|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361 |
- /*
- Open Source Initiative OSI - The MIT License (MIT):Licensing
-
- The MIT License (MIT)
- Copyright (c) 2013 DutchCoders <http://github.com/dutchcoders/>
-
- Permission is hereby granted, free of charge, to any person obtaining a copy of
- this software and associated documentation files (the "Software"), to deal in
- the Software without restriction, including without limitation the rights to
- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
- of the Software, and to permit persons to whom the Software is furnished to do
- so, subject to the following conditions:
-
- The above copyright notice and this permission notice shall be included in all
- copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- SOFTWARE.
- */
-
- package virustotal
-
- import (
- "bytes"
- "encoding/json"
- "fmt"
- "io"
- "io/ioutil"
- "mime/multipart"
- "net/http"
- "net/url"
- "path/filepath"
- "strings"
- )
-
- type VirusTotal struct {
- apikey string
- }
-
- type VirusTotalResponse struct {
- ResponseCode int `json:"response_code"`
- Message string `json:"verbose_msg"`
- }
-
- type ScanResponse struct {
- VirusTotalResponse
-
- ScanId string `json:"scan_id"`
- Sha1 string `json:"sha1"`
- Resource string `json:"resource"`
- Sha256 string `json:"sha256"`
- Permalink string `json:"permalink"`
- Md5 string `json:"md5"`
- }
-
- type FileScan struct {
- Detected bool `json:"detected"`
- Version string `json:"version"`
- Result string `json:"result"`
- Update string `json:"update"`
- }
-
- type ReportResponse struct {
- VirusTotalResponse
- Resource string `json:"resource"`
- ScanId string `json:"scan_id"`
- Sha1 string `json:"sha1"`
- Sha256 string `json:"sha256"`
- Md5 string `json:"md5"`
- Scandate string `json:"scan_date"`
- Positives int `json:"positives"`
- Total int `json:"total"`
- Permalink string `json:"permalink"`
- Scans map[string]FileScan `json:"scans"`
- }
-
- func (sr *ScanResponse) String() string {
- return fmt.Sprintf("scanid: %s, resource: %s, permalink: %s, md5: %s", sr.ScanId, sr.Resource, sr.Permalink, sr.Md5)
- }
-
- type ScanUrlResponse struct {
- ScanResponse
- }
-
- type RescanResponse struct {
- ScanResponse
- }
-
- func (sr *RescanResponse) String() string {
- return fmt.Sprintf("scanid: %s, resource: %s, permalink: %s, md5: %s", sr.ScanId, sr.Resource, sr.Permalink, sr.Md5)
- }
-
- type DetectedUrl struct {
- ScanDate string `json:"scan_date"`
- Url string `json:"url"`
- Positives int `json:"positives"`
- Total int `json:"total"`
- }
-
- type Resolution struct {
- LastResolved string `json:"last_resolved"`
- Hostname string `json:"hostname"`
- }
-
- type IpAddressReportResponse struct {
- VirusTotalResponse
- Resolutions []Resolution `json:"resolutions"`
- DetectedUrls []DetectedUrl `json:"detected_urls"`
- }
-
- type DomainReportResponse struct {
- VirusTotalResponse
- Resolutions []Resolution `json:"resolutions"`
- DetectedUrls []DetectedUrl `json:"detected_urls"`
- }
-
- type CommentResponse struct {
- VirusTotalResponse
- }
-
- func NewVirusTotal(apikey string) (*VirusTotal, error) {
- vt := &VirusTotal{apikey: apikey}
- return vt, nil
- }
-
- func (vt *VirusTotal) DomainReport(domain string) (*DomainReportResponse, error) {
- u, err := url.Parse("https://www.virustotal.com/vtapi/v2/domain/report")
- u.RawQuery = url.Values{"apikey": {vt.apikey}, "domain": {domain}}.Encode()
-
- resp, err := http.Get(u.String())
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
-
- var domainReportResponse = &DomainReportResponse{}
-
- err = json.Unmarshal(contents, &domainReportResponse)
-
- return domainReportResponse, err
- }
-
- func (vt *VirusTotal) ScanUrl(url2 *url.URL) (*ScanResponse, error) {
- u, err := url.Parse("https://www.virustotal.com/vtapi/v2/url/scan")
-
- params := url.Values{"apikey": {vt.apikey}, "url": {url2.String()}}
-
- resp, err := http.PostForm(u.String(), params)
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
-
- if err != nil {
- return nil, err
- }
-
- var scanResponse = &ScanResponse{}
-
- err = json.Unmarshal(contents, &scanResponse)
-
- return scanResponse, err
- }
-
- func (vt *VirusTotal) Report(resource string) (*ReportResponse, error) {
- u, err := url.Parse("https://www.virustotal.com/vtapi/v2/file/report")
-
- params := url.Values{"apikey": {vt.apikey}, "resource": {resource}}
-
- resp, err := http.PostForm(u.String(), params)
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
-
- if err != nil {
- return nil, err
- }
-
- var reportResponse = &ReportResponse{}
-
- err = json.Unmarshal(contents, &reportResponse)
-
- return reportResponse, err
- }
-
- func (vt *VirusTotal) ReportUrl(url2 *url.URL) (*ReportResponse, error) {
- params := url.Values{"apikey": {vt.apikey}, "resource": {url2.String()}}
-
- u, err := url.Parse("https://www.virustotal.com/vtapi/v2/url/report")
-
- resp, err := http.PostForm(u.String(), params)
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
-
- if err != nil {
- return nil, err
- }
-
- var reportResponse = &ReportResponse{}
-
- err = json.Unmarshal(contents, &reportResponse)
-
- return reportResponse, err
- }
-
- func (vt *VirusTotal) Comment(resource string, comment string) (*CommentResponse, error) {
- u, err := url.Parse("https://www.virustotal.com/vtapi/v2/comments/put")
- params := url.Values{"apikey": {vt.apikey}, "resource": {resource}, "comment": {comment}}
-
- resp, err := http.PostForm(u.String(), params)
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
-
- if err != nil {
- return nil, err
- }
-
- var commentResponse = &CommentResponse{}
-
- err = json.Unmarshal(contents, &commentResponse)
-
- return commentResponse, err
- }
-
- func (vt *VirusTotal) IpAddressReport(ip string) (*IpAddressReportResponse, error) {
- u, err := url.Parse("http://www.virustotal.com/vtapi/v2/ip-address/report")
- u.RawQuery = url.Values{"apikey": {vt.apikey}, "ip": {ip}}.Encode()
-
- resp, err := http.Get(u.String())
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
-
- var ipAddressReportResponse = &IpAddressReportResponse{}
-
- err = json.Unmarshal(contents, &ipAddressReportResponse)
-
- return ipAddressReportResponse, err
- }
-
- func (vt *VirusTotal) Rescan(hash []string) (*RescanResponse, error) {
- resource := strings.Join(hash, ",")
-
- resp, err := http.PostForm("https://www.virustotal.com/vtapi/v2/file/rescan", url.Values{"apikey": {vt.apikey}, "resource": {resource}})
-
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
-
- var rescanResponse = &RescanResponse{}
-
- err = json.Unmarshal(contents, &rescanResponse)
-
- return rescanResponse, err
- }
-
- func (vt *VirusTotal) Scan(path string, file io.Reader) (*ScanResponse, error) {
- params := map[string]string{
- "apikey": vt.apikey,
- }
-
- request, err := newfileUploadRequest("http://www.virustotal.com/vtapi/v2/file/scan", params, path, file)
-
- if err != nil {
- return nil, err
- }
-
- client := &http.Client{}
-
- resp, err := client.Do(request)
- if err != nil {
- return nil, err
- }
-
- defer resp.Body.Close()
-
- contents, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
-
- var scanResponse = &ScanResponse{}
- err = json.Unmarshal(contents, &scanResponse)
-
- return scanResponse, err
- }
-
- // Creates a new file upload http request with optional extra params
- func newfileUploadRequest(uri string, params map[string]string, path string, file io.Reader) (*http.Request, error) {
- body := &bytes.Buffer{}
- writer := multipart.NewWriter(body)
-
- for key, val := range params {
- _ = writer.WriteField(key, val)
- }
-
- part, err := writer.CreateFormFile("file", filepath.Base(path))
- if err != nil {
- return nil, err
- }
- _, err = io.Copy(part, file)
-
- err = writer.Close()
-
- if err != nil {
- return nil, err
- }
-
- req, err := http.NewRequest("POST", uri, body)
-
- req.Header.Set("Content-Type", writer.FormDataContentType())
- return req, err
- }
|