Package lib :: Package cuckoo :: Package common :: Module virustotal :: Class VirusTotalAPI
[hide private]
[frames] | no frames]

Class VirusTotalAPI

source code

object --+
         |
        VirusTotalAPI

Wrapper to VirusTotal API.

Instance Methods [hide private]
 
__init__(self, apikey, timeout, scan=0)
Initialize VirusTotal API with the API key and timeout.
source code
 
_request_json(self, url, **kwargs)
Wrapper around doing a request and parsing its JSON output.
source code
 
_get_report(self, url, resource, summary=False)
Fetch the report of a file or URL.
source code
 
url_report(self, url, summary=False)
Get the report of an existing URL scan.
source code
 
file_report(self, filepath, summary=False)
Get the report of an existing file scan.
source code
 
url_scan(self, url)
Submit a URL to be scanned.
source code
 
file_scan(self, filepath)
Submit a file to be scanned.
source code
 
normalize(self, variant)
Normalize the variant name provided by an Anti Virus engine.
source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
  FILE_REPORT = 'https://www.virustotal.com/vtapi/v2/file/report'
  URL_REPORT = 'https://www.virustotal.com/vtapi/v2/url/report'
  FILE_SCAN = 'https://www.virustotal.com/vtapi/v2/file/scan'
  URL_SCAN = 'https://www.virustotal.com/vtapi/v2/url/scan'
  VARIANT_BLACKLIST = ['generic', 'malware', 'trojan', 'agent', ...
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, apikey, timeout, scan=0)
(Constructor)

source code 

Initialize VirusTotal API with the API key and timeout.

Parameters:
  • api_key - virustotal api key
  • timeout - request and response timeout
  • scan - send file to scan or just get report
Overrides: object.__init__

url_report(self, url, summary=False)

source code 

Get the report of an existing URL scan.

Parameters:
  • url - URL
  • summary - if you want a summary report

file_report(self, filepath, summary=False)

source code 

Get the report of an existing file scan.

Parameters:
  • filepath - file path
  • summary - if you want a summary report

url_scan(self, url)

source code 

Submit a URL to be scanned.

Parameters:
  • url - URL

file_scan(self, filepath)

source code 

Submit a file to be scanned.

Parameters:
  • filepath - file path

normalize(self, variant)

source code 

Normalize the variant name provided by an Anti Virus engine. This attempts to extract the useful parts of a variant name by stripping all the boilerplate stuff from it.


Class Variable Details [hide private]

VARIANT_BLACKLIST

Value:
['generic',
 'malware',
 'trojan',
 'agent',
 'win32',
 'multi',
 'w32',
 'trojanclicker',
...