virustotalapi 0.0.1

data/History.txt

@@ -0,0 +1,5 @@
+=== 0.0.1 2011-09-11
+
+* Initial release 
+
+

data/README.rdoc

@@ -0,0 +1,81 @@
+
+== DESCRIPTION:
+
+virustotalapi is a Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909
+
+
+== FEATURES/PROBLEMS:
+
+The module implements the following: 
+- Retrieve a file scan report 
+- Send and scan a file 
+- Retrieve a URL scan report 
+- Submit and scan a URL 
+
+== SYNOPSIS:
+
+require 'virustotalapi'
+
+mykey = 'INSERT YOUR KEY HERE'
+vt = VirusTotal::API.new(mykey)
+
+myfilehash = 'INSERT FILE HASH HERE'
+out = vt.get_file_report(myfilehash)
+p out 
+# May return the following values:
+# VTAPI_REQ_SUCESS = 1
+# VTAPI_NOT_FOUND = 0
+# VTAPI_REQ_EXCEEDED = -2
+# VTAPI_KEY_ERROR = -1 
+p vt.vtapistatus 
+
+myurl = 'INSERT URL HERE' 
+out = vt.get_url_report(myurl)
+p out 
+p vt.vtapistatus 
+
+malfile = 'INSERT PATH TO YOUR FILE HERE'
+out = vt.scan_file(malfile)
+# Returns a hash value for later retrieval 
+p out 
+p vt.vtapistatus 
+
+myurl = 'INSERT URL HERE' 
+out = vt.scan_url(myurl)
+# Returns a hash value for later retrieval
+p out 
+p vt.vtapistatus 
+
+
+== REQUIREMENTS:
+
+VirusTotal API Key 
+
+== INSTALL:
+
+sudo gem install virustotalapi
+
+== LICENSE:
+
+(The MIT License)
+
+Copyright (c) 2011 Jun C. Valdez
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/virustotalapi.rb

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+#
+# Copyright (c) 2011 Jun C. Valdez
+# Code is distributed under the terms of an MIT style license
+# http://www.opensource.org/licenses/mit-license
+#
+
+require 'rubygems'
+require 'json'
+require 'rest-client'
+
+
+module VirusTotal
+  
+  class API
+
+    VTAPI_REQ_SUCESS = 1
+    VTAPI_NOT_FOUND = 0
+    VTAPI_REQ_EXCEEDED = -2
+    VTAPI_KEY_ERROR = -1 
+    
+    GET_FILE_REPORT = 'https://www.virustotal.com/api/get_file_report.json'
+    SCAN_FILE = 'https://www.virustotal.com/api/scan_file.json'
+    GET_URL_REPORT = 'https://www.virustotal.com/api/get_url_report.json'
+    SCAN_URL = 'https://www.virustotal.com/api/scan_url.json'
+  
+    attr_reader :vtapistatus
+    
+    def initialize(key)
+      @apikey = key 
+    end
+    
+    def get_file_report(hash)
+      json = RestClient.post(GET_FILE_REPORT, 'key' => @apikey, 'resource' => hash)
+      dict = JSON.parse(json)
+      @vtapistatus = dict['result']
+      dict['report'] 
+    end
+    
+    def scan_file(file)
+      json = RestClient.post(SCAN_FILE,
+                            'key' => @apikey,
+                            'file' => File.new(file, 'rb'),
+                            'multipart' => true)
+      dict = JSON.parse(json)
+      @vtapistatus = dict['result']
+      dict['scan_id'] 
+    end
+    
+    def get_url_report(url)
+      json = RestClient.post(GET_URL_REPORT, 'key' => @apikey, 'resource' => url)
+      dict = JSON.parse(json)
+      @vtapistatus = dict['result']
+      dict['report'] 
+    end
+    
+    def scan_url(url)
+      json = RestClient.post(SCAN_URL, 'key' => @apikey, 'url' => url)
+      dict = JSON.parse(json)
+      @vtapistatus = dict['result']
+      dict['scan_id'] 
+    end
+    
+  end
+end
+

data/virustotalapi.gemspec

@@ -0,0 +1,13 @@
+require "rubygems"
+
+Gem::Specification.new do |s|
+    s.name = "virustotalapi"
+    s.version = "0.0.1"
+    s.license = "MIT"
+    s.author = "Jun C. Valdez"
+    s.email = "rubygems@sploitlabs.com"
+    s.files = ["lib/virustotalapi.rb","README.rdoc", "History.txt","virustotalapi.gemspec"]
+    s.summary = "Implementation of the VirusTotal API in Ruby" 
+    s.description = %q{virustotalapi is Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909}
+end
+

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification 
+name: virustotalapi
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Jun C. Valdez
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-09-11 00:00:00 Z
+dependencies: []
+
+description: virustotalapi is Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909
+email: rubygems@sploitlabs.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/virustotalapi.rb
+- README.rdoc
+- History.txt
+- virustotalapi.gemspec
+homepage: 
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.4
+signing_key: 
+specification_version: 3
+summary: Implementation of the VirusTotal API in Ruby
+test_files: []
+