VirustotalAPI
This is a copy of virustotal_api to be made compatible with logstash dependencies and gemfile. (old json 1.8.6)
Ruby Gem for VirusTotal V3 API. If you want the version 2, check out the gem versions up to 0.4.0.
Installation
Add this line to your application's Gemfile:
gem 'virustotal_api'
And then execute:
$ bundle
Or install it yourself as:
$ gem install virustotal_api
Usage
VirusTotal only allows 4 queries per minute for their Public API. https://www.virustotal.com/en/faq/
You will need a Private API Key if you require more queries per minute.
File Find
require 'virustotal_api'
sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
api_key = 'MY_API_KEY'
vtreport = VirustotalAPI::File.find(sha256, api_key)
# Does the resource have any results?
vtreport.exists?
# => true
# URL for File Report (if it exists)
vtreport.report_url
# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
# Report results (if they exist) are available via #report
vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
# Check whether an Antivirus detected this sample or not
vtreport.detected_by('ClamAV')
# => false
File Upload
require 'virustotal_api'
file = '/path/to/file'
api_key = 'MY_API_KEY'
# for upload file
vtscan = VirustotalAPI::File.upload(file, api_key)
# or large file (more than 32MB)
vtscan = VirustotalAPI::File.upload_large(file, api_key)
# Virustotal ID of file
vtscan.id
# => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
# Response results are available via #response
vtscan.report
# =>
{"data"=>
{"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
"type"=>"analysis"}}
File Analyse
require 'virustotal_api'
sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
api_key = 'MY_API_KEY'
vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
# Virustotal ID of file
vtrescan.id
# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
# Response results are available via #response
vtrescan.report
# =>
{"data"=>
{"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
"type"=>"analysis"}}
URL find
require 'virustotal_api'
url = 'http://www.google.com'
api_key = 'MY_API_KEY'
vturl_report = VirustotalAPI::URL.find(url, api_key)
# Does the resource have any results?
vturl_report.exists?
# => true
# URL for Report (if it exists)
vturl_report.report_url
# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf"
# Report results (if they exist) are available via #report
vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
URL Upload
require 'virustotal_api'
url = 'http://www.google.com'
api_key = 'MY_API_KEY'
vturl_scan = VirustotalAPI::URL.upload(url, api_key)
# Virustotal ID of file
vturl_scan.id
# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
# Response results are available via #response
vturl_scan.report
# =>
{"data"=>
{"id"=>
"u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
"type"=>"analysis"}}
IP Find
require 'virustotal_api'
ip = '8.8.8.8'
api_key = 'MY_API_KEY'
vtip_report = VirustotalAPI::IP.find(ip, api_key)
# Does the resource have any results?
vtip_report.exists?
# => true
# URL for Report (if it exists)
vtip_report.report_url
# => "https://www.virustotal.com/api/v3/ip_addresses/8.8.8.8"
# Report results (if they exist) are available via #report
vtip_report.report
# => Hash of report results
Domain Find
require 'virustotal_api'
domain = 'virustotal.com'
api_key = 'MY_API_KEY'
vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
# Does the resource have any results?
vtdomain_report.exists?
# => true
# URL for Report (if it exists)
vtdomain_report.report_url
# => "https://www.virustotal.com/api/v3/domains/virustotal.com"
# Report results (if they exist) are available via #report
vtdomain_report.report
# => Hash of report results
User Find
require 'virustotal_api'
user_key = 'user_key' # user_id or api_key
api_key = 'MY_API_KEY'
vtuser_report = VirustotalAPI::User.find(user_key, api_key)
# Does the resource have any results?
vtuser_report.exists?
# => true
# Report results (if they exist) are available via #report
vtuser_report.report
# => Hash of report results
Group Find
require 'virustotal_api'
group_id = 'GROUP_id'
api_key = 'MY_API_KEY'
vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
# Does the resource have any results?
vtgroup_report.exists?
# => true
# Report results (if they exist) are available via #report
vtgroup_report.report
# => Hash of report results
Contributors
Contributing
- Fork it ( https://github.com/pwelch/virustotal_api/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request