virustotal.com上的公共接口学习

postfile.py文件

来自官方指示：http://code.activestate.com/recipes/146306/

下面是对应代码：

import httplib, mimetypesdef post_multipart(host, selector, fields, files):    """    Post fields and files to an http host as multipart/form-data.    fields is a sequence of (name, value) elements for regular form fields.    files is a sequence of (name, filename, value) elements for data to be uploaded as files    Return the server's response page.    """    content_type, body = encode_multipart_formdata(fields, files)    h = httplib.HTTP(host)    h.putrequest('POST', selector)    h.putheader('content-type', content_type)    h.putheader('content-length', str(len(body)))    h.endheaders()    h.send(body)    errcode, errmsg, headers = h.getreply()    return h.file.read()def encode_multipart_formdata(fields, files):    """    fields is a sequence of (name, value) elements for regular form fields.    files is a sequence of (name, filename, value) elements for data to be uploaded as files    Return (content_type, body) ready for httplib.HTTP instance    """    BOUNDARY = '----------ThIs_Is_tHe_bouNdaRY_$'    CRLF = '\r\n'    L = []    for (key, value) in fields:        L.append('--' + BOUNDARY)        L.append('Content-Disposition: form-data; name="%s"' % key)        L.append('')        L.append(value)    for (key, filename, value) in files:        L.append('--' + BOUNDARY)        L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename))        L.append('Content-Type: %s' % get_content_type(filename))        L.append('')        L.append(value)    L.append('--' + BOUNDARY + '--')    L.append('')    body = CRLF.join(L)    content_type = 'multipart/form-data; boundary=%s' % BOUNDARY    return content_type, bodydef get_content_type(filename):    return mimetypes.guess_type(filename)[0] or 'application/octet-stream'

对于接口使用如下

##########上传文件################import postfilehost = "www.virustotal.com"selector = "https://www.virustotal.com/vtapi/v2/file/scan"fields = [("apikey", "00000000000000000000000000000000000000000000000000000000000000")]file_to_send = open("domains.txt", "rb").read()files = [("file", "domains.txt", file_to_send)]json = postfile.post_multipart(host, selector, fields, files)print json

############单一文件重扫#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/file/rescan"parameters = {"resource": "99894B0B3E9BD0524E2AB09BD8AC148F","apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############多文件重扫#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/file/rescan"parameters = {"resource": "99894B0B3E9BD0524E2AB09BD8AC148F, F4E3D4EE9AC7B0D29642D01333C2E2FB","apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############检索文件扫描报告---单一文件#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/file/report"parameters = {"resource": "99894B0B3E9BD0524E2AB09BD8AC148F","apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############检索文件扫描报告---单一文件--得到指定安全厂商返回的结果#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/file/report"parameters = {"resource": "99894B0B3E9BD0524E2AB09BD8AC148F","apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()#print jsonresponse_dict = simplejson.loads(json)print response_dict.get("scans", {}).get("Microsoft", {}).get("result")

############检索文件扫描报告---多文件#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/file/report"parameters = {"resource": "99894B0B3E9BD0524E2AB09BD8AC148F, F4E3D4EE9AC7B0D29642D01333C2E2FB","apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############发送和扫描可疑单个URL链接#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/url/scan"parameters = {"url": "http://www.163.com",              "apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############发送和扫描可疑多个URL链接#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/url/scan"parameters = {"url": "http://www.sohu.com\nhttp://www.163.com", # example of batch request              "apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############检索单一URL扫描报告#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/url/report"parameters = {"resource": "http://www.sohu.com",              "apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############检索单一URL扫描报告--得到指定安全厂商返回的结果#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/url/report"parameters = {"resource": "http://www.sohu.com",              "apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()#print jsonresponse_dict = simplejson.loads(json)print response_dict.get('scans', {}).get('SpyEyeTracker').get('result')

############检索多个URL扫描报告#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/url/report"parameters = {'apikey': 'f76bdbc3755b5bafd4a18436bebf6a47d0aae6d2b4284f118077aa0dbdbd76a4',              'resource': 'http://www.google.com, http://unknowndomain.com', # example using batch request              'scan': '1'}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json

############检索IP地址扫描报告#######################import jsonimport urlliburl = 'https://www.virustotal.com/vtapi/v2/ip-address/report'parameters = {'ip': '90.156.201.27', 'apikey': '00000000000000000000000000000000000000000000000000000000000000'}response = urllib.urlopen('%s?%s' % (url, urllib.urlencode(parameters))).read()response_dict = json.loads(response)print response_dict

############检索域名扫描报告#######################import jsonimport urlliburl = 'https://www.virustotal.com/vtapi/v2/domain/report'parameters = {'domain': 'sohu.com', 'apikey': '00000000000000000000000000000000000000000000000000000000000000'}response = urllib.urlopen('%s?%s' % (url, urllib.urlencode(parameters))).read()response_dict = json.loads(response)print response_dict

############对文件和URLs发表评论#######################import simplejsonimport urllibimport urllib2url = "https://www.virustotal.com/vtapi/v2/comments/put"parameters = {"resource": "99017f6eebbac24f351415dd410d522d",              "comment": "How to disinfect you from this file... #disinfect #zbot",              "apikey": "00000000000000000000000000000000000000000000000000000000000000"}data = urllib.urlencode(parameters)req = urllib2.Request(url, data)response = urllib2.urlopen(req)json = response.read()print json