# -*- coding: utf-8 -*-
# VirusTotal Mass Uploader v1.0
# Description: You should copy all malicious files to malwares folder and then run this program. It will submit/resubmit all files to VirusTotal and write report url to vt_report.txt
# Author: Mert SARICA
# E-mail: mert [ . ] sarica [ @ ] gmail [ . ] com
# URL: http://www.mertsarica.com
import os
import time
import locale
import httplib, mimetypes
import urllib
import urllib2
import simplejson
import sys
import hashlib
import datetime
debug = 0
# Define your VirusTotal API key!
vt_api_key = ""
reportfile = "vt_report.txt"
def report(fname, sha256, txt):
now = datetime.datetime.now()
time = now.strftime("%d-%m-%Y %H:%M")
file = open(reportfile, "a")
txt = str(time + "|" + fname + "|" + txt.encode("cp1254") + "|" + sha256 + "\n")
file.write(txt)
file.close()
def cls():
if sys.platform == 'linux-i386' or sys.platform == 'linux2':
os.system("clear")
elif sys.platform == 'win32':
os.system("cls")
else:
os.system("cls")
# Reference: https://raw.githubusercontent.com/Gawen/virustotal/master/virustotal.py
def post_multipart(host, selector, fields, files):
"""
Post fields and files to an http host as multipart/form-data.
fields is a sequence of (name, value) elements for regular form fields.
files is a sequence of (name, filename, value) elements for data to be uploaded as files
Return the server's response page.
Reference: https://raw.githubusercontent.com/Gawen/virustotal/master/virustotal.py
"""
content_type, body = encode_multipart_formdata(fields, files)
h = httplib.HTTPS(host)
h.putrequest('POST', selector)
h.putheader('content-type', content_type)
h.putheader('content-length', str(len(body)))
h.endheaders()
h.send(body)
errcode, errmsg, headers = h.getreply()
return h.file.read()
# Reference: https://raw.githubusercontent.com/Gawen/virustotal/master/virustotal.py
def encode_multipart_formdata(fields, files):
"""
fields is a sequence of (name, value) elements for regular form fields.
files is a sequence of (name, filename, value) elements for data to be uploaded as files
Return (content_type, body) ready for httplib.HTTP instance
"""
BOUNDARY = '----------ThIs_Is_tHe_bouNdaRY_$'
CRLF = '\r\n'
L = []
for (key, value) in fields:
L.append('--' + BOUNDARY)
L.append('Content-Disposition: form-data; name="%s"' % key)
L.append('')
L.append(value)
for (key, filename, value) in files:
L.append('--' + BOUNDARY)
L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename))
L.append('Content-Type: %s' % get_content_type(filename))
L.append('')
L.append(value)
L.append('--' + BOUNDARY + '--')
L.append('')
body = CRLF.join((bytes(i) for i in L))
content_type = 'multipart/form-data; boundary=%s' % BOUNDARY
return content_type, body
# Reference: https://raw.githubusercontent.com/Gawen/virustotal/master/virustotal.py
def get_content_type(filename):
return mimetypes.guess_type(filename)[0] or 'application/octet-stream'
def get_sha256(fname):
return hashlib.sha256(open(fname,'rb').read()).hexdigest()
def banner():
cls()
print "========================================================="
print u"VirusTotal Mass Uploader v1.0 [http://www.mertsarica.com]"
print "========================================================="
def usage():
print "Usage: You should copy all malicious files to malwares folder and then run this program. It will submit or resubmit all files to VirusTotal\n"
def vt_submit_file(fname, file_to_send):
host = "www.virustotal.com"
selector = "https://www.virustotal.com/vtapi/v2/file/scan"
fields = [("apikey", vt_api_key)]
files = [("file", fname, file_to_send)]
print "[*] Submitting", fname, "to VirusTotal"
json = post_multipart(host, selector, fields, files)
if debug:
print "Response:", json
response_dict = simplejson.loads(json)
permalink = str(response_dict.get('permalink'))
report(file, sha256, permalink)
if debug:
print "Permalink:", permalink
def vt_check_file(file, file_to_send, sha256):
url = "https://www.virustotal.com/vtapi/v2/file/rescan"
parameters = {"resource": sha256,
"apikey": vt_api_key}
data = urllib.urlencode(parameters)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
json = response.read()
if debug:
print "Response:", json
response_dict = simplejson.loads(json)
if int(response_dict.get('response_code')) == 0:
vt_submit_file(file, file_to_send)
else:
permalink = str(response_dict.get('permalink'))
report(file, sha256, permalink)
if debug:
print "[*] Resubmitted", file, "to VirusTotal", "(" + str(response_dict.get('permalink')) + ")"
else:
print "[*] Resubmitted", file, "to VirusTotal"
def main():
dir = os.getcwd() + "/malwares/"
files = [ f for f in os.listdir(dir) if os.path.isfile(dir+f) ]
for file in files:
sha256 = get_sha256(dir+file)
file_to_send = open(dir+file, "rb").read()
vt_check_file(file, file_to_send, sha256)
time.sleep(15)
if __name__ == "__main__":
banner()
if vt_api_key is "":
print "You should edit this file and define your VirusTotal API key!"
sys.exit(1)
main()
print "[*] Now, wait 30 minutes and then run vt_reporter.py"
sys.exit(1)
