python实现封装得到virustotal扫描结果

本文实例讲述了python实现封装得到virustotal扫描结果的方法。分享给大家供大家参考。具体方法如下:

import simplejson
import urllib
import urllib2
import os, sys
import logging 

try:
  import sqlite3
except ImportError:
  sys.stderr.write("ERROR: Unable to locate Python SQLite3 module. " \
           "Please verify your installation. Exiting...\n")
  sys.exit(-1) 

MD5 = "5248f774d2ee0a10936d0b1dc89107f1"
MD5 = "12fa5fb74201d9b6a14f63fbf9a81ff6" #do not have report on virustotal.com 

APIKEY = "xxxxxxxxxxxxxxxxxx"用自己的 

class VirusTotalDatabase:
  """
  Database abstraction layer.
  """
  def __init__(self, db_file):
    log = logging.getLogger("Database.Init")
    self.__dbfile = db_file
    self._conn = None
    self._cursor = None 

    # Check if SQLite database already exists. If it doesn't exist I invoke
    # the generation procedure.
    if not os.path.exists(self.__dbfile):
      if self._generate():
        print("Generated database \"%s\" which didn't" \
             " exist before." % self.__dbfile)
      else:
        print("Unable to generate database") 

    # Once the database is generated of it already has been, I can
    # initialize the connection.
    try:
      self._conn = sqlite3.connect(self.__dbfile)
      self._cursor = self._conn.cursor()
    except Exception, why:
      print("Unable to connect to database \"%s\": %s."
           % (self.__dbfile, why)) 

    log.debug("Connected to SQLite database \"%s\"." % self.__dbfile) 

  def _generate(self):
    """
    Creates database structure in a SQLite file.
    """
    if os.path.exists(self.__dbfile):
      return False 

    db_dir = os.path.dirname(self.__dbfile)
    if not os.path.exists(db_dir):
      try:
        os.makedirs(db_dir)
      except (IOError, os.error), why:
        print("Something went wrong while creating database " \
             "directory \"%s\": %s" % (db_dir, why))
        return False 

    conn = sqlite3.connect(self.__dbfile)
    cursor = conn.cursor() 

    cursor.execute("CREATE TABLE virustotal (\n"              \
            " id INTEGER PRIMARY KEY,\n"            \
            " md5 TEXT NOT NULL,\n"           \
            " Kaspersky TEXT DEFAULT NULL,\n"               \
            " McAfee TEXT DEFAULT NULL,\n"            \
            " Symantec TEXT DEFAULT NULL,\n"             \
            " Norman TEXT DEFAULT NULL,\n"             \
            " Avast TEXT DEFAULT NULL,\n"            \
            " NOD32 TEXT DEFAULT NULL,\n"         \
            " BitDefender TEXT DEFAULT NULL,\n"            \
            " Microsoft TEXT DEFAULT NULL,\n"            \
            " Rising TEXT DEFAULT NULL,\n"           \
            " Panda TEXT DEFAULT NULL\n"           \
            ");")
    print "create db:%s sucess" % self.__dbfile 

    return True 

  def _get_task_dict(self, row):
    try:
      task = {}
      task["id"] = row[0]
      task["md5"] = row[1]
      task["Kaspersky"] = row[2]
      task["McAfee"] = row[3]
      task["Symantec"] = row[4]
      task["Norman"] = row[5]
      task["Avast"] = row[6]
      task["NOD32"] = row[7]
      task["BitDefender"] = row[8]
      task["Microsoft"] = row[9]
      task["Rising"] = row[10]
      task["Panda"] = row[11]
      return task
    except Exception, why:
      return None 

  def add_sample(self, md5, virus_dict):
    """ 

    """
    task_id = None 

    if not self._cursor:
      return None
    if not md5 or md5 == "":
      return None 

    Kaspersky = virus_dict.get("Kaspersky", None)
    McAfee = virus_dict.get("McAfee", None)
    Symantec = virus_dict.get("Symantec", None)
    Norman = virus_dict.get("Norman", None)
    Avast = virus_dict.get("Avast", None)
    NOD32 = virus_dict.get("NOD32", None)
    BitDefender = virus_dict.get("BitDefender", None)
    Microsoft = virus_dict.get("Microsoft", None)
    Rising = virus_dict.get("Rising", None)
    Panda = virus_dict.get("Panda", None) 

    self._conn.text_factory = str
    try:
      self._cursor.execute("SELECT id FROM virustotal WHERE md5 = ?;",
                 (md5,))
      sample_row = self._cursor.fetchone()
    except sqlite3.OperationalError, why:
      print "sqlite3 error:%s\n" % str(why)
      return False 

    if sample_row:
      try:
        sample_row = sample_row[0]
        self._cursor.execute("UPDATE virustotal SET Kaspersky=?, McAfee=?, Symantec=?, Norman=?, Avast=?, \
                   NOD32=?, BitDefender=?, Microsoft=?, Rising=?, Panda=?  WHERE id = ?;",
                   (Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender, Microsoft,\
                   Rising, Panda, sample_row))
        self._conn.commit()
        task_id = sample_row
      except sqlite3.OperationalError, why:
        print("Unable to update database: %s." % why)
        return False
    else: #the sample not in the database
      try:
        self._cursor.execute("INSERT INTO virustotal " \
                   "(md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\
                    Microsoft, Rising, Panda) " \
                   "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);",
                   (md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\
                    Microsoft, Rising, Panda))
        self._conn.commit()
        task_id = self._cursor.lastrowid
      except sqlite3.OperationalError, why:
        print "why",str(why)
        return None
      print "add_to_db:%s, task_id:%s" % (str(self.__dbfile), str(task_id))
    return task_id 

  def get_sample(self):
    """
    Gets a task from pending queue.
    """
    log = logging.getLogger("Database.GetTask") 

    if not self._cursor:
      log.error("Unable to acquire cursor.")
      return None 

    # Select one item from the queue table with higher priority and older
    # addition date which has not already been processed.
    try:
      self._cursor.execute("SELECT * FROM virustotal " \
                 #"WHERE lock = 0 " \
                 #"AND status = 0 " \
                 "ORDER BY id, added_on LIMIT 1;")
    except sqlite3.OperationalError, why:
      log.error("Unable to query database: %s." % why)
      return None 

    sample_row = self._cursor.fetchone() 

    if sample_row:
      return self._get_task_dict(sample_row)
    else:
      return None 

  def search_md5(self, md5):
    """ 

    """
    if not self._cursor:
      return None 

    if not md5 or len(md5) != 32:
      return None 

    try:
      self._cursor.execute("SELECT * FROM virustotal " \
                 "WHERE md5 = ? " \
                 #"AND status = 1 " \
                 "ORDER BY id DESC;",
                 (md5,))
    except sqlite3.OperationalError, why:
      return None 

    task_dict = {}
    for row in self._cursor.fetchall():
      task_dict = self._get_task_dict(row)
      #if task_dict:
        #tasks.append(task_dict) 

    return task_dict 

class VirusTotal:
  """""" 

  def __init__(self, md5):
    """Constructor"""
    self._virus_dict = {}
    self._md5 = md5
    self._db_file = r"./db/virustotal.db"
    self.get_report_dict() 

  def repr(self):
    return str(self._virus_dict) 

  def submit_md5(self, file_path):
    import postfile
    #submit the file
    FILE_NAME = os.path.basename(file_path)  

    host = "www.virustotal.com"
    selector = "https://www.virustotal.com/vtapi/v2/file/scan"
    fields = [("apikey", APIKEY)]
    file_to_send = open(file_path, "rb").read()
    files = [("file", FILE_NAME, file_to_send)]
    json = postfile.post_multipart(host, selector, fields, files)
    print json
    pass 

  def get_report_dict(self):
    result_dict = {} 

    url = "https://www.virustotal.com/vtapi/v2/file/report"
    parameters = {"resource": self._md5,
            "apikey": APIKEY}
    data = urllib.urlencode(parameters)
    req = urllib2.Request(url, data)
    response = urllib2.urlopen(req)
    json = response.read() 

    response_dict = simplejson.loads(json)
    if response_dict["response_code"]: #has result
      scans_dict = response_dict.get("scans", {})
      for anti_virus_comany, virus_name in scans_dict.iteritems():
        if virus_name["detected"]:
          result_dict.setdefault(anti_virus_comany, virus_name["result"])
    return result_dict 

  def write_to_db(self):
    """"""
    db = VirusTotalDatabase(self._db_file)
    virus_dict = self.get_report_dict()
    db.add_sample(self._md5, virus_dict)

使用方法如下:

config = {'input':"inputMd5s"}
fp = open(config['input'], "r")
content = fp.readlines()
MD5S = []
for md5 in ifilter(lambda x:len(x)>0, imap(string.strip, content)):
  MD5S.append(md5)
print "MD5S",MD5S
fp.close() 

from getVirusTotalInfo import VirusTotal
#得到扫描结果并写入数库
for md5 in MD5S:
  virus_total = VirusTotal(md5)
  virus_total.write_to_db()

希望本文所述对大家的Python程序设计有所帮助。

(0)

相关推荐

  • python实现上传样本到virustotal并查询扫描信息的方法

    本文实例讲述了python实现上传样本到virustotal并查询扫描信息的方法.分享给大家供大家参考.具体方法如下: import simplejson import urllib import urllib2 import os MD5 = "5248f774d2ee0a10936d0b1dc89107f1" MD5 = "12fa5fb74201d9b6a14f63fbf9a81ff6" #do not have report on virustotal.co

  • python操作CouchDB的方法

    本文简单讲述了python操作CouchDB的方法,分享给大家供大家参考.具体方法如下: 1.安装python couchDb库: https://pypi.python.org/pypi/CouchDB/0.10 2.连接服务器 >>> import couchdb >>> couch = couchdb.Server('http://example.com:5984/') 3.创建数据库 >>> db = couch.create('test')

  • python求pi的方法

    本文实例讲述了python求pi的方法,是一篇翻译自国外网站的文章,分享给大家供大家参考. 具体实现方法如下: #_*_ coding=utf-8 *_* ## {{{ http://code.activestate.com/recipes/578130/ (r5) def pi(places=10): """Computes pi to given number of decimal places 参数places表示要返回的pi的小数点后位数 方法:先整体扩大10**8(

  • python批量提交沙箱问题实例

    本文实例讲述了python批量提交沙箱问题,分享给大家供大家参考.具体方法如下: 出现的问题如下: 1. Popen的使用,在linux下参数用列表传,不要用字符串传   否则可能会有"OSErrorror: [Errno 2] No such file or directory"错误 2. 列表要拷贝用 shutil模块中  不然会连续append..提交完第一个样本后,后面的提交参数就错了. 代码如下: import os from subprocess import Popen

  • python解析xml文件操作实例

    本文实例讲述了python解析xml文件操作的实现方法.分享给大家供大家参考.具体方法如下: xml文件内容如下: <?xml version="1.0" ?> <!--Simple xml document__chapter 8--> <book> <title> sample xml thing </title> <author> <name> <first> ma </first

  • python获取Linux下文件版本信息、公司名和产品名的方法

    本文实例讲述了python获取Linux下文件版本信息.公司名和产品名的方法,分享给大家供大家参考.具体如下: 区别于前文所述.本例是在linux下得到文件版本信息,主要是通过pefile模块解析文件 中的字符串得到的.代码如下: def _get_company_and_product(self, file_path): """ Read all properties of the given file return them as a dictionary. @retur

  • python实现简单的TCP代理服务器

    本文实例讲述了python实现简单的TCP代理服务器的方法,分享给大家供大家参考. 具体实现代码如下: # -*- coding: utf-8 -*- ''' filename:rtcp.py @desc: 利用python的socket端口转发,用于远程维护 如果连接不到远程,会sleep 36s,最多尝试200(即两小时) @usage: ./rtcp.py stream1 stream2 stream为:l:port或c:host:port l:port表示监听指定的本地端口 c:host

  • python实现调用其他python脚本的方法

    本文实例讲述了python实现调用其他python脚本的方法,分享给大家供大家参考.具体方法如下: 该实例调用当前目录下的md5get.py脚本.代码如下: import os import logging import subprocess log = logging.getLogger("Core.Analysis.Processing") INTERPRETER = "/usr/bin/python" if not os.path.exists(INTERPR

  • python求crc32值的方法

    本文实例讲述了python求crc32值的方法.分享给大家供大家参考.具体实现方法如下: 要想求CRC值,前面要import binascii binascii.crc32(v)  求出了v的crc32值,这是一个long型,形如-1456387L,把这个值&0xffffffff得到的值形如48a213L的形式. 然后把这个值用16进制表示出来. 具体代码如下: def _crc32(self, v): """ Generates the crc32 hash of

  • Python获取文件ssdeep值的方法

    本文实例讲述了Python获取文件ssdeep值的方法,分享给大家供大家参考.具体方法如下: 首先,得到ssdeep值,需要先import ssdeep 在ubuntu上安装pyssdeep时 一直出错  后来发现apt-cache search "ssdeep"时把几个全apt-get install 上,但问题依旧. 后来下载到pyssdeep的源文件 ,tar zxvf pyssdeep.tar.zip 然后 apt-get install python-dev 然后 pytho

  • python基于queue和threading实现多线程下载实例

    本文实例讲述了python基于queue和threading实现多线程下载的方法,分享给大家供大家参考.具体方法如下: 主代码如下: #download worker queue_download = Queue.Queue(0) DOWNLOAD_WORKERS = 20 for i in range(DOWNLOAD_WORKERS): DownloadWorker(queue_download).start() #start a download worker for md5 in MD5

随机推荐