使用virustotal VT 查询情报——感觉远远没有微步、思科好用,10万条数据查出来5万条都有postives >0的记录,尼玛!!!

时间:2022-06-01 18:56:27
 1399  git clone https://github.com/VirusTotal/c-vtapi.git

 1400  cd c-vtapi/

 1402  sudo apt-get install automake autoconf libtool libjansson-dev libcurl4-openssl-dev

 1407  autoreconf -fi

 1408  ./configure --enable-examples

 1409  make

 1410  sudo make install

 1419  find . -name libcvtapi.so.1

 1420  sudo cp lib/.libs/* /lib64/

 1421  ./example_progs/ip_report --apikey xxxxx --report 106.38.75.154

 1422  sudo cp lib/.libs/* /lib/

 1423  ./example_progs/ip_report --apikey xxxx --report 106.38.75.154

结果:

main:84: rescan ret=0

Response:

{

    "resolutions": [

        {

            "last_resolved": "2017-12-20 00:00:00",

            "hostname": "testratmal.ddns.net"

        }

    ],

    "undetected_urls": [],

    "detected_downloaded_samples": [],

    "detected_urls": [

        {

            "scan_date": "2018-01-15 10:53:25",

            "url": "http://106.38.75.154/",

            "positives": 1,

            "total": 66

        },

        {

            "scan_date": "2017-12-20 15:23:43",

            "url": "http://testratmal.ddns.net/",

            "positives": 1,

            "total": 66

        }

    ],

    "undetected_downloaded_samples": [],

    "verbose_msg": "IP address in dataset",

    "response_code": 1,

    "as_owner": "China Networks Inter-Exchange",

    "country": "CN",

    "asn": "4847"

}

main:117: Cleanup

如果是使用python接口则pip install virustotal-api
然后:

from __future__ import print_function

import json

from virus_total_apis import PublicApi as VirusTotalPublicApi

API_KEY = '1?7?7440?eca037b88fd160ef6c8e04b69ba434bdd76ef2ab0ab52a567650157'

vt = VirusTotalPublicApi(API_KEY)

response = vt.get_ip_report("106.38.75.154")

print(json.dumps(response, sort_keys=False, indent=4))

???是你自己的api key,输出结果:

{

    "results": {

        "undetected_urls": [],

        "undetected_downloaded_samples": [],

        "detected_downloaded_samples": [],

        "response_code": 1,

        "as_owner": "China Networks Inter-Exchange",

        "detected_urls": [

            {

                "url": "http://106.38.75.154/",

                "positives": 1,

                "total": 66,

                "scan_date": "2018-01-15 10:53:25"

            },

            {

                "url": "http://testratmal.ddns.net/",

                "positives": 1,

                "total": 66,

                "scan_date": "2017-12-20 15:23:43"

            }

        ],

        "verbose_msg": "IP address in dataset",

        "country": "CN",

        "resolutions": [

            {

                "last_resolved": "2017-12-20 00:00:00",

                "hostname": "testratmal.ddns.net"

            }

        ],

        "asn": "4847"

    },

    "response_code": 200

}

alkdsjfalksjf abc 109321dlkaDsadfsa测试OK!

相关文章