uirusu 0.0.0 → 0.0.1

data/NEWS.markdown

@@ -2,4 +2,4 @@
 
 # 0.0.1 (??)
 - Rename ruby-virustotal/virustotal gem to uirusu, to prevent being sued.
-- Complete rewrite of those gems
+- Complete rewrite of the gem

data/README.markdown

@@ -1,2 +1,44 @@
 # uirusu
 
+uirusu is [virustotal](http://www.virustotal.com) automation and convenience tool for hash, file and URL submission.
+
+The current version is 0.0.1
+
+## Requirements
+
+* ruby
+* rubygems
+* json
+* rest-client
+
+* **public api key from [virustotal.com](http://www.virustotal.com)**
+
+## Installation
+
+	% gem install uirusu
+	% uirusu [options]
+
+## Usage
+
+### Searching a file of hashes
+
+	% uirusu -f <file_with_hashes_one_per_line>
+
+### Searching a single hash
+
+	% uirusu -h FD287794107630FA3116800E617466A9
+
+### Searching a file of hashes and outputting to XML
+	% uirusu -f <file_with_hashes_one_per_line> -x
+
+### Upload a file to Virustotal and wait for analysis
+	% uirusu -u </path/to/file>
+
+### Search for a single URL
+	% uirusu -s "http://www.google.com"
+
+### Saving results to a file
+	% uirusu -s "http://www.google.com" --yaml-output > file.yaml
+
+## Contact
+You can reach me at Jacob[dot]Hammack[at]hammackj[dot]com or http://www.hammackj.com

data/Rakefile

@@ -19,10 +19,10 @@ task :clean do
 	system "rm -rf coverage"
 end
 
-task :default => [:test_unit]
+task :default => [:test]
 
-Rake::TestTask.new("test_unit") { |t|
+Rake::TestTask.new("test") do |t|
 	t.libs << "test"
   t.pattern = 'test/*/*_test.rb'
   t.verbose = true
-}
+end

data/bin/uirusu

@@ -1,3 +1,9 @@
 #!/usr/bin/env ruby
 
-puts "Not implemented yet."
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '/../lib'))
+
+require 'rubygems'
+require 'uirusu'
+
+app = Uirusu::CLI::Application.new
+app.main(ARGV)

data/lib/uirusu.rb

@@ -1,6 +1,6 @@
 module Uirusu
 	APP_NAME = "uirusu"
-	VERSION = "0.0.0"
+	VERSION = "0.0.1"
 	CONFIG_FILE = "~/.uirusu"
 end
 
@@ -8,3 +8,9 @@ require 'json'
 require 'rest_client'
 require 'optparse'
 require 'yaml'
+
+require 'uirusu/vtfile'
+require 'uirusu/vturl'
+require 'uirusu/vtcomment'
+require 'uirusu/vtresult'
+require 'uirusu/cli/application'

data/lib/uirusu/cli/application.rb

@@ -0,0 +1,243 @@
+module Uirusu
+	module CLI
+		class Application
+		
+			# Creates a new instance of the [Application] class
+			#
+			def initialize
+				@options = {}
+				@config = {}
+				@hashes = Array.new
+				@files_of_hashes = Array.new
+				@sites = Array.new
+				@uploads = Array.new
+			end
+		
+			# Parses the command the line options and returns the parsed options hash
+			#
+			# @return [Hash] of the parsed options
+			def parse_options(args)
+				begin
+					@options['output'] = :stdout
+					@options['verbose'] = false
+				
+					opt = OptionParser.new do |opt|
+						opt.banner =	"#{APP_NAME} v#{VERSION}\nJacob Hammack\nhttp://www.hammackj.com\n\n"
+						opt.banner << "Usage: #{APP_NAME} <options>"
+						opt.separator('')
+						opt.separator("File Options")
+				
+						opt.on('-h HASH', '--search-hash HASH', 'Searches a single hash on virustotal.com') do |hash| 
+							@hashes.push(hash)
+						end
+
+						opt.on('-f FILE', '--search-hash-file FILE', 'Searches a each hash in a file of hashes on virustotal.com') do |file|
+							if File.exists?(file)
+								puts "[+] Adding file #{file}" if @options["verbose"]
+								@files_of_hashes.push(file)
+							else
+								puts "[!] #{file} does not exist, please check your input!\n"
+							end
+						end
+					
+						opt.on('-u FILE', '--upload-file FILE', 'Uploads a file to virustotal.com for analysis') do |file|
+							if File.exists?(file)
+								puts "[+] Adding file #{file}" if @options["verbose"]
+								@uploads.push(file)
+							else
+								puts "[!] #{file} does not exist, please check your input!\n"
+							end
+						end
+
+						opt.separator('')
+						opt.separator("Url Options")
+						
+						opt.on('-s SITE', '--search-site SITE', 'Searches for a single url on virustotal.com') { |site| 
+							@sites.push(site)
+						}
+												
+						opt.separator('')
+						opt.separator('Output Options')
+
+						opt.on('-x', '--xml-output', 'Print results as xml to stdout') do
+							@options["output"] = :xml
+						end
+			
+						opt.on('-y', '--yaml-output', 'Print results as yaml to stdout') do
+							@options['output'] = :yaml
+						end
+					
+						opt.on('--stdout-output', 'Print results as normal text line to stdout, this is default') do
+							@options['output'] = :stdout
+						end
+
+						opt.separator ''
+						opt.separator 'Advanced Options'
+
+						opt.on('-c', '--create-config', 'Creates a skeleton config file to use') do					
+							if File.exists?(File.expand_path(CONFIG_FILE)) == false
+								File.open(File.expand_path(CONFIG_FILE), 'w+') do |f| 
+									f.write("virustotal: \n  api-key: \n  timeout: 25\n\n") 
+								end
+
+								puts "[*] An empty #{File.expand_path(CONFIG_FILE)} has been created. Please edit and fill in the correct values."
+								exit
+							else
+								puts "[!]  #{File.expand_path(CONFIG_FILE)} already exists. Please delete it if you wish to re-create it."
+								exit
+							end
+						end
+
+						opt.on('--[no-]verbose', 'Print verbose information') do |v|
+							@options["verbose"] = v
+						end
+				
+						opt.separator ''
+						opt.separator 'Other Options'
+				
+						opt.on('-v', '--version', "Shows application version information") do
+							puts "#{APP_NAME} - #{VERSION}"
+							exit
+						end
+
+						opt.on_tail("-?", "--help", "Show this message") { |help|
+							puts opt.to_s + "\n"
+							exit
+						} 
+					end
+							
+				  if ARGV.length != 0 
+				    opt.parse!
+				  else
+				    puts opt.to_s + "\n"
+					  exit
+					end		
+				rescue OptionParser::MissingArgument => m
+					puts opt.to_s + "\n"
+					exit
+				end
+			end
+			
+			# Loads the .uirusu config file for the api key
+			#
+			def load_config
+				if File.exists?(File.expand_path(CONFIG_FILE))
+					@config = YAML.load_file File.expand_path(CONFIG_FILE)
+				else
+					STDERR.puts "[!] #{CONFIG_FILE} does not exist. Please run #{APP_NAME} --create-config, to create it."
+					exit
+				end
+			end
+			
+			# Submits a file/url and waits for analysis to be complete and returns the results.
+			#
+			# @param mod
+			# @param resource
+			# @param attempts
+			#
+			def scan_and_wait(mod, resource, attempts)
+				method = nil
+				retries = attempts
+				
+				if mod.name == "Uirusu::VTFile"
+					method = mod.method :scan_file
+				else
+					method = mod.method :scan_url
+				end
+
+				begin
+					STDERR.puts "[*] Attempting to upload file #{resource}" if  @options["verbose"]
+					result = method.call(@config["virustotal"]["api-key"], resource)					
+				rescue => e
+					STDERR.puts "[!] An error has occured uploading the file. Retrying 60 seconds up #{retries} retries.\n" if  @options["verbose"]
+					if retries >= 0
+						sleep 60
+						retry
+						retries = retries - 1
+					end
+				end
+				
+				begin
+					if result['response_code']	== 1
+						results = mod.query_report(@config["virustotal"]["api-key"], result['resource'])
+						
+						while results["response_code"] != 1
+							STDERR.puts "[*] File has not been analyized yet, waiting 60 seconds to try again" if  @options["verbose"]
+							sleep 60				
+							results = mod.query_report(@config["virustotal"]["api-key"], result['resource'])
+						end
+					
+						return [result['resource'], results]
+					elsif result['response_code']	== -2
+						STDERR.puts "[!] Virustotal limits exceeded, ***do not edit the timeout values.***" 
+						exit(1)
+					else
+						nil
+					end	
+				rescue => e					
+					STDERR.puts "[!] An error has occured retrieving the report. Retrying 60 seconds up #{retries} retries.\n" if  @options["verbose"]
+					if retries >= 0
+						sleep 60
+						retry
+						retries = retries - 1
+					end				
+				end
+			end
+			
+			#
+			#
+			def main(args)
+				parse_options(args)
+				load_config
+				
+				if @options['output'] == :stdout
+					output_method = :to_stdout
+				elsif @options['output'] == :yaml
+					output_method = :to_yaml
+				elsif @options['output'] == :xml
+					output_method = :to_xml
+					print "<results>\n"
+				end
+
+				if @files_of_hashes != nil
+					@files_of_hashes.each do |file|
+						f = File.open(file, 'r')
+
+					  f.each do |hash|
+					  	hash.chomp!
+					    @hashes.push hash
+					  end
+					end
+				end		
+
+				if @hashes != nil
+					@hashes.each do |hash|
+						results = Uirusu::VTFile.query_report(@config["virustotal"]["api-key"], hash)
+						result = Uirusu::VTResult.new(hash, results)
+						print result.send output_method if result != nil
+					end
+				end
+
+				if @sites != nil
+					@sites.each do |url|
+						results = scan_and_wait(Uirusu::VTUrl, url, 5)
+						result = Uirusu::VTResult.new(results[0], results[1])
+						print result.send output_method if result != nil
+					end
+				end
+
+				if @uploads != nil
+					@uploads.each do |upload|
+						results = scan_and_wait(Uirusu::VTFile, upload, 5)
+						result = Uirusu::VTResult.new(results[0], results[1])						
+						print result.send output_method if result != nil
+					end
+				end
+
+				if @options['output'] == :xml
+					print "</results>\n"
+				end
+			end
+		end
+	end
+end

data/lib/uirusu/vtcomment.rb

@@ -0,0 +1,41 @@
+module Uirusu
+	# Module for submiting comments to Virustotal.com resources using the
+	# Virustotal.com public API
+	module VTComment
+		POST_URL = "https://www.virustotal.com/vtapi/v2/comments/put"
+		
+		# Submits a comment to Virustotal.com for a specific resource
+		#
+		# @param [String] api_key Virustotal.com API key
+		# @param [String] resource MD5/sha1/sha256/scan_id to search for
+		# @param [String] comment Comment to post to the resource
+		#
+		# @return [JSON] Parsed response
+		def self.post_comment(api_key, resource, comment)
+			if api_key == nil
+				raise "Invalid API Key"
+			end
+			
+			if resource == nil
+				raise "Invalid resource, must be a valid url"
+			end
+			
+			if comment == nil
+				raise "You must provide a comment to submit."
+			end
+			
+			response = RestClient.post POST_URL, :apikey => api_key, :resource => resource, :comment => comment
+			
+			case response.code
+				when 429
+					raise "Virustotal limit reached. Try again later."
+				when 403
+					raise "Invalid privileges, please check your API key."
+				when 200
+					JSON.parse(response)
+				else
+					raise "Unknown Server error."
+			end
+		end
+	end
+end

data/lib/uirusu/vtfile.rb

@@ -0,0 +1,66 @@
+module Uirusu
+	# Module for Accessing the File scan and report functionalities of the
+	# Virustotal.com public API
+	module VTFile
+		SCAN_URL = "http://www.virustotal.com/vtapi/v2/file/scan"
+		REPORT_URL = "https://www.virustotal.com/vtapi/v2/file/report"
+		
+		# Queries a report from Virustotal.com
+		#
+		# @param api_key Virustotal.com API key
+		# @param resource MD5/sha1/sha256/scan_id to search for
+		#
+		# @return [JSON] Parsed response
+		def VTFile.query_report(api_key, resource)
+			if api_key == nil
+				raise "Invalid API Key"
+			end
+			
+			if resource == nil
+				raise "Invalid resource, must be MD5/sha1/sha256/scan_id"
+			end
+
+			response = RestClient.post REPORT_URL, :apikey => api_key, :resource => resource
+			
+			case response.code
+				when 429
+					raise "Virustotal limit reached. Try again later."
+				when 403
+					raise "Invalid privileges, please check your API key."
+				when 200
+					JSON.parse(response)
+				when 500
+					nil
+			end
+		end
+		
+		# Submits a file to Virustotal.com for analysis
+		# 
+		# @param api_key Virustotal.com API key
+		# @param path_to_file Path to file on disk to upload
+		#
+		# @return [JSON] Parsed response
+		def self.scan_file(api_key, path_to_file)		
+			if !File.exists?(path_to_file)
+				raise Errno::ENOENT
+			end
+			
+			if api_key == nil
+				raise "Invalid API Key"
+			end
+				
+			response = RestClient.post SCAN_URL, :apikey => api_key, :filename=> path_to_file, :file => File.new(path_to_file, 'rb')
+			
+			case response.code
+				when 429
+					raise "Virustotal limit reached. Try again later."
+				when 403
+					raise "Invalid privileges, please check your API key."
+				when 200
+					JSON.parse(response)
+				else
+					raise "Unknown Server error."
+			end
+		end
+	end
+end

data/lib/uirusu/vtresult.rb

@@ -0,0 +1,132 @@
+module Uirusu
+	#
+	#
+	class VTResult
+		def initialize hash, result
+			if result == nil
+				return
+			end
+
+			@results = Array.new
+
+			if result["response_code"] == 0
+				res = Hash.new
+				res['hash'] = hash
+				res['scanner'] = '-'
+				res['md5'] = '-'
+				res['sha1'] = '-'
+				res['sha256'] = '-'
+				res['detected'] = '-'
+				res['version'] = '-'
+				res['result']  = '-'
+				res['update'] = '-'
+				res['permalink'] = '-'
+				res['result'] = result["verbose_msg"]
+
+				@results.push res
+			elsif result["response_code"] == 0
+				puts "[!] Invalid API KEY! Please correct this! Check ~/.uirusu"
+				exit
+			else
+				permalink = result["permalink"]
+				date = result["scan_date"]
+				md5 = result["md5"]
+				sha1 = result["sha1"]
+				sha256 = result["sha256"]
+				
+				result["scans"].each do |scanner, value|
+					if value != ''
+						res = Hash.new
+						res['hash'] = hash
+						res['md5'] = md5
+						res['sha1'] = sha1
+						res['sha256'] = sha256
+						res['scanner'] = scanner
+						res['detected'] = value["detected"]
+						res['version'] = value["version"]
+
+						if value["result"] == nil
+							res['result'] = "Nothing detected"
+						else
+							res['result']  = value["result"]
+						end
+						
+						res['update'] = value['update']
+						res['permalink'] = permalink unless permalink == nil
+
+						@results.push res
+					end
+				end
+			end
+			
+			#if we didn't have any results let create a fake not found
+			if @results.size == 0
+				res = Hash.new
+				res['hash'] = hash
+				res['scanner'] = '-'
+				res['md5'] = '-'
+				res['sha1'] = '-'
+				res['sha256'] = '-'
+				res['permalink'] = '-'
+				res['detected'] = '-'
+				res['version'] = '-'
+				res['result']  = '-'
+				res['update'] = '-'
+				res['result'] = result["verbose_msg"]
+				@results.push res				
+			end
+		end
+
+		#
+		#
+		def to_stdout
+			result_string = String.new
+			@results.each do |result|				
+				result_string << "#{result['hash']}: Scanner: #{result['scanner']} Result: #{result['result']}\n"
+			end
+			
+			print result_string
+		end
+
+		#
+		#
+		def to_yaml
+			result_string = String.new
+			@results.each do |result|
+				result_string << "vtresult:\n"
+				result_string << "  hash: #{result['hash']}\n"
+				result_string << "  md5: #{result['md5']}\n"
+				result_string << "  sha1: #{result['sha1']}\n"
+				result_string << "  sha256: #{result['sha256']}\n"
+				result_string << "  scanner: #{result['scanner']}\n"
+				result_string << "  detected: #{result['detected']}\n"
+				result_string << "  date: #{result['date']}\n"
+				result_string << "  permalink: #{result['permalink']}\n" unless result['permalink'] == nil
+				result_string << "  result: #{result['result']}\n\n"
+			end
+			
+			print result_string
+		end
+
+		#
+		#
+		def to_xml
+			result_string = String.new
+			@results.each do |result|
+				result_string << "\t<vtresult>\n"
+				result_string << "\t\t<hash>#{result['hash']}</hash>\n"
+				result_string << "\t\t<md5>#{result['md5']}</md5>\n"
+				result_string << "\t\t<sha1>#{result['sha1']}</sha1>\n"
+				result_string << "\t\t<sha256>#{result['sha256']}</sha256>\n"
+				result_string << "\t\t<scanner>#{result['scanner']}</scanner>\n"
+				result_string << "\t\t<detected>#{result['detected']}</detected>\n"
+				result_string << "\t\t<date>#{result['date']}</date>\n"
+				result_string << "\t\t<permalink>#{result['permalink']}</permalink>\n" unless result['permalink'] == nil
+				result_string << "\t\t<result>#{result['result']}</result>\n"
+				result_string << "\t</vtresult>\n"
+			end
+			
+			print result_string
+		end
+	end
+end

data/lib/uirusu/vturl.rb

@@ -0,0 +1,66 @@
+module Uirusu
+	#
+	#
+	module VTUrl
+		SCAN_URL = "https://www.virustotal.com/vtapi/v2/url/scan"
+		REPORT_URL = "http://www.virustotal.com/vtapi/v2/url/report"
+		
+		# Submits a URL to be scanned by Virustotal.com
+		#
+		# @param api_key Virustotal.com API key
+		# @param resource url to submit
+		#
+		# @return [JSON] Parsed response
+		def self.scan_url(api_key, resource)
+			if api_key == nil
+				raise "Invalid API Key"
+			end
+			
+			if resource == nil
+				raise "Invalid resource, must be a valid url"
+			end
+			
+			response = RestClient.post SCAN_URL, :apikey => api_key, :url => resource
+			
+			case response.code
+				when 429
+					raise "Virustotal limit reached. Try again later."
+				when 403
+					raise "Invalid privileges, please check your API key."
+				when 200
+					JSON.parse(response)
+				else
+					raise "Unknown Server error."
+			end	
+		end
+		
+		# Searchs reports by URL from Virustotal.com
+		#
+		# @param api_key Virustotal.com API key
+		# @param resource url to search
+		#
+		# @return [JSON] Parsed response
+		def self.query_report(api_key, resource)
+			if api_key == nil
+				raise "Invalid API Key"
+			end
+			
+			if resource == nil
+				raise "Invalid resource, must be a valid url"
+			end
+			
+			response = RestClient.post REPORT_URL, :apikey => api_key, :resource => resource
+			
+			case response.code
+				when 429
+					raise "Virustotal limit reached. Try again later."
+				when 403
+					raise "Invalid privileges, please check your API key."
+				when 200
+					JSON.parse(response)
+				else
+					raise "Unknown Server error."
+			end			
+		end
+	end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: uirusu
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-25 00:00:00.000000000 Z
+date: 2012-03-02 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &70221526495640 !ruby/object:Gem::Requirement
+  requirement: &70176306777160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 1.5.1
   type: :runtime
   prerelease: false
-  version_requirements: *70221526495640
+  version_requirements: *70176306777160
 - !ruby/object:Gem::Dependency
   name: rest-client
-  requirement: &70221526495100 !ruby/object:Gem::Requirement
+  requirement: &70176306776280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
         version: 1.6.1
   type: :runtime
   prerelease: false
-  version_requirements: *70221526495100
+  version_requirements: *70176306776280
 description: uirusu is library for interacting with Virustotal.org
 email: jacob.hammack@hammackj.com
 executables:
@@ -49,10 +49,14 @@ files:
 - Rakefile
 - README.markdown
 - TODO.markdown
+- lib/uirusu/cli/application.rb
+- lib/uirusu/vtcomment.rb
+- lib/uirusu/vtfile.rb
+- lib/uirusu/vtresult.rb
+- lib/uirusu/vturl.rb
 - lib/uirusu.rb
 - uirusu.gemspec
-- !binary |-
-  YmluL3VpcnVzdQ==
+- bin/uirusu
 homepage: http://github.com/hammackj/uirusu/
 licenses:
 - BSD
@@ -74,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.8.16
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.16
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: uirusu