MCPcopy
hub / github.com/jipegit/OSXAuditor / VTLookup

Function VTLookup

osxauditor.py:286–321  ·  view source on GitHub ↗

Perform of lookup in VirusTotal database

()

Source from the content-addressed store, hash-verified

284 PrintAndLog(line.decode('utf-8'), 'WARNING')
285
286def VTLookup():
287 ''' Perform of lookup in VirusTotal database '''
288
289 PrintAndLog(u'Virustotal lookup', 'SECTION')
290 PrintAndLog(u'Got %s hashes to verify' % len(HASHES), 'DEBUG')
291
292 try:
293 param = { 'resource': ','.join(HASHES), 'apikey': VT_API_KEY }
294 data = urllib.urlencode(param)
295 f = urllib2.urlopen(VT_HOST, data)
296 data = f.read()
297
298 except (urllib2.HTTPError, e):
299 if e.code == 401:
300 PrintAndLog(u'Wrong VirusTotal key', 'ERROR')
301 else:
302 PrintAndLog(u'VirusTotal error '+str(e.code)+' '+str(e.reason).decode('utf-8'), 'ERROR')
303
304 Ret = json.loads(data)
305
306 Results = []
307 if type(Ret) is dict:
308 Results.append(Ret)
309 elif type(Ret) is list:
310 Results = Ret
311
312 for Entry in Results:
313 if Entry['response_code'] == 1:
314 if Entry['positives'] > 0:
315 PrintAndLog(Entry['md5'] + u' ' + Entry['scan_date'] + u' ' + str(Entry['positives']) + u'/' + str(Entry['total']), 'WARNING')
316 else:
317 PrintAndLog(Entry['md5'] + u' '+ Entry['scan_date'] +' '+ str(Entry['positives']) + u'/' + str(Entry['total']), 'INFO')
318 elif Entry['response_code'] == 0:
319 PrintAndLog(Entry['resource'] + u' Never seen 0/0', 'INFO')
320 else:
321 PrintAndLog(u'Got a weird answer from Virustotal\n', 'ERROR')
322
323def LocalLookup(HashDBPath):
324 ''' Perform of lookup in a local database '''

Callers 1

MainFunction · 0.85

Calls 1

PrintAndLogFunction · 0.85

Tested by

no test coverage detected