时间:2021-05-22
本文实例讲述了python实现封装得到virustotal扫描结果的方法。分享给大家供大家参考。具体方法如下:
import simplejson import urllib import urllib2 import os, sys import logging try: import sqlite3 except ImportError: sys.stderr.write("ERROR: Unable to locate Python SQLite3 module. " \ "Please verify your installation. Exiting...\n") sys.exit(-1) MD5 = "5248f774d2ee0a10936d0b1dc89107f1" MD5 = "12fa5fb74201d9b6a14f63fbf9a81ff6" #do not have report on virustotal.com APIKEY = "xxxxxxxxxxxxxxxxxx"用自己的 class VirusTotalDatabase: """ Database abstraction layer. """ def __init__(self, db_file): log = logging.getLogger("Database.Init") self.__dbfile = db_file self._conn = None self._cursor = None # Check if SQLite database already exists. If it doesn't exist I invoke # the generation procedure. if not os.path.exists(self.__dbfile): if self._generate(): print("Generated database \"%s\" which didn't" \ " exist before." % self.__dbfile) else: print("Unable to generate database") # Once the database is generated of it already has been, I can # initialize the connection. try: self._conn = sqlite3.connect(self.__dbfile) self._cursor = self._conn.cursor() except Exception, why: print("Unable to connect to database \"%s\": %s." % (self.__dbfile, why)) log.debug("Connected to SQLite database \"%s\"." % self.__dbfile) def _generate(self): """ Creates database structure in a SQLite file. """ if os.path.exists(self.__dbfile): return False db_dir = os.path.dirname(self.__dbfile) if not os.path.exists(db_dir): try: os.makedirs(db_dir) except (IOError, os.error), why: print("Something went wrong while creating database " \ "directory \"%s\": %s" % (db_dir, why)) return False conn = sqlite3.connect(self.__dbfile) cursor = conn.cursor() cursor.execute("CREATE TABLE virustotal (\n" \ " id INTEGER PRIMARY KEY,\n" \ " md5 TEXT NOT NULL,\n" \ " Kaspersky TEXT DEFAULT NULL,\n" \ " McAfee TEXT DEFAULT NULL,\n" \ " Symantec TEXT DEFAULT NULL,\n" \ " Norman TEXT DEFAULT NULL,\n" \ " Avast TEXT DEFAULT NULL,\n" \ " NOD32 TEXT DEFAULT NULL,\n" \ " BitDefender TEXT DEFAULT NULL,\n" \ " Microsoft TEXT DEFAULT NULL,\n" \ " Rising TEXT DEFAULT NULL,\n" \ " Panda TEXT DEFAULT NULL\n" \ ");") print "create db:%s sucess" % self.__dbfile return True def _get_task_dict(self, row): try: task = {} task["id"] = row[0] task["md5"] = row[1] task["Kaspersky"] = row[2] task["McAfee"] = row[3] task["Symantec"] = row[4] task["Norman"] = row[5] task["Avast"] = row[6] task["NOD32"] = row[7] task["BitDefender"] = row[8] task["Microsoft"] = row[9] task["Rising"] = row[10] task["Panda"] = row[11] return task except Exception, why: return None def add_sample(self, md5, virus_dict): """ """ task_id = None if not self._cursor: return None if not md5 or md5 == "": return None Kaspersky = virus_dict.get("Kaspersky", None) McAfee = virus_dict.get("McAfee", None) Symantec = virus_dict.get("Symantec", None) Norman = virus_dict.get("Norman", None) Avast = virus_dict.get("Avast", None) NOD32 = virus_dict.get("NOD32", None) BitDefender = virus_dict.get("BitDefender", None) Microsoft = virus_dict.get("Microsoft", None) Rising = virus_dict.get("Rising", None) Panda = virus_dict.get("Panda", None) self._conn.text_factory = str try: self._cursor.execute("SELECT id FROM virustotal WHERE md5 = ?;", (md5,)) sample_row = self._cursor.fetchone() except sqlite3.OperationalError, why: print "sqlite3 error:%s\n" % str(why) return False if sample_row: try: sample_row = sample_row[0] self._cursor.execute("UPDATE virustotal SET Kaspersky=?, McAfee=?, Symantec=?, Norman=?, Avast=?, \ NOD32=?, BitDefender=?, Microsoft=?, Rising=?, Panda=? WHERE id = ?;", (Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender, Microsoft,\ Rising, Panda, sample_row)) self._conn.commit() task_id = sample_row except sqlite3.OperationalError, why: print("Unable to update database: %s." % why) return False else: #the sample not in the database try: self._cursor.execute("INSERT INTO virustotal " \ "(md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\ Microsoft, Rising, Panda) " \ "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);", (md5, Kaspersky, McAfee, Symantec, Norman, Avast, NOD32, BitDefender,\ Microsoft, Rising, Panda)) self._conn.commit() task_id = self._cursor.lastrowid except sqlite3.OperationalError, why: print "why",str(why) return None print "add_to_db:%s, task_id:%s" % (str(self.__dbfile), str(task_id)) return task_id def get_sample(self): """ Gets a task from pending queue. """ log = logging.getLogger("Database.GetTask") if not self._cursor: log.error("Unable to acquire cursor.") return None # Select one item from the queue table with higher priority and older # addition date which has not already been processed. try: self._cursor.execute("SELECT * FROM virustotal " \ #"WHERE lock = 0 " \ #"AND status = 0 " \ "ORDER BY id, added_on LIMIT 1;") except sqlite3.OperationalError, why: log.error("Unable to query database: %s." % why) return None sample_row = self._cursor.fetchone() if sample_row: return self._get_task_dict(sample_row) else: return None def search_md5(self, md5): """ """ if not self._cursor: return None if not md5 or len(md5) != 32: return None try: self._cursor.execute("SELECT * FROM virustotal " \ "WHERE md5 = ? " \ #"AND status = 1 " \ "ORDER BY id DESC;", (md5,)) except sqlite3.OperationalError, why: return None task_dict = {} for row in self._cursor.fetchall(): task_dict = self._get_task_dict(row) #if task_dict: #tasks.append(task_dict) return task_dict class VirusTotal: """""" def __init__(self, md5): """Constructor""" self._virus_dict = {} self._md5 = md5 self._db_file = r"./db/virustotal.db" self.get_report_dict() def repr(self): return str(self._virus_dict) def submit_md5(self, file_path): import postfile #submit the file FILE_NAME = os.path.basename(file_path) host = "any, virus_name["result"]) return result_dict def write_to_db(self): """""" db = VirusTotalDatabase(self._db_file) virus_dict = self.get_report_dict() db.add_sample(self._md5, virus_dict)使用方法如下:
config = {'input':"inputMd5s"} fp = open(config['input'], "r") content = fp.readlines() MD5S = [] for md5 in ifilter(lambda x:len(x)>0, imap(string.strip, content)): MD5S.append(md5) print "MD5S",MD5S fp.close() from getVirusTotalInfo import VirusTotal #得到扫描结果并写入数库 for md5 in MD5S: virus_total = VirusTotal(md5) virus_total.write_to_db()希望本文所述对大家的Python程序设计有所帮助。
声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。
本文实例讲述了python实现上传样本到virustotal并查询扫描信息的方法。分享给大家供大家参考。具体方法如下:importsimplejsonimpor
凭经验,这是索引碎片问题。检查索引碎片DBCCSHOWCONTIG(表),得到如下结果:DBCCSHOWCONTIG正在扫描'A'表...表:'A'(88419
本文代码实现Python多线程扫描端口,具体实现代码如下。#coding:utf-8importsocketimportthreadimporttimesock
本文实例讲述了python实现的多线程端口扫描功能。分享给大家供大家参考,具体如下:下面的程序给出了对给定的ip主机进行多线程扫描的Python代码#!/usr
本文实例讲述了Python基于多线程实现ping扫描功能。分享给大家供大家参考,具体如下:#-*-coding:utf-8-*-#!python2imports