Module: Uirusu::VTFile
- Defined in:
- lib/uirusu/vtfile.rb
Overview
Module for Accessing the File scan and report functionalities of the Virustotal.com public API
Constant Summary collapse
- SCAN_URL =
Uirusu::VT_API + "/file/scan"
- SCAN_UPLOAD_URL =
Uirusu::VT_API + "/file/scan/upload_url"
- RESCAN_URL =
Uirusu::VT_API + "/file/rescan"
- RESCAN_DELETE_URL =
Uirusu::VT_API + "/file/rescan/delete"
- REPORT_URL =
Uirusu::VT_API + "/file/report"
- BEHAVIOUR_URL =
Uirusu::VT_API + "/file/behaviour"
- NETWORK_TRAFFIC_URL =
Uirusu::VT_API + "/file/network-traffic"
- SEARCH_URL =
Uirusu::VT_API + "/file/search"
- CLUSTERS_URL =
Uirusu::VT_API + "/file/clusters"
- DOWNLOAD_URL =
Uirusu::VT_API + "/file/download"
- FEED_URL =
not implemented
Uirusu::VT_API + "/file/feed"
- FALSE_POSITIVES_URL =
not implemented
Uirusu::VT_API + "/file/false-positives"
Class Method Summary collapse
-
.behaviour(api_key, hash) ⇒ JSON
Requests a behavioural report on a hash.
-
.clusters(api_key, date) ⇒ JSON
Access the clustering section of VT Intelligence.
-
.download(api_key, hash) ⇒ File
Download a file from vT’s store given a hash.
-
.false_positives(api_key, limit = 100) ⇒ JSON
Allows vendors to consume false positive notifications for files that they mistakenly detect.
-
.feed(api_key, package) ⇒ JSON
Retrieve a live feed of all uploaded files to VT.
-
.network_traffic(api_key, hash) ⇒ PCAP
Requests a network traffic report on a hash.
-
.query_report(api_key, resource, **args) ⇒ JSON
Queries a report from Virustotal.com.
-
.rescan_delete(api_key, resource) ⇒ JSON
Deletes a scheduled rescan request.
-
.rescan_file(api_key, resource, **args) ⇒ JSON
Requests an existing file to be rescanned.
-
.scan_file(api_key, path_to_file, **args) ⇒ JSON
Submits a file to Virustotal.com for analysis.
-
.scan_upload_url(api_key) ⇒ JSON
Retrieves a custom upload URL for files larger than 32MB.
-
.search(api_key, query, **args) ⇒ JSON
Perform an advanced reverse search.
Class Method Details
.behaviour(api_key, hash) ⇒ JSON
Requests a behavioural report on a hash.
135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/uirusu/vtfile.rb', line 135 def self.behaviour(api_key, hash) if hash == nil raise "Invalid hash, must be md5/sha1/sha256" end params = { apikey: api_key, hash: hash } Uirusu.query_api BEHAVIOUR_URL, params end |
.clusters(api_key, date) ⇒ JSON
Access the clustering section of VT Intelligence.
190 191 192 193 194 195 196 197 198 199 200 |
# File 'lib/uirusu/vtfile.rb', line 190 def self.clusters(api_key, date) if date == nil raise "Please enter a valid date (Ex: 2013-09-10)" end params = { apikey: api_key, date: date } Uirusu.query_api CLUSTERS_URL, params end |
.download(api_key, hash) ⇒ File
Download a file from vT’s store given a hash.
208 209 210 211 212 213 214 215 216 217 218 |
# File 'lib/uirusu/vtfile.rb', line 208 def self.download(api_key, hash) if hash == nil raise "Please enter a valid md5/sha1/sha256 hash" end params = { apikey: api_key, hash: hash } Uirusu.query_api DOWNLOAD_URL, params end |
.false_positives(api_key, limit = 100) ⇒ JSON
Allows vendors to consume false positive notifications for files that they mistakenly detect.
236 237 238 |
# File 'lib/uirusu/vtfile.rb', line 236 def self.false_positives(api_key, limit=100) raise "#false_positives not yet implemented. This API is only available to antivirus vendors participating in VirusTotal." end |
.feed(api_key, package) ⇒ JSON
Retrieve a live feed of all uploaded files to VT.
226 227 228 |
# File 'lib/uirusu/vtfile.rb', line 226 def self.feed(api_key, package) raise "#false_positives not yet implemented. This API call is only available to users that have licensed the unlimited tier of VirusTotal private Mass API." end |
.network_traffic(api_key, hash) ⇒ PCAP
Requests a network traffic report on a hash.
153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/uirusu/vtfile.rb', line 153 def self.network_traffic(api_key, hash) if hash == nil raise "Invalid hash, must be md5/sha1/sha256" end params = { apikey: api_key, hash: hash } Uirusu.query_api NETWORK_TRAFFIC_URL, params end |
.query_report(api_key, resource, **args) ⇒ JSON
Queries a report from Virustotal.com
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/uirusu/vtfile.rb', line 47 def VTFile.query_report(api_key, resource, **args) if resource == nil raise "Invalid resource, must be md5/sha1/sha256/scan_id" end params = { apikey: api_key, resource: resource } Uirusu.query_api REPORT_URL, params.merge!(args), true end |
.rescan_delete(api_key, resource) ⇒ JSON
Deletes a scheduled rescan request.
116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/uirusu/vtfile.rb', line 116 def self.rescan_delete(api_key, resource) if resource == nil raise "Invalid resource, must be md5/sha1/sha256/scan_id" end params = { apikey: api_key, resource: resource } Uirusu.query_api RESCAN_DELETE_URL, params, true end |
.rescan_file(api_key, resource, **args) ⇒ JSON
Requests an existing file to be rescanned.
98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/uirusu/vtfile.rb', line 98 def self.rescan_file(api_key, resource, **args) if resource == nil raise "Invalid resource, must be md5/sha1/sha256/scan_id" end params = { apikey: api_key, resource: resource } Uirusu.query_api RESCAN_URL, params.merge!(args), true end |
.scan_file(api_key, path_to_file, **args) ⇒ JSON
Submits a file to Virustotal.com for analysis
66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/uirusu/vtfile.rb', line 66 def self.scan_file(api_key, path_to_file, **args) if !File.exist?(path_to_file) raise Errno::ENOENT end params = { apikey: api_key, filename: path_to_file, file: File.new(path_to_file, 'rb') } Uirusu.query_api SCAN_URL, params.merge!(args), true end |
.scan_upload_url(api_key) ⇒ JSON
Retrieves a custom upload URL for files larger than 32MB
84 85 86 87 88 89 |
# File 'lib/uirusu/vtfile.rb', line 84 def self.scan_upload_url(api_key) params = { apikey: api_key } Uirusu.query_api SCAN_UPLOAD_URL, params end |
.search(api_key, query, **args) ⇒ JSON
Perform an advanced reverse search.
172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/uirusu/vtfile.rb', line 172 def self.search(api_key, query, **args) if query == nil raise "Please enter a valid query." end params = { apikey: api_key, query: query } Uirusu.query_api SEARCH_URL, params.merge!(args) end |