Class: VirusTotal::VirusTotal

Inherits:
Object
  • Object
show all
Defined in:
lib/virustotal/virustotal.rb

Instance Method Summary collapse

Constructor Details

#initialize(api_key, timeout = 7, debug = false) ⇒ VirusTotal

Creates a new instance of the [VirusTotal] class



9
10
11
12
13
 
# File 'lib/virustotal/virustotal.rb', line 9

def initialize(api_key, timeout = 7, debug = false)
  @api_key = api_key
  @timeout = timeout.to_i
  @debug = debug
end

Instance Method Details

#query_hash(hash) ⇒ VirusTotalResult

Queries a single hash on virustotal.com

Returns:



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/virustotal/virustotal.rb', line 18

def query_hash hash
  begin
    puts "[*] Querying hash #{hash}" if @debug
    hash.chomp!
    if hash.include?('-')
        hash = hash.split('-')[0]
      end

    response = RestClient.post 'https://www.virustotal.com/api/get_file_report.json', { :resource => hash, :key => @api_key }
    results = VirusTotalResult.new hash, :hash, JSON.parse(response)
    
    return results
  rescue Exception => e    
    puts e.message
    puts e.backtrace.join("\n")
    STDERR.puts "[!] An error has occured. Retrying #{hash} in #{@timeout} seconds.\n"
    sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
    retry
  end
end

#query_site(url) ⇒ VirusTotalResult

Queries a single url on virustotal.com

Returns:



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/virustotal/virustotal.rb', line 42

def query_site url
  begin
    puts "[*] Querying url #{url}" if @debug

    response = RestClient.post 'https://www.virustotal.com/api/get_url_report.json', { :resource => url, :key => @api_key }
    results = VirusTotalResult.new url, :site, JSON.parse(response)
    
    return results
  rescue Exception => e    
    puts e.message
    puts e.backtrace.join("\n")
    STDERR.puts "[!] An error has occured. Retrying #{url} in #{@timeout} seconds\n"
    sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
    retry
  end
end

#query_upload(file) ⇒ Object

Fetch results from virustotal using a specific hash



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/virustotal/virustotal.rb', line 61

def query_upload file
  results = Array.new
  file = file.chomp

  begin
    puts "[*] Attempting to upload file #{file}" if @debug

    response = RestClient.post 'https://www.virustotal.com/api/scan_file.json', { :key => @api_key, :file => File.new(file, 'rb') }
    result = JSON.parse(response)

    puts "[*] File #{file} uploaded, waiting for results this could take several minutes..." if @debug

    if result['result'] == 1
      results = query_hash result['scan_id']
      
      while results.results[0]['result'] == "Hash Not Found"
        puts "[*] File has not been analyized yet, waiting 60 seconds to try again" if @debug
        sleep 60        
        results = query_hash result['scan_id']
      end
    elsif result['result'] == -2
      puts "[!] Virustotal limits exceeded, ***do not edit the time out values.***"
    else
      fres = Hash.new
      fres['hash'] = file
      fres['scanner'] = '-'
      fres['version'] = '-'
      fres['date'] = '-'
      fres['result'] = "File failed to upload"

      results.push fres
    end
  rescue Exception => e    
    puts e.message
    puts e.backtrace.join("\n")
    STDERR.puts "[!] An error has occured. Retrying #{file} in #{@timeout} seconds\n"
    sleep @timeout #So we do not DOS virustotal.com we wait at least 5 seconds between each query
    retry
  end

  return results
end