-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathip-vtscan.py
More file actions
124 lines (102 loc) · 4.18 KB
/
ip-vtscan.py
File metadata and controls
124 lines (102 loc) · 4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
'''
Virus Total Reanalyze IP.
This script is for helping analyst in rescanning an IP in Virus Total
python ip-vtscan -k <API KEY> -i <IP>
'''
import argparse
import re
import requests
import ipaddress
import time
import sys
def parse_IP(ip_list):
pattern = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
ip_list = re.findall(pattern, ip_list)
for i in ip_list:
try:
ipaddress.ip_address(i)
except ValueError:
print("IP {} is not valid".format(i))
return []
return ip_list
def main():
parser = argparse.ArgumentParser(description='Virus Total IP re-Analyzer.')
parser.add_argument('-t', "--timeout", default=60, required=False, type=int, help='Time in seconds.')
parser.add_argument('-k', "--api-key", required=True, type=str, help='API key.')
parser.add_argument('-i', "--ip", required=True, type=str, help='IP.')
args = parser.parse_args()
ip_list = parse_IP(args.ip)
success = 0
error = 0
error_IP = []
ip_Results = []
if ip_list:
pending = list(ip_list) # use a queue so rate-limited IPs can be retried
while pending:
ip = pending.pop(0)
url = "https://www.virustotal.com/api/v3/ip_addresses/{}/analyse".format(ip)
resp = requests.post(url, headers={'x-apikey': args.api_key})
body = resp.json()
link = body.get("data", {}).get("links", {}).get("self", "")
id = body.get("data", {}).get("id", "")
errorCode = body.get("error", {}).get("code", "")
errorMessage = body.get("error", {}).get("message", "")
if resp.status_code == 200:
print("IP {} - Link {}".format(ip, link))
success += 1
ip_Results.append({
"ip": ip,
"id": id
})
elif(resp.status_code == 429 and errorCode == "TooManyRequestsError") :
# Put the IP back at the end of the queue and wait before retrying
print("Rate limit exceeded — will retry {}".format(ip))
pending.append(ip)
time.sleep(args.timeout)
else:
error += 1
print(
"IP {} - Status: {} - Error Code: {} - Message: {}".format(ip, resp.status_code, errorCode, errorMessage))
ip_Verified = 0
ip_verified_Error = 0
# Checking if IP re-scan has been completed
# below looping, it seems better to implement it in queue, the same as the above looping.
print("\n\nGETTING THE STATUS OF RESCANNED IP")
i = 0
while i < len(ip_Results):
ip = ip_Results[i].get("ip")
id = ip_Results[i].get("id")
url = "https://www.virustotal.com/api/v3/analyses/{}".format(id)
re = requests.get(url, headers={'x-apikey': args.api_key})
statusCode = re.status_code
errorCode = re.json().get("error", {}).get("code", "")
errorMessage = re.json().get("error", {}).get("message", "")
if statusCode == 200:
status = re.json().get('data', {}).get("attributes", {}).get('status', "")
if status == "completed":
print("IP {} - {} is Completed".format(ip, link))
ip_Verified +=1
ip_Results.pop(i)
else:
i+=1
time.sleep(1)
continue
elif (statusCode == 429 and errorCode == "TooManyRequestsError"):
print("Rate limit exceeded")
time.sleep(args.timeout)
continue
else:
ip_verified_Error += 1
print(
"IP {} - Status: {} - Error Code: {} - Message: {}".format(ip, statusCode, errorCode, errorMessage))
time.sleep(1)
i+=1
print("success: {}, error: {}".format(success, error))
print("Verified: {}, error: {}".format(ip_Verified, ip_verified_Error))
if error_IP:
print("Error IP: {}".format(error_IP))
else:
print("No IP found.")
sys.exit(1)
if "__main__" == __name__:
main()