Nytro Posted January 6, 2013 Report Posted January 6, 2013 [h=3]YAPS.py 0.3 released – Python script to upload samlpes to VirusTotal[/h]Finished automation of a process to upload samples from multiple trackers. Hope You can add it to Your systems and daily jobs. History, requirements and installation – see here Link to get – YAPS.py don’t forget to remove _.txt ) What added: 1. Added check of sample, if it already present on VirusTotal database. If so – just data dumped to log 2. If sample not present – it uploaded to VirusTotal. 3. All info about samples: Is sample new, SHA256 hash, detect ratio and URL to review – dumped to vtlog.txt at same dir 4. Comments added – in case You need to comment samples. by default enabled on already detected samples. Edit comment variable if needed. Currently there is a problem to comment just submitted file – will be solved. 5. All this within ToS of VirusTotal and thx to them for good tool Hope it useful not to me Stay Safe D.L.#!/usr/bin/python## Script to upload samples to VT via API# ver 0.3 # # Require: # * Requests python library - grab here http://docs.python-requests.org/en/latest/# Usage: # python yaps.py path/to/malware.exe# Wildcard:# python yaps.py path/to/* or path/to/*.exe etc # # Variables:# api_key - take Your API from Virustotal# comment2add - comment that added to sample, in case You upload bunch of simular samples## By Denis Laskov @it4sec http://ondailybasis.com## Special thx: # @joelverhagen for hashing function sampleimport requests, sys, fileinput, time, hashlibapi_key = '' #public API from VT comment2add = '#Malware 'if api_key == '': print 'API Key is empty. Go at www.virustotal.com and past one at api-key var'SHA = '' headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE 8.0; uploaded by YAPS.py @it4sec)'}url = 'https://www.virustotal.com/vtapi/v2/file/scan' #URL to submit filesurl2 = 'https://www.virustotal.com/vtapi/v2/file/report' #URL to review reportsurl3 = 'https://www.virustotal.com/vtapi/v2/comments/put' #URL to submit commentspost_data1 = {'apikey': api_key}def sha256sum_f(filePath): # SHA256 function fh = open(filePath, 'rb') m = hashlib.sha256() while True: data = fh.read(8192) if not data: break m.update(data) return m.hexdigest()def upload_f(filePath): # Upload sample func file2send = {'file': open(filePath, 'rb')} r = requests.post(url, post_data1, files=file2send, headers=headers) #print r.json return r.jsondef VTcheckl_f(hash_value): #check VT status of sample post_data2 = {'resource': SHA, 'apikey': api_key} print 'Checking: ', fileinput.filename(), ' sha256: ', SHA #print post_data2 r = requests.post(url2, post_data2, headers=headers) return r.jsondef timer_f(): # timer of 15 seconds to stay within VT API ToS print 'Waiting 15 seconds to comply VT ToS' time.sleep(15)def Report_f(isnew, json): # Func to write to report n = open('./vtlog.txt', 'a') n.write ('\n\nAlready reported: ' + str(isnew)) n.write ('\nFilename: ' + str(fileinput.filename())) n.write ('\nsha256: ' + str(json['sha256'])) try: n.write ('\nDetection Ratio: ' + str(json['positives']) + '/' + str(json['total'])) except KeyError: n.write ('\nDetection Ratio: Unknown' ) pass n.write ('\nURL: ' + str(json['permalink'])) n.close def Comment_f(SHAsum): post_data3= {'resource': SHA, 'apikey': api_key, 'comment': comment2add} r = requests.post(url3, post_data3, headers=headers)for line in fileinput.input(): SHA = sha256sum_f(fileinput.filename()) response = VTcheckl_f(SHA) status = response['response_code'] if status == 0: print 'New sample: ', fileinput.filename(), ' uploading' timer_f() newstatus = upload_f(fileinput.filename()) Report_f('No', newstatus) #Comment_f(SHA) if status != 0: print 'Sample ', fileinput.filename(), ' already known or in process' Report_f('Yes', response) Comment_f(SHA) timer_f() fileinput.nextfile()Sursa: Day by day… | YAPS.py 0.3 released – Python script to upload samlpes to VirusTotal Quote
