virustotalapi 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +5 -0
- data/README.rdoc +81 -0
- data/lib/virustotalapi.rb +66 -0
- data/virustotalapi.gemspec +13 -0
- metadata +68 -0
data/README.rdoc
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
|
2
|
+
== DESCRIPTION:
|
3
|
+
|
4
|
+
virustotalapi is a Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909
|
5
|
+
|
6
|
+
|
7
|
+
== FEATURES/PROBLEMS:
|
8
|
+
|
9
|
+
The module implements the following:
|
10
|
+
- Retrieve a file scan report
|
11
|
+
- Send and scan a file
|
12
|
+
- Retrieve a URL scan report
|
13
|
+
- Submit and scan a URL
|
14
|
+
|
15
|
+
== SYNOPSIS:
|
16
|
+
|
17
|
+
require 'virustotalapi'
|
18
|
+
|
19
|
+
mykey = 'INSERT YOUR KEY HERE'
|
20
|
+
vt = VirusTotal::API.new(mykey)
|
21
|
+
|
22
|
+
myfilehash = 'INSERT FILE HASH HERE'
|
23
|
+
out = vt.get_file_report(myfilehash)
|
24
|
+
p out
|
25
|
+
# May return the following values:
|
26
|
+
# VTAPI_REQ_SUCESS = 1
|
27
|
+
# VTAPI_NOT_FOUND = 0
|
28
|
+
# VTAPI_REQ_EXCEEDED = -2
|
29
|
+
# VTAPI_KEY_ERROR = -1
|
30
|
+
p vt.vtapistatus
|
31
|
+
|
32
|
+
myurl = 'INSERT URL HERE'
|
33
|
+
out = vt.get_url_report(myurl)
|
34
|
+
p out
|
35
|
+
p vt.vtapistatus
|
36
|
+
|
37
|
+
malfile = 'INSERT PATH TO YOUR FILE HERE'
|
38
|
+
out = vt.scan_file(malfile)
|
39
|
+
# Returns a hash value for later retrieval
|
40
|
+
p out
|
41
|
+
p vt.vtapistatus
|
42
|
+
|
43
|
+
myurl = 'INSERT URL HERE'
|
44
|
+
out = vt.scan_url(myurl)
|
45
|
+
# Returns a hash value for later retrieval
|
46
|
+
p out
|
47
|
+
p vt.vtapistatus
|
48
|
+
|
49
|
+
|
50
|
+
== REQUIREMENTS:
|
51
|
+
|
52
|
+
VirusTotal API Key
|
53
|
+
|
54
|
+
== INSTALL:
|
55
|
+
|
56
|
+
sudo gem install virustotalapi
|
57
|
+
|
58
|
+
== LICENSE:
|
59
|
+
|
60
|
+
(The MIT License)
|
61
|
+
|
62
|
+
Copyright (c) 2011 Jun C. Valdez
|
63
|
+
|
64
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
65
|
+
a copy of this software and associated documentation files (the
|
66
|
+
'Software'), to deal in the Software without restriction, including
|
67
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
68
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
69
|
+
permit persons to whom the Software is furnished to do so, subject to
|
70
|
+
the following conditions:
|
71
|
+
|
72
|
+
The above copyright notice and this permission notice shall be
|
73
|
+
included in all copies or substantial portions of the Software.
|
74
|
+
|
75
|
+
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
76
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
77
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
78
|
+
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
79
|
+
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
80
|
+
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
81
|
+
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -0,0 +1,66 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Copyright (c) 2011 Jun C. Valdez
|
4
|
+
# Code is distributed under the terms of an MIT style license
|
5
|
+
# http://www.opensource.org/licenses/mit-license
|
6
|
+
#
|
7
|
+
|
8
|
+
require 'rubygems'
|
9
|
+
require 'json'
|
10
|
+
require 'rest-client'
|
11
|
+
|
12
|
+
|
13
|
+
module VirusTotal
|
14
|
+
|
15
|
+
class API
|
16
|
+
|
17
|
+
VTAPI_REQ_SUCESS = 1
|
18
|
+
VTAPI_NOT_FOUND = 0
|
19
|
+
VTAPI_REQ_EXCEEDED = -2
|
20
|
+
VTAPI_KEY_ERROR = -1
|
21
|
+
|
22
|
+
GET_FILE_REPORT = 'https://www.virustotal.com/api/get_file_report.json'
|
23
|
+
SCAN_FILE = 'https://www.virustotal.com/api/scan_file.json'
|
24
|
+
GET_URL_REPORT = 'https://www.virustotal.com/api/get_url_report.json'
|
25
|
+
SCAN_URL = 'https://www.virustotal.com/api/scan_url.json'
|
26
|
+
|
27
|
+
attr_reader :vtapistatus
|
28
|
+
|
29
|
+
def initialize(key)
|
30
|
+
@apikey = key
|
31
|
+
end
|
32
|
+
|
33
|
+
def get_file_report(hash)
|
34
|
+
json = RestClient.post(GET_FILE_REPORT, 'key' => @apikey, 'resource' => hash)
|
35
|
+
dict = JSON.parse(json)
|
36
|
+
@vtapistatus = dict['result']
|
37
|
+
dict['report']
|
38
|
+
end
|
39
|
+
|
40
|
+
def scan_file(file)
|
41
|
+
json = RestClient.post(SCAN_FILE,
|
42
|
+
'key' => @apikey,
|
43
|
+
'file' => File.new(file, 'rb'),
|
44
|
+
'multipart' => true)
|
45
|
+
dict = JSON.parse(json)
|
46
|
+
@vtapistatus = dict['result']
|
47
|
+
dict['scan_id']
|
48
|
+
end
|
49
|
+
|
50
|
+
def get_url_report(url)
|
51
|
+
json = RestClient.post(GET_URL_REPORT, 'key' => @apikey, 'resource' => url)
|
52
|
+
dict = JSON.parse(json)
|
53
|
+
@vtapistatus = dict['result']
|
54
|
+
dict['report']
|
55
|
+
end
|
56
|
+
|
57
|
+
def scan_url(url)
|
58
|
+
json = RestClient.post(SCAN_URL, 'key' => @apikey, 'url' => url)
|
59
|
+
dict = JSON.parse(json)
|
60
|
+
@vtapistatus = dict['result']
|
61
|
+
dict['scan_id']
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require "rubygems"
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = "virustotalapi"
|
5
|
+
s.version = "0.0.1"
|
6
|
+
s.license = "MIT"
|
7
|
+
s.author = "Jun C. Valdez"
|
8
|
+
s.email = "rubygems@sploitlabs.com"
|
9
|
+
s.files = ["lib/virustotalapi.rb","README.rdoc", "History.txt","virustotalapi.gemspec"]
|
10
|
+
s.summary = "Implementation of the VirusTotal API in Ruby"
|
11
|
+
s.description = %q{virustotalapi is Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909}
|
12
|
+
end
|
13
|
+
|
metadata
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: virustotalapi
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 29
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
- 1
|
10
|
+
version: 0.0.1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Jun C. Valdez
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2011-09-11 00:00:00 Z
|
19
|
+
dependencies: []
|
20
|
+
|
21
|
+
description: virustotalapi is Ruby module that interfaces with the VirusTotal API via HTTP POST and JSON responses. The code was derived from Takahiro Matsuji's snippet at https://gist.gituhub.com/520909
|
22
|
+
email: rubygems@sploitlabs.com
|
23
|
+
executables: []
|
24
|
+
|
25
|
+
extensions: []
|
26
|
+
|
27
|
+
extra_rdoc_files: []
|
28
|
+
|
29
|
+
files:
|
30
|
+
- lib/virustotalapi.rb
|
31
|
+
- README.rdoc
|
32
|
+
- History.txt
|
33
|
+
- virustotalapi.gemspec
|
34
|
+
homepage:
|
35
|
+
licenses:
|
36
|
+
- MIT
|
37
|
+
post_install_message:
|
38
|
+
rdoc_options: []
|
39
|
+
|
40
|
+
require_paths:
|
41
|
+
- lib
|
42
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
43
|
+
none: false
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
hash: 3
|
48
|
+
segments:
|
49
|
+
- 0
|
50
|
+
version: "0"
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
|
+
none: false
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
hash: 3
|
57
|
+
segments:
|
58
|
+
- 0
|
59
|
+
version: "0"
|
60
|
+
requirements: []
|
61
|
+
|
62
|
+
rubyforge_project:
|
63
|
+
rubygems_version: 1.8.4
|
64
|
+
signing_key:
|
65
|
+
specification_version: 3
|
66
|
+
summary: Implementation of the VirusTotal API in Ruby
|
67
|
+
test_files: []
|
68
|
+
|