send
Grupo de Telegram
play_arrow
  3. VirusTotal API 2.0 UDF
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.
« anterior próximo »
Páginas: [1]   Ir Abajo

VirusTotal API 2.0 UDF

  • 0 Respuestas
  • 2039 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado Danyfirex

  • *
  • Underc0der
  • Mensajes: 22
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil

VirusTotal API 2.0 UDF

« en: Junio 04, 2013, 08:38:02 am »
Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla. :metal:


Requiere  winhttp

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login


Ejemplo:

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
#include <Crypt.au3>
#include "VT.au3"

Example()

Func Example()

    _Crypt_Startup()
    Local $sFilePath = @WindowsDir & "\Explorer.exe"

    Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
   _Crypt_Shutdown()
    Local $hVirusTotal = VT_Open()
    Local $APIkey='Your API key'
    ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
    VT_Close($hVirusTotal) ;
EndFunc   ;==>Example


VT.au3 UDF

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
#include-once
 #include "WinHttp.au3"

; #INDEX# =================================================================================================
; Title .........: VT.au3
; AutoIt Version : 3.3.8.1
; Language ......: English
; Description ...: VirusTotal public API version 2.0 implementation in Autoit
;thanks to: trancexx|ProgAndy "WinHttp.au3"  ||| guinness "Suggestions+Snippets ||| www.virustotal.com
;Reference https://www.virustotal.com/es/documentation/public-api
;Written by Danyfirex
;Date 12/05/2013 | Update 03/06/2013
; #FUNCTION# =============================================================================================




;===================CONSTANTS/CONSTANTES=======================
Global Const $__sVirusTotal_Page = 'www.virustotal.com'
Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect
Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _
                       '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put']
;==============================================================


; #FUNCTIONS/FUNCIONES# =======================================
;VT() ;Use respective flag($Type)
;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;flags($Type)
;$fReport = retrieve a scan report on a given file
;$fScan   = submit a file for Scanning
;$fRescan = Rescan files in VirusTotal's file store
;$uReport = retrieve a scan report on a given URL
;$uScan   = submit a URL for Scanning
;$Comment = Make a commnet on files and URLs
; ==============================================================



; #FUNCTION# =============================================================================================
; Name...........: VT_Open
; Description ...: Initialize and get session handle & connection handle
; Syntax.........: VT_Open()
; guinness
; #FUNCTION# =============================================================================================
Func VT_Open()
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open


; #FUNCTION# =============================================================================================
; Name...........: VT_Close
; Description ...: Close handles
; Syntax.........: VT_Close($handle)
;guinness
; #FUNCTION# =============================================================================================
Func VT_Close(ByRef Const $aAPI)
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close



; #FUNCTION# =============================================================================================
; Name...........: VT
; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey)
;VT($hVirusTotal, $fScan, "C:\file.exe",$APIkey)
;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey)
;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey)
;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey)
;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo")
; Parameters....: $Resource - md5/sha1/sha256/scan_id | filename | Url | respectively for flag($Type)
;                 $APIkey -  your API key.
;                 $Comments - your Comments
;Return.........; response format is a JSON object
; #FUNCTION# =============================================================================================
Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")

    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open()

Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
    Case $Type = $fReport
         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $fScan
  Local $sBoundary="--------Boundary"
  Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF
  Local $sData = ''
    $sData &= "--" & $sBoundary & @CRLF
$sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF
$sData &= "--" & $sBoundary & @CRLF
$sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary)
$sData &= "--" & $sBoundary & "--" & @CRLF
Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders)

Case $Type = $fRescan
         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey)

Case $Type = $uReport
         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $uScan
         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $Comment
         return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _
"&comment=" & $Comments & "&key=" & $sAPIkey)

    Case Else
        SetError(3)
EndSelect

EndFunc   ;==>VT


Saludos
En línea
Páginas: [1]   Ir Arriba
« anterior próximo »
 

¿Te gustó el post? COMPARTILO!