+ if resource == nil
100
+ raise "Invalid resource, must be md5/sha1/sha256/scan_id"
101
+ end
102
+
103
+ params = {
104
+ apikey: api_key,
105
+ resource: resource
106
+ }
107
+
108
+ Uirusu.query_api RESCAN_URL, params.merge!(args), true
109
+ end
110
+
111
+ # Deletes a scheduled rescan request.
112
+ #
113
+ # @param api_key Virustotal.com API key
114
+ # @param resource MD5/sha1/sha256/scan_id to rescan
115
+ #
116
+ # @return [JSON] Parsed response
117
+ def self.rescan_delete(api_key, resource)
41
118
  if resource == nil
42
119
  raise "Invalid resource, must be md5/sha1/sha256/scan_id"
43
120
  end
44
121
 
45
- response = RestClient.post REPORT_URL, :apikey => api_key, :resource => resource
46
-
47
- case response.code
48
- when 429, 204
49
- raise "Virustotal limit reached. Try again later."
50
- when 403
51
- raise "Invalid privileges, please check your API key."
52
- when 200
53
- JSON.parse(response)
54
- when 500
55
- nil
56
- else
57
- raise "Unknown Server error."
58
- end
122
+ params = {
123
+ apikey: api_key,
124
+ resource: resource
125
+ }
126
+
127
+ Uirusu.query_api RESCAN_DELETE_URL, params, true
59
128
  end
60
129
 
61
- # Submits a file to Virustotal.com for analysis
130
+ # Requests a behavioural report on a hash.
62
131
  #
63
132
  # @param api_key Virustotal.com API key
64
- # @param path_to_file Path to file on disk to upload
133
+ # @param hash MD5/sha1/sha256 to query
65
134
  #
66
135
  # @return [JSON] Parsed response
67
- def self.scan_file(api_key, path_to_file)
68
- if !File.exists?(path_to_file)
69
- raise Errno::ENOENT
136
+ def self.behaviour(api_key, hash)
137
+ if hash == nil
138
+ raise "Invalid hash, must be md5/sha1/sha256"
70
139
  end
71
140
 
72
- if api_key == nil
73
- raise "Invalid API Key"
74
- end
141
+ params = {
142
+ apikey: api_key,
143
+ hash: hash
144
+ }
145
+ Uirusu.query_api BEHAVIOUR_URL, params
146
+ end
75
147
 
76
- response = RestClient.post SCAN_URL, :apikey => api_key, :filename=> path_to_file, :file => File.new(path_to_file, 'rb')
77
-
78
- case response.code
79
- when 429, 204
80
- raise "Virustotal limit reached. Try again later."
81
- when 403
82
- raise "Invalid privileges, please check your API key."
83
- when 200
84
- JSON.parse(response)
85
- else
86
- raise "Unknown Server error."
148
+ # Requests a network traffic report on a hash.
149
+ #
150
+ # @param api_key Virustotal.com API key
151
+ # @param hash MD5/sha1/sha256 to query
152
+ #
153
+ # @return [PCAP] A PCAP file containing the network traffic dump
154
+ def self.network_traffic(api_key, hash)
155
+ if hash == nil
156
+ raise "Invalid hash, must be md5/sha1/sha256"
87
157
  end
158
+
159
+ params = {
160
+ apikey: api_key,
161
+ hash: hash
162
+ }
163
+ Uirusu.query_api NETWORK_TRAFFIC_URL, params
88
164
  end
89
165
 
90
- # Requests an existing file to be rescanned.
166
+ # Perform an advanced reverse search.
91
167
  #
92
168
  # @param api_key Virustotal.com API key
93
- # @param resource MD5/sha1/sha256/scan_id to rescan
169
+ # @param query A search modifier compliant file search query (https://www.virustotal.com/intelligence/help/file-search/#search-modifiers)
170
+ # @param **args named optional arguments - https://www.virustotal.com/en/documentation/private-api/#search
94
171
  #
95
172
  # @return [JSON] Parsed response
96
- def self.rescan_file(api_key, resource)
97
- if api_key == nil
98
- raise "Invalid API Key"
173
+ def self.search(api_key, query, **args)
174
+ if query == nil
175
+ raise "Please enter a valid query."
99
176
  end
100
177
 
101
- if resource == nil
102
- raise "Invalid resource, must be md5/sha1/sha256/scan_id"
178
+ params = {
179
+ apikey: api_key,
180
+ query: query
181
+ }
182
+ Uirusu.query_api SEARCH_URL, params.merge!(args)
183
+ end
184
+
185
+ # Access the clustering section of VT Intelligence.
186
+ #
187
+ # @param api_key Virustotal.com API key
188
+ # @param date A specific day for which we want to access the clustering details, example: 2013-09-10
189
+ #
190
+ # @return [JSON] Parsed response
191
+ def self.clusters(api_key, date)
192
+ if date == nil
193
+ raise "Please enter a valid date (Ex: 2013-09-10)"
103
194
  end
104
195
 
105
- response = RestClient.post RESCAN_URL, :apikey => api_key, :resource => resource
106
-
107
- case response.code
108
- when 429, 204
109
- raise "Virustotal limit reached. Try again later."
110
- when 403
111
- raise "Invalid privileges, please check your API key."
112
- when 200
113
- JSON.parse(response)
114
- when 500
115
- nil
116
- else
117
- raise "Unknown Server error."
196
+ params = {
197
+ apikey: api_key,
198
+ date: date
199
+ }
200
+ Uirusu.query_api CLUSTERS_URL, params
201
+ end
202
+
203
+ # Download a file from vT's store given a hash.
204
+ #
205
+ # @param api_key Virustotal.com API key
206
+ # @param hash The md5/sha1/sha256 of the file you want to download
207
+ #
208
+ # @return [File] the downloaded file
209
+ def self.download(api_key, hash)
210
+ if hash == nil
211
+ raise "Please enter a valid md5/sha1/sha256 hash"
118
212
  end
213
+
214
+ params = {
215
+ apikey: api_key,
216
+ hash: hash
217
+ }
218
+ Uirusu.query_api DOWNLOAD_URL, params
119
219
  end
220
+
221
+ # Retrieve a live feed of all uploaded files to VT.
222
+ #
223
+ # @param api_key Virustotal.com API key
224
+ # @param package Indicates a time window to pull reports on all items received during such window. Only per-minute and hourly windows are allowed, the format is %Y%m%dT%H%M (e.g. 20160304T0900) or %Y%m%dT%H (e.g. 20160304T09). Time is expressed in UTC.
225
+ #
226
+ # @return [JSON] Parsed response
227
+ def self.feed(api_key, package)
228
+ raise "#false_positives not yet implemented. This API call is only available to users that have licensed the unlimited tier of VirusTotal private Mass API."
229
+ end
230
+
231
+ # Allows vendors to consume false positive notifications for files that they mistakenly detect.
232
+ #
233
+ # @param api_key Virustotal.com API key
234
+ # @param limit The number of false positive notifications to consume, if available. The max value is 1000.
235
+ #
236
+ # @return [JSON] Parsed response
237
+ def self.false_positives(api_key, limit=100)
238
+ raise "#false_positives not yet implemented. This API is only available to antivirus vendors participating in VirusTotal."
239
+ end
120
240
  end
121
241
  end
@@ -0,0 +1,45 @@
1
+ # Copyright (c) 2010-2016 Arxopia LLC.
2
+ #
3
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ # of this software and associated documentation files (the "Software"), to deal
5
+ # in the Software without restriction, including without limitation the rights
6
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ # copies of the Software, and to permit persons to whom the Software is
8
+ # furnished to do so, subject to the following conditions:
9
+ #
10
+ # The above copyright notice and this permission notice shall be included in
11
+ # all copies or substantial portions of the Software.
12
+ #
13
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ # FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
16
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ # THE SOFTWARE.
20
+
21
+ module Uirusu
22
+ #
23
+ #
24
+ module VTIPAddr
25
+ REPORT_URL = Uirusu::VT_API + "/ip-address/report"
26
+
27
+ # Searches reports by IP from Virustotal.com
28
+ #
29
+ # @param api_key Virustotal.com API key
30
+ # @param ip IP address to search
31
+ #
32
+ # @return [JSON] Parsed response
33
+ def self.query_report(api_key, ip)
34
+ if ip == nil
35
+ raise "Invalid resource, must be a valid IPv4 address"
36
+ end
37
+
38
+ params = {
39
+ apikey: api_key,
40
+ ip: ip
41
+ }
42
+ Uirusu.query_api REPORT_URL, params
43
+ end
44
+ end
45
+ end
@@ -32,26 +32,15 @@ module Uirusu
32
32
  #
33
33
  # @return [JSON] Parsed response
34
34
  def self.scan_url(api_key, resource)
35
- if api_key == nil
36
- raise "Invalid API Key"
37
- end
38
-
39
35
  if resource == nil
40
36
  raise "Invalid resource, must be a valid url"
41
37
  end
42
38
 
43
- response = RestClient.post SCAN_URL, :apikey => api_key, :url => resource
44
-
45
- case response.code
46
- when 429, 204
47
- raise "Virustotal limit reached. Try again later."
48
- when 403
49
- raise "Invalid privileges, please check your API key."
50
- when 200
51
- JSON.parse(response)
52
- else
53
- raise "Unknown Server error."
54
- end
39
+ params = {
40
+ apikey: api_key,
41
+ resource: resource
42
+ }
43
+ Uirusu.query_api SCAN_URL, params
55
44
  end
56
45
 
57
46
  # Searches reports by URL from Virustotal.com
@@ -60,27 +49,26 @@ module Uirusu
60
49
  # @param resource url to search
61
50
  #
62
51
  # @return [JSON] Parsed response
63
- def self.query_report(api_key, resource)
64
- if api_key == nil
65
- raise "Invalid API Key"
66
- end
67
-
52
+ def self.query_report(api_key, resource, **args)
68
53
  if resource == nil
69
54
  raise "Invalid resource, must be a valid url"
70
55
  end
71
56
 
72
- response = RestClient.post REPORT_URL, :apikey => api_key, :resource => resource
57
+ params = {
58
+ apikey: api_key,
59
+ resource: resource
60
+ }
61
+ Uirusu.query_api REPORT_URL, params.merge!(args)
62
+ end
73
63
 
74
- case response.code
75
- when 429, 204
76
- raise "Virustotal limit reached. Try again later."
77
- when 403
78
- raise "Invalid privileges, please check your API key."
79
- when 200
80
- JSON.parse(response)
81
- else
82
- raise "Unknown Server error."
83
- end
64
+ # Searches reports by URL from Virustotal.com
65
+ #
66
+ # @param api_key Virustotal.com API key
67
+ # @param resource url to search
68
+ #
69
+ # @return [JSON] Parsed response
70
+ def self.feed(api_key, resource, **args)
71
+ raise "#feed not yet implemented. This API call is only available to users that have licensed the unlimited tier of VirusTotal private Mass API."
84
72
  end
85
73
  end
86
74
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: uirusu
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jacob Hammack
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-02 00:00:00.000000000 Z
11
+ date: 2016-09-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -154,7 +154,9 @@ files:
154
154
  - lib/uirusu/scanner.rb
155
155
  - lib/uirusu/version.rb
156
156
  - lib/uirusu/vtcomment.rb
157
+ - lib/uirusu/vtdomain.rb
157
158
  - lib/uirusu/vtfile.rb
159
+ - lib/uirusu/vtipaddr.rb
158
160
  - lib/uirusu/vtresult.rb
159
161
  - lib/uirusu/vturl.rb
160
162
  - uirusu.gemspec