Class: VirusTotal::VirusTotal

Inherits:
Object
  • Object
show all
Defined in:
lib/virustotal/virustotal.rb

Instance Method Summary collapse

Constructor Details

#initialize(api_key, timeout = 7, debug = false) ⇒ VirusTotal

Creates a new instance of the [VirusTotal] class



9
10
11
12
13
 
# File 'lib/virustotal/virustotal.rb', line 9

def initialize(api_key, timeout = 7, debug = false)
	@api_key = api_key
	@timeout = timeout.to_i
	@debug = debug
end

Instance Method Details

#query_hash(hash) ⇒ VirusTotalResult

Queries a single hash on virustotal.com

Returns:



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/virustotal/virustotal.rb', line 18

def query_hash hash
	begin
		puts "[*] Querying hash #{hash}" if @debug
		hash.chomp!
		if hash.include?('-')
				hash = hash.split('-')[0]
			end

		response = RestClient.post 'https://www.virustotal.com/api/get_file_report.json', { :resource => hash, :key => @api_key }
		results = VirusTotalResult.new hash, :hash, JSON.parse(response)
		
		return results
	rescue Exception => e		
		puts e.message
		puts e.backtrace.join("\n")
		STDERR.puts "[!] An error has occured. Retrying #{hash} in #{@timeout} seconds.\n"
		sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
		retry
	end
end

#query_site(url) ⇒ VirusTotalResult

Queries a single url on virustotal.com

Returns:



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/virustotal/virustotal.rb', line 42

def query_site url
	begin
		puts "[*] Querying url #{url}" if @debug

		response = RestClient.post 'https://www.virustotal.com/api/get_url_report.json', { :resource => url, :key => @api_key }
		results = VirusTotalResult.new url, :site, JSON.parse(response)
		
		return results
	rescue Exception => e		
		puts e.message
		puts e.backtrace.join("\n")
		STDERR.puts "[!] An error has occured. Retrying #{url} in #{@timeout} seconds\n"
		sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
		retry
	end
end

#query_upload(file) ⇒ Object

Fetch results from virustotal using a specific hash



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/virustotal/virustotal.rb', line 61

def query_upload file
	results = Array.new
	file = file.chomp

	begin
		puts "[*] Attempting to upload file #{file}" if @debug

		response = RestClient.post 'https://www.virustotal.com/api/scan_file.json', { :key => @api_key, :file => File.new(file, 'rb') }
		result = JSON.parse(response)

		puts "[*] File #{file} uploaded, waiting for results this could take several minutes..." if @debug

		if result['result']	== 1
			results = query_hash result['scan_id']
			
			while results.results[0]['result'] == "Hash Not Found"
				puts "[*] File has not been analyized yet, waiting 60 seconds to try again" if @debug
				sleep 60				
				results = query_hash result['scan_id']
			end
		elsif result['result'] == -2
			puts "[!] Virustotal limits exceeded, ***do not edit the time out values.***"
		else
			fres = Hash.new
			fres['hash'] = file
			fres['scanner'] = '-'
			fres['version'] = '-'
			fres['date'] = '-'
			fres['result'] = "File failed to upload"

			results.push fres
		end
	rescue Exception => e		
		puts e.message
		puts e.backtrace.join("\n")
		STDERR.puts "[!] An error has occured. Retrying #{file} in #{@timeout} seconds\n"
		sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
		retry
	end

	return results
end