LoginSignup
0
0

More than 3 years have passed since last update.

@yumano

ハッシュリストをVTに突っ込んで検知結果をリストで受け取る X-FORCE もあるよ

Last updated at Posted at 2019-12-02

エモいやつのハッシュ値リストをまとめてVTでチェックするスクリプトです。
APIでまとめて取得します。クエリ量制限(4回/分)があるのでゆっくり待ちましょう

import requests
import json
import pandas as pd 
import time
import csv 


hashlist= [
'c9e17e63de9b882e820c829b415a4e13070453c8',
'dee5ff1d1910e27c2b6aed7ddffce3c3be6356d4']
url = 'https://www.virustotal.com/vtapi/v2/file/report'

apikey ='USE_YOUR_API_KEY'

f = open('vt_output.csv', 'w')
writer = csv.writer(f, lineterminator='\n')

for hash in hashlist:
    print(hash)
    params = {'apikey': apikey, 'resource': hash}
    response = requests.get(url, params=params)
    l = [hash]
    response_code =response.json()['response_code']
    l.append(response_code)
    if response_code == 1:
        df=pd.read_json( json.dumps(response.json()))
        for x in range(df.index.size):
            l.append(df['scans'][x]['result'])
    writer.writerow(l)
    time.sleep(25)
f.close()

結果はリストで取得できます。

1   Trojan.Downloader.DOC.Gen   Other:Malware-gen [Trj] W97m.Downloader.IQU Trojan.MSWord.Generic.4!c   VBA/Downloader.S70  W97m.Downloader.IQU Other:Malware-gen [Trj]     VBA/Dldr.Agent.zzlmg        W97m.Downloader.IQU         W97M.Emotet.36301       Doc.Dropper.Emotet-7399725-0        W97M/Downldr.HB.gen!Eldorado    W97M.DownLoader.4186    VBA/TrojanDownloader.Agent.QMI      malicious (high confidence)     Malware.VBA/Dldr.Agent.zzlmg    W97m.Downloader.IQU VBA/Agent.QLT!tr.dldr   Macro.Trojan.Kryptik.NK@susp    Trojan-Downloader.VBA.Emotet                HEUR:Trojan.MSOffice.SAgent.gen     malware (ai score=89)           W97M/Downloader.xx  BehavesLike.Downloader.cg   W97m.Downloader.IQU TrojanDownloader:O97M/Emotet.GF!MTB Trojan.Script.Downloader.ghylsa O97M/Downloader virus.office.obfuscated.1           DFI - Malicious OLE Mal/DocDl-K Trojan.Gen.2    Suspicious/W97M.Obfus.Gen.8 Heur.Macro.Generic.Gen.f        Trojan.W97M.EMOTET.JKBG Trojan.W97M.EMOTET.JKBG             Trojan.AvsMofer.bSGLro      HEUR:Trojan.MSOffice.SAgent.gen Probably W97Obfuscated

X-FORCEでIPをチェックしてスコアを取得するやつも作りました

import requests
import json
import pandas as pd 
import time
import csv 

iplist =[
'8.8.8.8',
'7.7.7.7'
]


url = 'https://api.xforce.ibmcloud.com/ipr/' 

apikey ='Basic YOURKEY'

f = open('x_output.csv', 'w')
writer = csv.writer(f, lineterminator='\n')


for ip in iplist:
    print(ip)
    headers = {'Authorization': apikey}
    full = url + ip
    response = requests.get(full, headers=headers)
    l = [ip]
    l.append(response.json()["score"])
    l.append(response.json()["cats"])
    l.append(response.json()["categoryDescriptions"])
    writer.writerow(l)
    time.sleep(5)
f.close()
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0