[AutoIt] VirusTotal API 2.0 UDF

Iniciado por Danyfirex, 4 Junio 2013, 13:40 PM

0 Miembros y 1 Visitante están viendo este tema.

Danyfirex

Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla.  ;D


Requiere  winhttp

http://www.autoitscript.com/forum/topic/84133-winhttp-functions/?hl=winhttp


Ejemplo:

Código (php) [Seleccionar]
#include <Crypt.au3>
#include "VT.au3"

Example()

Func Example()

   _Crypt_Startup()
   Local $sFilePath = @WindowsDir & "\Explorer.exe"

   Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
  _Crypt_Shutdown()
   Local $hVirusTotal = VT_Open()
   Local $APIkey='Your API key'
   ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
   VT_Close($hVirusTotal) ;
EndFunc   ;==>Example



VT.au3 UDF

Código (php) [Seleccionar]
#include-once
#include "WinHttp.au3"

; #INDEX# =================================================================================================
; Title .........: VT.au3
; AutoIt Version : 3.3.8.1
; Language ......: English
; Description ...: VirusTotal public API version 2.0 implementation in Autoit
;thanks to: trancexx|ProgAndy "WinHttp.au3"  ||| guinness "Suggestions+Snippets ||| www.virustotal.com
;Reference https://www.virustotal.com/es/documentation/public-api
;Written by Danyfirex
;Date 12/05/2013 | Update 03/06/2013
; #FUNCTION# =============================================================================================




;===================CONSTANTS/CONSTANTES=======================
Global Const $__sVirusTotal_Page = 'www.virustotal.com'
Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect
Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _
                      '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put']
;==============================================================


; #FUNCTIONS/FUNCIONES# =======================================
;VT() ;Use respective flag($Type)
;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;flags($Type)
;$fReport = retrieve a scan report on a given file
;$fScan   = submit a file for Scanning
;$fRescan = Rescan files in VirusTotal's file store
;$uReport = retrieve a scan report on a given URL
;$uScan   = submit a URL for Scanning
;$Comment = Make a commnet on files and URLs
; ==============================================================



; #FUNCTION# =============================================================================================
; Name...........: VT_Open
; Description ...: Initialize and get session handle & connection handle
; Syntax.........: VT_Open()
; guinness
; #FUNCTION# =============================================================================================
Func VT_Open()
   Local $aAPI[2] = [0, 0]
   $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
   If @error Then $aAPI[$eAPI_HttpOpen] = -1
   $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
   If @error Then $aAPI[$eAPI_HttpConnect] = -1
   Return $aAPI
EndFunc   ;==>VT_Open


; #FUNCTION# =============================================================================================
; Name...........: VT_Close
; Description ...: Close handles
; Syntax.........: VT_Close($handle)
;guinness
; #FUNCTION# =============================================================================================
Func VT_Close(ByRef Const $aAPI)
   _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
   _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
   Return True
EndFunc   ;==>VT_Close



; #FUNCTION# =============================================================================================
; Name...........: VT
; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey)
;VT($hVirusTotal, $fScan, "C:\file.exe",$APIkey)
;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey)
;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey)
;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey)
;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo")
; Parameters....: $Resource - md5/sha1/sha256/scan_id | filename | Url | respectively for flag($Type)
;                 $APIkey -  your API key.
;                 $Comments - your Comments
;Return.........; response format is a JSON object
; #FUNCTION# =============================================================================================
Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")

   If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open()

Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
   Case $Type = $fReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $fScan
 Local $sBoundary="--------Boundary"
 Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF
 Local $sData = ''
   $sData &= "--" & $sBoundary & @CRLF
$sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF
$sData &= "--" & $sBoundary & @CRLF
$sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary)
$sData &= "--" & $sBoundary & "--" & @CRLF
Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders)

Case $Type = $fRescan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey)

Case $Type = $uReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $uScan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $Comment
        return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _
"&comment=" & $Comments & "&key=" & $sAPIkey)

   Case Else
       SetError(3)
EndSelect

EndFunc   ;==>VT



Saludos