JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 Commits
17 Branches
34 MiB
 
 
 
Tree: 049d73ec21
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '049d73ec21'
${ noResults }
transfer.sh/transfersh-server/vendor/github.com/dutchcoders/go-virustotal/virustotal.go

362 lines
8.5 KiB
Raw Blame History 

  1. /*

  2. Open Source Initiative OSI - The MIT License (MIT):Licensing

  3. 

  4. The MIT License (MIT)

  5. Copyright (c) 2013 DutchCoders <http://github.com/dutchcoders/>

  6. 

  7. Permission is hereby granted, free of charge, to any person obtaining a copy of

  8. this software and associated documentation files (the "Software"), to deal in

  9. the Software without restriction, including without limitation the rights to

  10. use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies

  11. of the Software, and to permit persons to whom the Software is furnished to do

  12. so, subject to the following conditions:

  13. 

  14. The above copyright notice and this permission notice shall be included in all

  15. copies or substantial portions of the Software.

  16. 

  17. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  18. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  19. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  20. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  21. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  22. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  23. SOFTWARE.

  24. */

  25. 

  26. package virustotal

  27. 

  28. import (

  29. 	"bytes"

  30. 	"encoding/json"

  31. 	"fmt"

  32. 	"io"

  33. 	"io/ioutil"

  34. 	"mime/multipart"

  35. 	"net/http"

  36. 	"net/url"

  37. 	"path/filepath"

  38. 	"strings"

  39. )

  40. 

  41. type VirusTotal struct {

  42. 	apikey string

  43. }

  44. 

  45. type VirusTotalResponse struct {

  46. 	ResponseCode int    `json:"response_code"`

  47. 	Message      string `json:"verbose_msg"`

  48. }

  49. 

  50. type ScanResponse struct {

  51. 	VirusTotalResponse

  52. 

  53. 	ScanId    string `json:"scan_id"`

  54. 	Sha1      string `json:"sha1"`

  55. 	Resource  string `json:"resource"`

  56. 	Sha256    string `json:"sha256"`

  57. 	Permalink string `json:"permalink"`

  58. 	Md5       string `json:"md5"`

  59. }

  60. 

  61. type FileScan struct {

  62. 	Detected bool   `json:"detected"`

  63. 	Version  string `json:"version"`

  64. 	Result   string `json:"result"`

  65. 	Update   string `json:"update"`

  66. }

  67. 

  68. type ReportResponse struct {

  69. 	VirusTotalResponse

  70. 	Resource  string              `json:"resource"`

  71. 	ScanId    string              `json:"scan_id"`

  72. 	Sha1      string              `json:"sha1"`

  73. 	Sha256    string              `json:"sha256"`

  74. 	Md5       string              `json:"md5"`

  75. 	Scandate  string              `json:"scan_date"`

  76. 	Positives int                 `json:"positives"`

  77. 	Total     int                 `json:"total"`

  78. 	Permalink string              `json:"permalink"`

  79. 	Scans     map[string]FileScan `json:"scans"`

  80. }

  81. 

  82. func (sr *ScanResponse) String() string {

  83. 	return fmt.Sprintf("scanid: %s, resource: %s, permalink: %s, md5: %s", sr.ScanId, sr.Resource, sr.Permalink, sr.Md5)

  84. }

  85. 

  86. type ScanUrlResponse struct {

  87. 	ScanResponse

  88. }

  89. 

  90. type RescanResponse struct {

  91. 	ScanResponse

  92. }

  93. 

  94. func (sr *RescanResponse) String() string {

  95. 	return fmt.Sprintf("scanid: %s, resource: %s, permalink: %s, md5: %s", sr.ScanId, sr.Resource, sr.Permalink, sr.Md5)

  96. }

  97. 

  98. type DetectedUrl struct {

  99. 	ScanDate  string `json:"scan_date"`

  100. 	Url       string `json:"url"`

  101. 	Positives int    `json:"positives"`

  102. 	Total     int    `json:"total"`

  103. }

  104. 

  105. type Resolution struct {

  106. 	LastResolved string `json:"last_resolved"`

  107. 	Hostname     string `json:"hostname"`

  108. }

  109. 

  110. type IpAddressReportResponse struct {

  111. 	VirusTotalResponse

  112. 	Resolutions  []Resolution  `json:"resolutions"`

  113. 	DetectedUrls []DetectedUrl `json:"detected_urls"`

  114. }

  115. 

  116. type DomainReportResponse struct {

  117. 	VirusTotalResponse

  118. 	Resolutions  []Resolution  `json:"resolutions"`

  119. 	DetectedUrls []DetectedUrl `json:"detected_urls"`

  120. }

  121. 

  122. type CommentResponse struct {

  123. 	VirusTotalResponse

  124. }

  125. 

  126. func NewVirusTotal(apikey string) (*VirusTotal, error) {

  127. 	vt := &VirusTotal{apikey: apikey}

  128. 	return vt, nil

  129. }

  130. 

  131. func (vt *VirusTotal) DomainReport(domain string) (*DomainReportResponse, error) {

  132. 	u, err := url.Parse("https://www.virustotal.com/vtapi/v2/domain/report")

  133. 	u.RawQuery = url.Values{"apikey": {vt.apikey}, "domain": {domain}}.Encode()

  134. 

  135. 	resp, err := http.Get(u.String())

  136. 

  137. 	if err != nil {

  138. 		return nil, err

  139. 	}

  140. 

  141. 	defer resp.Body.Close()

  142. 

  143. 	contents, err := ioutil.ReadAll(resp.Body)

  144. 	if err != nil {

  145. 		return nil, err

  146. 	}

  147. 

  148. 	var domainReportResponse = &DomainReportResponse{}

  149. 

  150. 	err = json.Unmarshal(contents, &domainReportResponse)

  151. 

  152. 	return domainReportResponse, err

  153. }

  154. 

  155. func (vt *VirusTotal) ScanUrl(url2 *url.URL) (*ScanResponse, error) {

  156. 	u, err := url.Parse("https://www.virustotal.com/vtapi/v2/url/scan")

  157. 

  158. 	params := url.Values{"apikey": {vt.apikey}, "url": {url2.String()}}

  159. 

  160. 	resp, err := http.PostForm(u.String(), params)

  161. 

  162. 	if err != nil {

  163. 		return nil, err

  164. 	}

  165. 

  166. 	defer resp.Body.Close()

  167. 

  168. 	contents, err := ioutil.ReadAll(resp.Body)

  169. 

  170. 	if err != nil {

  171. 		return nil, err

  172. 	}

  173. 

  174. 	var scanResponse = &ScanResponse{}

  175. 

  176. 	err = json.Unmarshal(contents, &scanResponse)

  177. 

  178. 	return scanResponse, err

  179. }

  180. 

  181. func (vt *VirusTotal) Report(resource string) (*ReportResponse, error) {

  182. 	u, err := url.Parse("https://www.virustotal.com/vtapi/v2/file/report")

  183. 

  184. 	params := url.Values{"apikey": {vt.apikey}, "resource": {resource}}

  185. 

  186. 	resp, err := http.PostForm(u.String(), params)

  187. 

  188. 	if err != nil {

  189. 		return nil, err

  190. 	}

  191. 

  192. 	defer resp.Body.Close()

  193. 

  194. 	contents, err := ioutil.ReadAll(resp.Body)

  195. 

  196. 	if err != nil {

  197. 		return nil, err

  198. 	}

  199. 

  200. 	var reportResponse = &ReportResponse{}

  201. 

  202. 	err = json.Unmarshal(contents, &reportResponse)

  203. 

  204. 	return reportResponse, err

  205. }

  206. 

  207. func (vt *VirusTotal) ReportUrl(url2 *url.URL) (*ReportResponse, error) {

  208. 	params := url.Values{"apikey": {vt.apikey}, "resource": {url2.String()}}

  209. 

  210. 	u, err := url.Parse("https://www.virustotal.com/vtapi/v2/url/report")

  211. 

  212. 	resp, err := http.PostForm(u.String(), params)

  213. 

  214. 	if err != nil {

  215. 		return nil, err

  216. 	}

  217. 

  218. 	defer resp.Body.Close()

  219. 

  220. 	contents, err := ioutil.ReadAll(resp.Body)

  221. 

  222. 	if err != nil {

  223. 		return nil, err

  224. 	}

  225. 

  226. 	var reportResponse = &ReportResponse{}

  227. 

  228. 	err = json.Unmarshal(contents, &reportResponse)

  229. 

  230. 	return reportResponse, err

  231. }

  232. 

  233. func (vt *VirusTotal) Comment(resource string, comment string) (*CommentResponse, error) {

  234. 	u, err := url.Parse("https://www.virustotal.com/vtapi/v2/comments/put")

  235. 	params := url.Values{"apikey": {vt.apikey}, "resource": {resource}, "comment": {comment}}

  236. 

  237. 	resp, err := http.PostForm(u.String(), params)

  238. 

  239. 	if err != nil {

  240. 		return nil, err

  241. 	}

  242. 

  243. 	defer resp.Body.Close()

  244. 

  245. 	contents, err := ioutil.ReadAll(resp.Body)

  246. 

  247. 	if err != nil {

  248. 		return nil, err

  249. 	}

  250. 

  251. 	var commentResponse = &CommentResponse{}

  252. 

  253. 	err = json.Unmarshal(contents, &commentResponse)

  254. 

  255. 	return commentResponse, err

  256. }

  257. 

  258. func (vt *VirusTotal) IpAddressReport(ip string) (*IpAddressReportResponse, error) {

  259. 	u, err := url.Parse("http://www.virustotal.com/vtapi/v2/ip-address/report")

  260. 	u.RawQuery = url.Values{"apikey": {vt.apikey}, "ip": {ip}}.Encode()

  261. 

  262. 	resp, err := http.Get(u.String())

  263. 

  264. 	if err != nil {

  265. 		return nil, err

  266. 	}

  267. 

  268. 	defer resp.Body.Close()

  269. 

  270. 	contents, err := ioutil.ReadAll(resp.Body)

  271. 	if err != nil {

  272. 		return nil, err

  273. 	}

  274. 

  275. 	var ipAddressReportResponse = &IpAddressReportResponse{}

  276. 

  277. 	err = json.Unmarshal(contents, &ipAddressReportResponse)

  278. 

  279. 	return ipAddressReportResponse, err

  280. }

  281. 

  282. func (vt *VirusTotal) Rescan(hash []string) (*RescanResponse, error) {

  283. 	resource := strings.Join(hash, ",")

  284. 

  285. 	resp, err := http.PostForm("https://www.virustotal.com/vtapi/v2/file/rescan", url.Values{"apikey": {vt.apikey}, "resource": {resource}})

  286. 

  287. 	if err != nil {

  288. 		return nil, err

  289. 	}

  290. 

  291. 	defer resp.Body.Close()

  292. 

  293. 	contents, err := ioutil.ReadAll(resp.Body)

  294. 	if err != nil {

  295. 		return nil, err

  296. 	}

  297. 

  298. 	var rescanResponse = &RescanResponse{}

  299. 

  300. 	err = json.Unmarshal(contents, &rescanResponse)

  301. 

  302. 	return rescanResponse, err

  303. }

  304. 

  305. func (vt *VirusTotal) Scan(path string, file io.Reader) (*ScanResponse, error) {

  306. 	params := map[string]string{

  307. 		"apikey": vt.apikey,

  308. 	}

  309. 

  310. 	request, err := newfileUploadRequest("http://www.virustotal.com/vtapi/v2/file/scan", params, path, file)

  311. 

  312. 	if err != nil {

  313. 		return nil, err

  314. 	}

  315. 

  316. 	client := &http.Client{}

  317. 

  318. 	resp, err := client.Do(request)

  319. 	if err != nil {

  320. 		return nil, err

  321. 	}

  322. 

  323. 	defer resp.Body.Close()

  324. 

  325. 	contents, err := ioutil.ReadAll(resp.Body)

  326. 	if err != nil {

  327. 		return nil, err

  328. 	}

  329. 

  330. 	var scanResponse = &ScanResponse{}

  331. 	err = json.Unmarshal(contents, &scanResponse)

  332. 

  333. 	return scanResponse, err

  334. }

  335. 

  336. // Creates a new file upload http request with optional extra params

  337. func newfileUploadRequest(uri string, params map[string]string, path string, file io.Reader) (*http.Request, error) {

  338. 	body := &bytes.Buffer{}

  339. 	writer := multipart.NewWriter(body)

  340. 

  341. 	for key, val := range params {

  342. 		_ = writer.WriteField(key, val)

  343. 	}

  344. 

  345. 	part, err := writer.CreateFormFile("file", filepath.Base(path))

  346. 	if err != nil {

  347. 		return nil, err

  348. 	}

  349. 	_, err = io.Copy(part, file)

  350. 

  351. 	err = writer.Close()

  352. 

  353. 	if err != nil {

  354. 		return nil, err

  355. 	}

  356. 

  357. 	req, err := http.NewRequest("POST", uri, body)

  358. 

  359. 	req.Header.Set("Content-Type", writer.FormDataContentType())

  360. 	return req, err

  361. }