python实现封装得到virustotal扫描结果
admin
2023-07-31 02:12:21
0次
本文实例讲述了python实现封装得到virustotal扫描结果的方法。分享给大家供大家参考。具体方法如下:
import simplejson
import urllib
import urllib2
import os, sys
import logging
try:
import sqlite3
except ImportError:
sys.stderr.write(\"ERROR: Unable to locate Python SQLite3 module. \" \\
\"Please verify your installation. Exiting...\\n\")
sys.exit(-1)
MD5 = \"5248f774d2ee0a10936d0b1dc89107f1\"
MD5 = \"12fa5fb74201d9b6a14f63fbf9a81ff6\" #do not have report on virustotal.com
APIKEY = \"xxxxxxxxxxxxxxxxxx\"用自己的
class VirusTotalDatabase:
\"\"\"
Database abstraction layer.
\"\"\"
def __init__(self, db_file):
log = logging.getLogger(\"Database.Init\")
self.__dbfile = db_file
self._conn = None
self._cursor = None
# Check if SQLite database already exists. If it doesn\'t exist I invoke
# the generation procedure.
if not os.path.exists(self.__dbfile):
if self._generate():
print(\"Generated database \\\"%s\\\" which didn\'t\" \\
\" exist before.\" % self.__dbfile)
else:
print(\"Unable to generate database\")
# Once the database is generated of it already has been, I can
# initialize the connection.
try:
self._conn = sqlite3.connect(self.__dbfile)
self._cursor = self._conn.cursor()
except Exception, why:
print(\"Unable to connect to database \\\"%s\\\": %s.\"
% (self.__dbfile, why))
log.debug(\"Connected to SQLite database \\\"%s\\\".\" % self.__dbfile)
def _generate(self):
\"\"\"
Creates database structure in a SQLite file.
\"\"\"
if os.path.exists(self.__dbfile):
return False
db_dir = os.path.dirname(self.__dbfile)
if not os.path.exists(db_dir):
try:
os.makedirs(db_dir)
except (IOError, os.error), why:
print(\"Something went wrong while creating database \" \\
\"directory \\\"%s\\\": %s\" % (db_dir, why))
return False
conn = sqlite3.connect(self.__dbfile)
cursor = conn.cursor()
cursor.execute(\"CREATE TABLE virustotal (\\n\" \\
\" id INTEGER PRIMARY KEY,\\n\" \\
\" md5 TEXT NOT NULL,\\n\" \\
\" Kaspersky TEXT DEFAULT NULL,\\n\" \\
\" McAfee TEXT DEFAULT NULL,\\n\" \\
\" Symantec TEXT DEFAULT NULL,\\n\" \\
\" Norman TEXT DEFAULT NULL,\\n\" \\
\" Avast TEXT DEFAULT NULL,\\n\" \\
\" NOD32 TEXT DEFAULT NULL,\\n\" \\
\" BitDefender TEXT DEFAULT NULL,\\n\" \\
\" Microsoft TEXT DEFAULT NULL,\\n\" \\
\" Rising TEXT DEFAULT NULL,\\n\" \\
\" Panda TEXT DEFAULT NULL\\n\" \\
\");\")
print \"create db:%s sucess\" % self.__dbfile
return True
def _get_task_dict(self, row):
try:
task = {}
task[\"id\"] = row[0]
task[\"md5\"] = row[1]
task[\"Kaspersky\"] = row[2]
task[\"McAfee\"] = row[3]
task[\"Symantec\"] = row[4]
task[\"Norman\"] = row[5]
task[\"Avast\"] = row[6]
task[\"NOD32\"] = row[7]
task[\"BitDefender\"] = row[8]
task[\"Microsoft\"] = row[9]
task[\"Rising\"] = row[10]
task[\"Panda\"] = row[11]
return task
except Exception, why:
return None
def add_sample(self, md5, virus_dict):
\"\"\"
\"\"\"
task_id = None
if not self._cursor:
return None
if not md5 or md5 == \"\":
return None
Kaspersky = virus_dict.get(\"Kaspersky\", None)
McAfee = virus_dict.get(\"McAfee\", None)
Symantec = virus_dict.get(\"Symantec\", None)
Norman = virus_dict.get(\"Norman\", None)
Avast = virus_dict.get(\"Avast\", None)
NOD32 = virus_dict.get(\"NOD32\", None)
BitDefender = virus_dict.get(\"BitDefender\", None)
Microsoft = virus_dict.get(\"Microsoft\", None)
Rising = virus_dict.get(\"Rising\", None)
Panda = virus_dict.get(\"Panda\", None)
self._conn.text_factory = str
try:
self._cursor.execute(\"SELECT id FROM virustotal WHERE md5 = ?;\",
(md5,))
sample_row = self._cursor.fetchone()
except sqlite3.OperationalError, why:
print \"sqlite3 error:%s\\n\" % str(why)
return False
if sample_row:
try:
sample_row = sample_row[0]
self._cursor.execute(\"UPDATE virustotal SET Kaspersky=?, McAfee=?, Symantec=?, Norman=?, Avast=?, \\
NOD32=?, BitDefender=?, Microsoft=?, Rising=?, Panda=? WHERE id = ?;\",
(Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender, Microsoft,\\
Rising, Panda, sample_row))
self._conn.commit()
task_id = sample_row
except sqlite3.OperationalError, why:
print(\"Unable to update database: %s.\" % why)
return False
else: #the sample not in the database
try:
self._cursor.execute(\"INSERT INTO virustotal \" \\
\"(md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\\
Microsoft, Rising, Panda) \" \\
\"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);\",
(md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\\
Microsoft, Rising, Panda))
self._conn.commit()
task_id = self._cursor.lastrowid
except sqlite3.OperationalError, why:
print \"why\",str(why)
return None
print \"add_to_db:%s, task_id:%s\" % (str(self.__dbfile), str(task_id))
return task_id
def get_sample(self):
\"\"\"
Gets a task from pending queue.
\"\"\"
log = logging.getLogger(\"Database.GetTask\")
if not self._cursor:
log.error(\"Unable to acquire cursor.\")
return None
# Select one item from the queue table with higher priority and older
# addition date which has not already been processed.
try:
self._cursor.execute(\"SELECT * FROM virustotal \" \\
#\"WHERE lock = 0 \" \\
#\"AND status = 0 \" \\
\"ORDER BY id, added_on LIMIT 1;\")
except sqlite3.OperationalError, why:
log.error(\"Unable to query database: %s.\" % why)
return None
sample_row = self._cursor.fetchone()
if sample_row:
return self._get_task_dict(sample_row)
else:
return None
def search_md5(self, md5):
\"\"\"
\"\"\"
if not self._cursor:
return None
if not md5 or len(md5) != 32:
return None
try:
self._cursor.execute(\"SELECT * FROM virustotal \" \\
\"WHERE md5 = ? \" \\
#\"AND status = 1 \" \\
\"ORDER BY id DESC;\",
(md5,))
except sqlite3.OperationalError, why:
return None
task_dict = {}
for row in self._cursor.fetchall():
task_dict = self._get_task_dict(row)
#if task_dict:
#tasks.append(task_dict)
return task_dict
class VirusTotal:
\"\"\"\"\"\"
def __init__(self, md5):
\"\"\"Constructor\"\"\"
self._virus_dict = {}
self._md5 = md5
self._db_file = r\"./db/virustotal.db\"
self.get_report_dict()
def repr(self):
return str(self._virus_dict)
def submit_md5(self, file_path):
import postfile
#submit the file
FILE_NAME = os.path.basename(file_path)
host = \"www.virustotal.com\"
selector = \"https://www.virustotal.com/vtapi/v2/file/scan\"
fields = [(\"apikey\", APIKEY)]
file_to_send = open(file_path, \"rb\").read()
files = [(\"file\", FILE_NAME, file_to_send)]
json = postfile.post_multipart(host, selector, fields, files)
print json
pass
def get_report_dict(self):
result_dict = {}
url = \"https://www.virustotal.com/vtapi/v2/file/report\"
parameters = {\"resource\": self._md5,
\"apikey\": APIKEY}
data = urllib.urlencode(parameters)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
json = response.read()
response_dict = simplejson.loads(json)
if response_dict[\"response_code\"]: #has result
scans_dict = response_dict.get(\"scans\", {})
for anti_virus_comany, virus_name in scans_dict.iteritems():
if virus_name[\"detected\"]:
result_dict.setdefault(anti_virus_comany, virus_name[\"result\"])
return result_dict
def write_to_db(self):
\"\"\"\"\"\"
db = VirusTotalDatabase(self._db_file)
virus_dict = self.get_report_dict()
db.add_sample(self._md5, virus_dict)
使用方法如下:
config = {\'input\':\"inputMd5s\"}
fp = open(config[\'input\'], \"r\")
content = fp.readlines()
MD5S = []
for md5 in ifilter(lambda x:len(x)>0, imap(string.strip, content)):
MD5S.append(md5)
print \"MD5S\",MD5S
fp.close()
from getVirusTotalInfo import VirusTotal
#得到扫描结果并写入数库
for md5 in MD5S:
virus_total = VirusTotal(md5)
virus_total.write_to_db()
希望本文所述对大家的Python程序设计有所帮助。
相关内容
热门资讯
500 行 Python 代码...
语法分析器描述了一个句子的语法结构,用来帮助其他的应用进行推理。自然语言引入了很多意外的歧义,以我们...
定时清理删除C:\Progra...
C:\Program Files (x86)下面很多scoped_dir开头的文件夹 写个批处理 定...
65536是2的几次方 计算2...
65536是2的16次方:65536=2⁶
65536是256的2次方:65536=256
6553...
Mobi、epub格式电子书如...
在wps里全局设置里有一个文件关联,打开,勾选电子书文件选项就可以了。
scoped_dir32_70...
一台虚拟机C盘总是莫名奇妙的空间用完,导致很多软件没法再运行。经过仔细检查发现是C:\Program...
pycparser 是一个用...
`pycparser` 是一个用 Python 编写的 C 语言解析器。它可以用来解析 C 代码并构...
小程序支付时提示:appid和...
[Q]小程序支付时提示:appid和mch_id不匹配
[A]小程序和微信支付没有进行关联,访问“小...
微信小程序使用slider实现...
众所周知哈,微信小程序里面的音频播放是没有进度条的,但最近有个项目呢,客户要求音频要有进度条控制,所...
Prometheus+Graf...
一,Prometheus概述
1,什么是Prometheus?Prometheus是最初在Sound...
python绘图库Matplo...
本文简单介绍了Python绘图库Matplotlib的安装,简介如下:
matplotlib是pyt...