{
"info": {
"author": "Philip Martin",
"author_email": "phillip.martin@gmail.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Environment :: Console",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: MIT License",
"Programming Language :: Python",
"Topic :: Security",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": "virustotal2\n===========\n\n|Build Status|\n\nA portable, Pythonic and complete implementation of the\n`Virustotal `__ `Public\nAPI `__. It\nwould also implement the Private API if VT would like to give me\naccess... :)\n\nThis module is heavily inspired by, and borrows some code from, the\n`virustotal `__ module. In\nparticular, it uses the same rate limiting logic and deals with report\nupdating in the same way. I ended up re-writing the module from scratch,\nhowever, and in the process made some new choices that broke backwards\ncompatibility. Thus, we have virustotal2.\n\nPrerequisites\n-------------\n\nExample\n-------\n\n::\n\n import virustotal2\n import urllib2\n import csv\n\n vt = virustotal2.VirusTotal2(\"b2510b80fec019d8b6896a8e575022690efecdfa858d1077c75b37dae5f4621e\")\n\n mdl_content = urllib2.urlopen(\"http://www.malwaredomainlist.com/updatescsv.php\")\n mdl_csv = csv.reader(mdl_content)\n\n for line in mdl_csv:\n ip=line[2].split(\"/\")[0]\n try:\n ip_report = vt.retrieve(ip) #get the VT IP report for this IP\n except:\n print \"API error: on ip \" + ip\n\n total_pos = sum([u[\"positives\"] for u in ip_report.detected_urls])\n total_scan = sum([u[\"total\"] for u in ip_report.detected_urls])\n count = len(ip_report.detected_urls)\n\n print str(count)+\" URLs hosted on \"+ip+\" are called malicious by (on average) \" + \\\n str(int(total_pos/count)) + \" / \" + str(int(total_scan/count)) + \" scanners\"\n\nHow To Use\n----------\n\nInstall\n~~~~~~~\n\n::\n\n pip install virustotal2\n\nImport\n~~~~~~\n\n::\n\n import virustotal2\n\nInstantiate\n~~~~~~~~~~~\n\n::\n\n vt2=virustotal2.VirusTotal2(API_KEY)\n\nOptionally, you can pass limit\\_per\\_min, which is the number of queries\nyou can perform per minute. 4 is the default.\n\nRetrieve a report\n~~~~~~~~~~~~~~~~~\n\nUse the method retrieve() to get an existing report from VirusTotal.\nThis method's first argument can be:\n\n- an MD5, SHA1 or SHA256 of a file or a list of up to 4 hashes\n- a path to a file or list of paths to files\n- a base64-encoded version of a file or list of paths to files\n (filename must end in .base64!)\n- a URL or a list of URLs\n- an IP address or a list of IP addresses\n- a domain name\n\nretrieve() will attempt to auto-detect what you're giving it. If you\nwant to be explicit, you can use the thing\\_type parameter with the\nvalues:\n\n- ip\n- domain\n- hash\n- file\n- base64\n- url\n\nFinally, if you want raw JSON back, as opposed to a VirusTotal2Report\nobject, you can pass in raw=True.\n\nIf you pass retrieve() a list of items, you will get a list of reports\nback in the same order.\n\nScan a new file\n~~~~~~~~~~~~~~~\n\nUse the scan() method to scan a new URL or file. This method's first\nargument can be:\n\n- a path to a file\n- a url or list of up to 4 URLs\n- a hash or a list of up to 25 hashes (for re-scanning only!)\n\nscan() will attempt to auto-detect what you're giving it. If you want to\nbe explicit, you can use the type parameter with the values:\n\n- file\n- base64\n- url\n\nIf you want raw JSON back, as opposed to a VirusTotal2Report object, you\ncan pass in raw = True.\n\nFinally, if you want force a reanalysis of the resource you are passing\nin, set rescan = True. Note that the VirusTotal API currently does not\nallow URLs to be reanalyzed.\n\nIf you pass scan() a list of items, you will get a list of reports back\nin the same order. In order to preserve that semantic, if you pass in a\nlist of files, some of which are invalid, you will get a list of reports\nand None back.\n\nUsing a Report\n~~~~~~~~~~~~~~\n\nThe retrieve() and scan() methods return VirusTotal2Report objects.\nThese objects have some useful methods and also act as pass-thrus to the\nunderlying JSON.\n\nwait()\n^^^^^^\n\nThis method blocks until the file or URL you've submitted for scanning\nis finished scanning. THIS CAN TAKE A VERY LONG TIME.\n\nrescan()\n^^^^^^^^\n\nrequests virustotal to rescan the sample that created the current\nreport. This is only valid for file or hash reports. This method\nmodifies the current report rather than returning a new report object,\nso the following is normal:\n\n::\n\n >>> import virustotal2\n >>> vt = virustotal2.VirusTotal2(API_KEY)\n >>> report = vt.get(\"www.evilsite.com/evil.exe\")\n >>> report.status()\n analyzing\n >>> report.wait()\n >>> report.status()\n ok\n >>> report.rescan()\n >>> report.status()\n analyzing\n >>> report.wait()\n >>> report.status()\n ok\n\nupdate()\n^^^^^^^^\n\nchecks to see if virustotal has completed it's analysis yet and if so it\npull down the new JSON.\n\nReferences\n----------\n\n`Virustotal Public\nAPI `__\n\n.. |Build Status| image:: https://travis-ci.org/Phillipmartin/virustotal2.svg?branch=master\n :target: https://travis-ci.org/Phillipmartin/virustotal2",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/Phillipmartin/virustotal2",
"keywords": null,
"license": "MIT",
"maintainer": null,
"maintainer_email": null,
"name": "virustotal2",
"package_url": "https://pypi.org/project/virustotal2/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/virustotal2/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "https://github.com/Phillipmartin/virustotal2"
},
"release_url": "https://pypi.org/project/virustotal2/1.1/",
"requires_dist": null,
"requires_python": null,
"summary": "Complete, Pythonic VirusTotal Public API 2.0 client",
"version": "1.1"
},
"last_serial": 1171141,
"releases": {
"1.0": [
{
"comment_text": "",
"digests": {
"md5": "f8267f7f4a58c35ca05e993345bc936c",
"sha256": "98184ba89548a4a5c5ef90936f14971fc9181b524b0a7b10b2ffb22842e1e6d5"
},
"downloads": -1,
"filename": "virustotal2-1.0-py2.7.egg",
"has_sig": false,
"md5_digest": "f8267f7f4a58c35ca05e993345bc936c",
"packagetype": "bdist_egg",
"python_version": "2.7",
"requires_python": null,
"size": 13343,
"upload_time": "2014-05-31T21:56:45",
"url": "https://files.pythonhosted.org/packages/cf/b0/8514bd888f6bab21717429d79818d774c0b7777a5cf05ff50a7e2b34f6a2/virustotal2-1.0-py2.7.egg"
},
{
"comment_text": "",
"digests": {
"md5": "8972736d0f24e90ffb1696c964876b2a",
"sha256": "485e305a6ce404dcbbeeb5abde21a0d151bc6fe9d018a61e5b6904a62d1f7f90"
},
"downloads": -1,
"filename": "virustotal2-1.0.tar.gz",
"has_sig": false,
"md5_digest": "8972736d0f24e90ffb1696c964876b2a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 8162,
"upload_time": "2014-05-31T22:07:43",
"url": "https://files.pythonhosted.org/packages/4f/ce/6e799cdceb16b34e001fbd360704d2f79b9b2f25cc3e504d3b2617a4fdeb/virustotal2-1.0.tar.gz"
}
],
"1.1": [
{
"comment_text": "",
"digests": {
"md5": "2e168a0df9c9cb6872ed1a835e3bc658",
"sha256": "560143b56d71e298f50da66faab0b2066099dd1f4a43ebc1add4f97d92fb3d77"
},
"downloads": -1,
"filename": "virustotal2-1.1-py2.7.egg",
"has_sig": false,
"md5_digest": "2e168a0df9c9cb6872ed1a835e3bc658",
"packagetype": "bdist_egg",
"python_version": "2.7",
"requires_python": null,
"size": 13436,
"upload_time": "2014-07-27T22:20:59",
"url": "https://files.pythonhosted.org/packages/3d/f5/1e6a4e33746a4ac98eac2d8084d1773f7960a42c4f510fe791afd5dd63d8/virustotal2-1.1-py2.7.egg"
},
{
"comment_text": "",
"digests": {
"md5": "41a95bdc8ab1fa85104f546a0fc3582a",
"sha256": "302f4d89166f5fd762c8ac3d52172dc9031eb36f41bfb8be26b626f949393cc5"
},
"downloads": -1,
"filename": "virustotal2-1.1.tar.gz",
"has_sig": false,
"md5_digest": "41a95bdc8ab1fa85104f546a0fc3582a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 8881,
"upload_time": "2014-07-27T22:20:56",
"url": "https://files.pythonhosted.org/packages/d1/65/62fa1496f67c4cf224edbc511e05fed0c4769e24167d9c23289c8a477d21/virustotal2-1.1.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "2e168a0df9c9cb6872ed1a835e3bc658",
"sha256": "560143b56d71e298f50da66faab0b2066099dd1f4a43ebc1add4f97d92fb3d77"
},
"downloads": -1,
"filename": "virustotal2-1.1-py2.7.egg",
"has_sig": false,
"md5_digest": "2e168a0df9c9cb6872ed1a835e3bc658",
"packagetype": "bdist_egg",
"python_version": "2.7",
"requires_python": null,
"size": 13436,
"upload_time": "2014-07-27T22:20:59",
"url": "https://files.pythonhosted.org/packages/3d/f5/1e6a4e33746a4ac98eac2d8084d1773f7960a42c4f510fe791afd5dd63d8/virustotal2-1.1-py2.7.egg"
},
{
"comment_text": "",
"digests": {
"md5": "41a95bdc8ab1fa85104f546a0fc3582a",
"sha256": "302f4d89166f5fd762c8ac3d52172dc9031eb36f41bfb8be26b626f949393cc5"
},
"downloads": -1,
"filename": "virustotal2-1.1.tar.gz",
"has_sig": false,
"md5_digest": "41a95bdc8ab1fa85104f546a0fc3582a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 8881,
"upload_time": "2014-07-27T22:20:56",
"url": "https://files.pythonhosted.org/packages/d1/65/62fa1496f67c4cf224edbc511e05fed0c4769e24167d9c23289c8a477d21/virustotal2-1.1.tar.gz"
}
]
}