The example in this article describes how Python implements encapsulation to get virustotal scan results. Share to everyone for your reference. The specific method is as follows:
Import Simplejson Import urllib import urllib2 import OS, sys import logging try:import sqlite3 except Import Error:sys.stderr.write ("error:unable to locate Python SQLite3 module." \ "Please verify your installatio N. exiting...\n ") sys.exit ( -1) MD5 =" 5248F774D2EE0A10936D0B1DC89107F1 "MD5 =" 12fa5fb74201d9b6a14f63fbf9a81ff6 " #do not have the virustotal.com Apikey = "xxxxxxxxxxxxxxxxxx" with its own class Virustotaldatabase: "" "Da
Tabase abstraction layer. "" "Def __init__ (Self, db_file): Log = Logging.getlogger (" Database.init ") Self.__dbfile = Db_file self._ conn = None Self._cursor = none # Check If SQLite database already exists.
If it doesn ' t exist I invoke # the generation procedure. If not os.path.exists (self.__dbfile): If Self._generate (): Print ("generated database \%s\" which didn ' t " \ "exist before."% Self.__dbfile) else:print ("unable To generate Database "] # Once The database is generated of it already has been, I can # initialize the Connec
tion. Try:self._conn = Sqlite3.connect (self.__dbfile) self._cursor = Self._conn.cursor () except Exception, W
Hy:print ("Unable to connect to database \%s\":%s. ")
% (Self.__dbfile, why)) Log.debug ("Connected to SQLite database \%s\". "% Self.__dbfile) def _generate (self):
"" "creates database structure in a SQLite file. ' "' If Os.path.exists (self.__dbfile): return False Db_dir = Os.path.dirname (self.__dbfile) if not Os.path.exists (Db_dir): Try:os.makedirs (Db_dir) except (IOError, Os.error), Why:print ("S Omething went wrong while creating database "\" directory \%s\ ":%s"% (Db_dir, why)) return Fals E conn = sqlite3.connect (self.__dbfile) cursor = Conn.cursor () cursor.execute ("CREATE TABLE VirustotAl (\ n "\" id INTEGER PRIMARY key,\n "\" MD5 TEXT not null,\n " \ "Kaspersky text default null,\n" \ "McAfee text default null,\n"
\ "Symantec text default null,\n" \ "Norman text default null,\n" \ "Avast text default null,\n" \ "NOD32 text default null,\n" \ " BitDefender text default null,\n "\" Microsoft TEXT default null,\n "\"
Rising text default null,\n "\" Panda text default null\n "\"); Print "Create db:%s sucess"% self.__dbfile return True def _get_task_dict (self, row): Try:task = {} task[' id] = row[0] task["MD5" = row[1] task["Kaspersky"] = row[2] task["McAfee" = row[3 ] task["Symantec"]= Row[4] task["Norman"] = row[5] task["Avast"] = row[6] task["NOD32"] = row[7] task["Bitdefend" er "] = row[8] task[" Microsoft "= row[9] task[" rising "] = row[10] task[" Panda "] = row[11] Retu
RN task except Exception, Why:return None def add_sample (self, MD5, virus_dict): "" "" "" "
TASK_ID = None if not Self._cursor:return None if not MD5 or MD5 = = ' ": Return None Kaspersky = Virus_dict.get ("Kaspersky", none) McAfee = Virus_dict.get ("McAfee", none) Symantec = Virus_dict.ge T ("Symantec", none) Norman = Virus_dict.get ("Norman", none) Avast = Virus_dict.get ("Avast", none) NOD32 = V Irus_dict.get ("NOD32", none) BitDefender = Virus_dict.get ("BitDefender", none) Microsoft = Virus_dict.get ("Micro Soft ", none) Rising = Virus_dict.get (" Rising ", none) Panda = Virus_dict.get (" Panda ", none) self._conn
. text_factory = str Try:self._cursor.execute ("SELECT ID from virustotal WHERE MD5 =?;", (MD5,)) Sample_row = Self._cursor.fetchone () except Sqlite3. Operationalerror, Why:print "sqlite3 error:%s\n"% str (why) return False if Sample_row:t Ry:sample_row = sample_row[0] Self._cursor.execute ("UPDATE virustotal SET kaspersky=?, mcafee=?, Symant ec=, norman=, avast=?, nod32=, bitdefender=, microsoft=, rising=?
WHERE id =?; ", (Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender, microsoft,\ Rising, Panda, Sample_row)) self._conn.commit () task_id = Sample_row except. Operationalerror, Why:print ("Unable to update database:%s"% why) return False else: #the sample Not in the database Try:self._cursor.execute (INSERT into VirusTotal "\" (MD5, KasPersky, McAfee, Symantec, Norman, Avast, NOD32, bitdefender,\ Microsoft, Rising, Panda) "\ "VALUES (?,?,?,?,?,?,?,?,?,?,?);", (MD5, Kaspersky, McAfee, Symantec, Norman, Ava St, NOD32, bitdefender,\ Microsoft, Rising, Panda) self._conn.commit () task_id = s Elf._cursor.lastrowid except Sqlite3. Operationalerror, Why:print "Why", str (why) return None print "add_to_db:%s, task_id:%s"% (Str (s
Elf.__dbfile), str (task_id)) return task_id def get_sample (self): "" "Gets a task from pending queue. "" "Log = Logging.getlogger (" Database.gettask ") If not self._cursor:log.error (" unable to acquire
Cursor. ") Return None # Select one item from the queue table with higher priority and older # addition date which has no
T already been processed. Try:self._cursor.execute ("Select * FROM VI")Rustotal "\ #" WHERE lock = 0 "\ #" and status = 0 "\" ORDER by ID,
added_on LIMIT 1; ") Except Sqlite3. Operationalerror, Why:log.error ("Unable to query database:%s"% why) return None Sample_row = self
. _cursor.fetchone () if Sample_row:return self._get_task_dict (sample_row) Else:return None def search_md5 (self, MD5): "" "" if not self._cursor:return None if not MD5 or Len (m d5)!= 32:return None try:self._cursor.execute ("SELECT * from VirusTotal" \ "whe RE MD5 =? "\ #" and status = 1 "\" ORDER by ID DESC; ", (MD5,)) except Sq Lite3. Operationalerror, Why:return None task_dict = {} for row in Self._cursor.fetchall (): task_dict
= Self._get_task_dict (Row) #if task_dict: #tasks. Append (task_dict) Return Task_dict class VirusTotal: "" "" "Def __init__ (self, MD5):" "" Constructor "" "Self._vi Rus_dict = {} SELF._MD5 = MD5 Self._db_file = r "./db/virustotal.db" Self.get_report_dict () def Rep
R (Self): return str (SELF._VIRUS_DICT) def submit_md5 (self, file_path): Import postfile
#submit the file file_name = Os.path.basename (File_path) Host = "www.virustotal.com" selector = "https://w Ww.virustotal.com/vtapi/v2/file/scan "fields = [(" Apikey ", apikey)] file_to_send = open (File_pat H, "RB"). Read () files = [("File", file_name, file_to_send)] json = Postfile.post_multipart (Host, selector, fields, files) Print JSON pass def get_report_dict (self): result_dict = {} URL = "Https://www.virustotal.com/vtapi/v2/file/report" parameters = {"Resource": SELF._MD5, "Apikey": apikey} data = Urllib.urlencode (parameters) req = Urllib2. Request (URL, data) response = Urllib2.urlopen (req) json = Response.read () response_dict = Simplejson.
Loads (JSON) if response_dict["Response_code": #has result scans_dict = Response_dict.get ("Scans", {}) For Anti_virus_comany, Virus_Name in Scans_dict.iteritems (): If virus_name["detected"]: Result_dict.s
Etdefault (Anti_virus_comany, virus_name["result"]) return result_dict def write_to_db (self): "" "" ""
db = Virustotaldatabase (self._db_file) virus_dict = Self.get_report_dict () db.add_sample (SELF._MD5, virus_dict)
Use the following methods:
Config = {' input ': ' inputmd5s '}
fp = open (config[' input ', ' r ')
content = Fp.readlines ()
md5s = [] for
MD5 in IFilter (Lambda X:len (x) >0, IMAP (STRING.STRIP, content)):
md5s.append (MD5)
print "md5s", md5s
Fp.close () from
getvirustotalinfo import virustotal
#得到扫描结果并写入数库 to
MD5 in md5s:
virus_total = VirusTotal (MD5)
virus_total.write_to_db ()
I hope this article will help you with your Python programming.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
