Skip to content

Home

Jump to bottom Edit New page
doomedraven edited this page Oct 19, 2017 · 7 revisions

Welcome to the VirusTotalApi wiki!

You can see some usefull information how to use it as library.

return_raw vs return_json

  • return_raw will return raw json from vt
  • return_json will return only data specified, see keywords below for every function

Use as library with search_intelligence queries

Start
from vt import vt
# if you have vtconfig file in .vtapi or vtapi.conf
# this will be useful to not put vt apikey in script
# in case if it not any of this 2, then provide name of conf as value
# it must be on user home directory
vt_config = vt.read_conf() 
 
vt = vt.vtAPI('vt_apikey_here')
or 
vt = vt.vtAPI(vt_config.get('apikey')) # if you use vt.read_conf()
  1. This search only return list of matched md5 hashes
vt.getReport(**{
  'search_intelligence':True, 
  'hashes':True, 
  'return_json':True, 
  'value':['query_here']
})

OR shorten mode

vt.getReport(*['search_intelligence', 'hashes'], **{'return_json':True, 'value':['query_here']})
  1. Get all email from allinfo 
vt.getReport(*['detailed_email_parents], **{'return_json':True, 'value':['query_here'],'allinfo':1})

Funcion list for vt.func_name_here

  • fileScan
  • getDomain
  • getIP
  • getReport
  • url_scan_and_report
  • behaviour
  • clusters
  • comment
  • distribution
  • download
  • rescan

return_json keywords by Func

  • getReport

    • if search
      • ITW_urls
      • compressedview
      • detailed_email_parents
      • traffic_inspection
      • snort
      • suricata
      • wireshark_info
      • rombioscheck_info
      • rombios_generator_info
      • androidguard_info
    • search_intelligence, can be passed as keywords too
      • hashes

  • fileScan

    • Only return_raw

  • getDomain

    • categories
    • TrendMicro category
    • Websense ThreatSeeker category
    • BitDefender category
    • Dr.Web category
    • Alexa domain info
    • Alexa category
    • Alexa rank
    • Opera domain info
    • WOT domain info
    • Webutation domain info
    • whois
    • whois_timestamp
    • pcaps
    • resolutions
    • subdomains
    • domain_siblings
    • detected_urls
    • hashes # is alias, will return all this data below, but they can be used separated if you want some specific part only
      • detected_downloaded_samples
      • undetected_downloaded_samples
      • detected_communicated
      • undetected_communicating_samples
      • detected_referrer_samples
      • undetected_referrer_samples

  • getIP

    • asn
    • as_owner
    • country
    • resolutions
    • detected_downloaded_samples
    • undetected_downloaded_samples
    • detected_communicated
    • undetected_communicating_samples
    • detected_referrer_samples
    • undetected_referrer_samples
    • detected_urls

  • behaviour

    • info
    • behavior_network
    • behavior_process
    • behavior_summary

  • comment

    • Only return_raw

  • distribution

    • Only return_raw

  • download

    • Only return_raw, gives you posibility to get content of sample and save where you want :)
Add a custom footer
Add a custom sidebar
Clone this wiki locally