| skipped 2 lines |
3 | 3 | | """ |
4 | 4 | | openSquat |
5 | 5 | | |
6 | | - | (c) CERT-MZ |
7 | | - | |
8 | | - | * https://www.cert.mz |
9 | 6 | | * https://github.com/atenreiro/opensquat |
10 | 7 | | |
11 | 8 | | software licensed under GNU version 3 |
12 | 9 | | """ |
| 10 | + | import os |
| 11 | + | import json |
13 | 12 | | import requests |
14 | | - | import json |
15 | | - | import time |
16 | 13 | | |
17 | 14 | | |
18 | 15 | | class VirusTotal: |
| 16 | + | """ |
| 17 | + | This domain class validates a domain on VirusTotal |
| 18 | + | |
| 19 | + | To use: |
| 20 | + | VirusTotal.main("opensquat.com") |
| 21 | + | |
| 22 | + | Attribute: |
| 23 | + | domain: a domain name |
| 24 | + | """ |
19 | 25 | | def __init__(self): |
20 | 26 | | """Initiator.""" |
21 | 27 | | self.domain = "" |
22 | | - | self.subdomains = [] |
23 | | - | self.URL = "" |
24 | | - | self.content = "" |
25 | | - | self.op = "" |
| 28 | + | self.api_key = "" |
| 29 | + | self.api_key_file = "" |
| 30 | + | |
| 31 | + | def set_apikey(self, api_key_file): |
| 32 | + | |
| 33 | + | self.api_key_file = api_key_file |
| 34 | + | |
| 35 | + | if not os.path.isfile(self.api_key_file): |
| 36 | + | print( |
| 37 | + | "[*] VT API Key File", |
| 38 | + | self.api_key_file , |
| 39 | + | "not found or not readable! Exiting... \n", |
| 40 | + | ) |
| 41 | + | exit(-1) |
| 42 | + | |
| 43 | + | file_vt = open(self.api_key_file, "r") |
| 44 | + | |
| 45 | + | for line in file_vt: |
| 46 | + | if ( |
| 47 | + | (line[0] != "#") and |
| 48 | + | (line[0] != " ") and |
| 49 | + | (line[0] != "") and |
| 50 | + | (line[0] != "\n") |
| 51 | + | ): |
| 52 | + | self.api_key = line |
| 53 | + | |
| 54 | + | file_vt.close() |
| 55 | + | |
| 56 | + | return True |
| 57 | + | |
26 | 58 | | |
27 | 59 | | def set_domain(self, domain): |
28 | 60 | | self.domain = domain |
29 | 61 | | |
30 | | - | def set_operation(self, op): |
31 | | - | self.op = op |
| 62 | + | def domain_report(self): |
32 | 63 | | |
33 | | - | def get_content(self): |
34 | | - | |
35 | | - | if self.op == "subdomains": |
36 | | - | self.URL = "https://www.virustotal.com/ui/domains/" + self.domain \ |
37 | | - | + "/subdomains" |
38 | | - | else: |
39 | | - | self.URL = "https://www.virustotal.com/ui/domains/" + self.domain |
| 64 | + | url = "https://www.virustotal.com/api/v3/domains/" + self.domain |
40 | 65 | | |
41 | | - | # User-Agent Headers |
42 | 66 | | headers = { |
43 | | - | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" |
44 | | - | "AppleWebKit/537.36 (KHTML, like Gecko)" |
45 | | - | "Chrome/78.0.3904.108 Safari/537.36" |
| 67 | + | "accept": "application/json", |
| 68 | + | "x-apikey": self.api_key |
46 | 69 | | } |
47 | 70 | | |
48 | | - | # Get response content |
49 | | - | response = requests.get(self.URL, stream=True, headers=headers) |
50 | | - | content = json.loads(response.content) |
| 71 | + | response = requests.get(url, headers=headers, timeout=30) |
51 | 72 | | |
52 | | - | self.content = content |
| 73 | + | json_data = json.loads(response.text) |
53 | 74 | | |
54 | | - | def get_subdomains(self): |
| 75 | + | if response.status_code == 200: |
55 | 76 | | |
56 | | - | try: |
57 | | - | if "error" in self.content: |
58 | | - | print(" \_ VirusTotal might be throttling/blocking") |
59 | | - | return False |
60 | | - | elif self.content.get('data'): |
61 | | - | for item in self.content['data']: |
62 | | - | if item['type'] == 'domain': |
63 | | - | subdomain = item['id'] |
64 | | - | self.subdomains.append(subdomain) |
65 | | - | except Exception: |
66 | | - | return False |
| 77 | + | if "data" in json_data and \ |
| 78 | + | "attributes" in json_data['data'] and \ |
| 79 | + | "total_votes" in json_data['data']['attributes']: |
67 | 80 | | |
68 | | - | if self.subdomains: |
69 | | - | return self.subdomains |
70 | | - | else: |
71 | | - | return False |
| 81 | + | harmless = json_data['data']['attributes']['total_votes']['harmless'] |
| 82 | + | malicious = json_data['data']['attributes']['total_votes']['malicious'] |
| 83 | + | harmless = int(harmless) |
| 84 | + | malicious = int(malicious) |
| 85 | + | total_votes = [harmless, malicious] |
72 | 86 | | |
73 | | - | def get_malicious(self): |
| 87 | + | return total_votes |
74 | 88 | | |
75 | | - | try: |
76 | | - | malicious = ( |
77 | | - | self.content |
78 | | - | ['attributes'] |
79 | | - | ['last_analysis_stats'] |
80 | | - | ['malicious'] |
| 89 | + | else: |
| 90 | + | |
| 91 | + | if "error" in json_data: |
| 92 | + | message = json_data['error']['message'] |
| 93 | + | print("[*] VT API ERROR:", message) |
| 94 | + | exit(-1) |
| 95 | + | else: |
| 96 | + | print( |
| 97 | + | "[*] Unexpected VT Response. HTTP Code: ", |
| 98 | + | response.status_code, |
| 99 | + | " Exiting... \n", |
81 | 100 | | ) |
82 | | - | except KeyError: |
83 | | - | return -1 |
84 | | - | |
85 | | - | return malicious |
| 101 | + | exit(-1) |
86 | 102 | | |
87 | | - | def main(self, domain, op): |
| 103 | + | def main(self, domain, api_key_file="vt_key.txt"): |
88 | 104 | | self.set_domain(domain) |
89 | | - | self.set_operation(op) |
90 | | - | self.get_content() |
91 | | - | |
92 | | - | if (op == "subdomains"): |
93 | | - | return self.get_subdomains() |
94 | | - | else: |
95 | | - | return self.get_malicious() |
| 105 | + | self.set_apikey(api_key_file) |
| 106 | + | return self.domain_report() |
96 | 107 | | |