본문 바로가기
예제코드
2014.02.20 07:40

Perl script to push samples to Virustotal

조회 수 5909 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

** install required perl modules

sudo cpan
o conf prerequisites_policy follow
o conf commit
install LWP::UserAgent
install JSON
install Mozilla::CA


vi vtupload.pl  
#!/usr/bin/perl

# This script is heavily based (to say the least) on the work done by cfrenz (http://perlgems.blogspot.se/2012/05/using-virustotal-api-v20.html My aim was to add some functionality to the original script. 
# Usage: vtupload.pl <sample> or just do a loop through your sample repository and pipe the result to a file(s) for later 
# analyses. Which makes it easy to push loads of samples to VT.
# /Micke @nsmfoo 

# Org comments:
# Copyright 2012- Christopher M. Frenz
# This script is free software - it may be used, copied, redistributed, and/or modified
# under the terms laid forth in the Perl Artistic License

use LWP::UserAgent;
use JSON;

#Code to submit a file to Virus Total
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });
my $url='https://www.virustotal.com/vtapi/v2/file/scan';

my $key='VT-API KEY';

my $response = $ua->post( $url,
    Content_Type => 'multipart/form-data',
    Content => ['apikey' => $key,
    'file' => [$ARGV[0]]]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
my $results=$response->content;

#pulls the sha256 value out of the JSON response
my $json = JSON->new->allow_nonref;   
my $decjson = $json->decode( $results);
my $sha256=$decjson->{"sha256"};

#Code to retrieve the results that pertain to a submitted file by hash value
$url='https://www.virustotal.com/vtapi/v2/file/report';

$response = $ua->post( $url,
    ['apikey' => $key,
    'resource' => $sha256]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
$results=$response->content;

$json = JSON->new->allow_nonref;   
$decjson = $json->decode($results);

# print selected values from the json file
print "-----------------------------------------------------------------------\n";
print "Sample name: ". $ARGV[0]."\n";
print "Scan ID:  ".$decjson->{"scan_id"}."\n";
print "Scan Date:  ".$decjson->{"scan_date"}."\n";
print "SHA256: ".$decjson->{"sha256"}."\n";
print "MD5: ".$decjson->{"md5"}."\n";
print "Detection rate: ".$decjson->{"positives"}. "/".$decjson->{"total"}."\n";
print "Verbose Message: ".$decjson->{"verbose_msg"}."\n";

print "-----------------------------------------------------------------------\n";
# print AV engines status per vendor
print "Scan results: \n";
for my $key1 ( sort keys %$decjson ) {
        for my $key2 ( sort keys %{$decjson->{ $key1 }} ) {
            print "\t$key2\n";
     
            for my $key3 ( sort keys %{$decjson->{ $key1 }->{ $key2 }} ) {
                print "\t\t$key3 => $decjson->{ $key1 }->{ $key2 }->{ $key3 }\n";
            }
        }

   }

print "\nURL: ".$decjson->{"permalink"}."\n";


Title
List of Articles
번호 분류 제목 글쓴이 날짜 조회 수
공지 기본정보 Regular Expression Reference Hojung 2012.12.03 20844
공지 기본정보 모듈 설치방법 Hojung 2012.10.31 17806
공지 기본정보 Activestate 설치 + PATH 설정 + 모듈 설치 Hojung 2010.04.19 36078
» 예제코드 Perl script to push samples to Virustotal Hojung 2014.02.20 5909
63 예제코드 TS 디렉토리에서 techsupport 찾아 모델별로 mv 명령 출력 (File::Find) Hojung 2013.01.22 8324
62 예제코드 How can I read in an entire file all at once?: Hojung 2013.01.14 8881
61 예제코드 Perl Expect ssh and scp example script Hojung 2012.12.23 12197
60 기본정보 How to install HTML::HTMLDoc from Mac Hojung 2012.11.19 8074
59 기본정보 How to install module (모듈 설치방법 3가지) Hojung 2012.11.19 7823
58 기본정보 How to uninstall module from CPAN Hojung 2012.11.19 7987
57 예제코드 turning seconds into days, hours, minutes and seconds Hojung 2012.11.12 7745
56 예제코드 How to print Unix timestamp Hojung 2012.11.12 9482
55 기본정보 MAC에서 HTML::HTMLDoc 설치하기 Hojung 2012.10.31 8335
54 기본정보 Mac에서 PDF::FromHTML 모듈 설치하기 Hojung 2012.10.31 8034
53 기본정보 CPAN: Automatically install dependencies without confirmation Hojung 2012.10.31 8875
52 예제코드 WWW::Mechanize::Firefox file Hojung 2012.10.30 9917
51 예제코드 Get number of elements in an array and a hash Hojung 2012.06.04 7311
50 예제코드 Cross-platform cross-environment RPC server creation Hojung 2012.05.30 7677
49 예제코드 인수가 이메일형식인지 확인 Hojung 2012.03.11 7951
48 예제코드 How to keep session in Perl CGI Hojung 2012.03.07 7878
47 기본정보 CGI::Session::Tutorial Hojung 2012.03.06 8243
Board Pagination ‹ Prev 1 2 3 4 Next ›
/ 4

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5