我正在尝试格式化VirusTotal API的json输出,以便在一个概述中为我提供所有相关数据。可以像这样通过curl调用VirusTotal API(您需要先注册API密钥,传递的数据是您怀疑是恶意软件的文件的哈希值):
curl --silent https://www.virustotal.com/vtapi/v2/file/report -F apikey=$VTAPI -F resource=b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b
,输出在json中。因此,jq是使人类可读的前进方式:
curl --silent https://www.virustotal.com/vtapi/v2/file/report -F apikey=$VTAPI -F resource=b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b | jq "."
如下所示(11个引擎将文件检测为恶意软件, 检查永久链接URL,在VT网站上查看详细信息):
{
"scans": {
"Bkav": {
"detected": false,
"version": "1.3.0.9899",
"result": null,
"update": "20200418"
},
"TotalDefense": {
"detected": false,
... etc.
"resource": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"response_code": 1,
"scan_date": "2020-04-18 12:36:44",
"permalink": "https://www.virustotal.com/file/b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b/analysis/1587213404/",
"verbose_msg": "Scan finished, information embedded",
"total": 61,
"positives": 11,
"sha256": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"md5": "a860ff8b038de1ab70706163f4adf955"
}
我将完整的json VT输出放到pastebin
我想要的是仅显示已检测到== true的记录 并以一种方式显示所有相关信息的格式: 无需向后滚动。 我可以制作一个perl脚本来执行此操作,但是由于jq如此强大,我希望也可以合并其中的所有内容? 理想情况是这样:
MicroWorld-eScan 14.0.409.0 20200418 Trojan.GenericKD.42992262
McAfee 6.0.6.653 20200417 Artemis!A860FF8B038D
...
"scan_id": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b-1587213404",
"sha1": "155f680dfc91b0f90976c0892bb883f7a360e041",
"resource": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"response_code": 1,
"scan_date": "2020-04-18 12:36:44",
"permalink": "https://www.virustotal.com/file/b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b/analysis/1587213404/",
"verbose_msg": "Scan finished, information embedded",
"total": 61,
"positives": 11,
"sha256": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"md5": "a860ff8b038de1ab70706163f4adf955"
我用jq尝试了一些东西,但距离不是很远:(
% jq '.scans[] | "\(.detected)" + " " + .result' vt-json.txt | grep -v false
"true Trojan.GenericKD.42992262"
"true Artemis!A860FF8B038D"
"true Trojan.Generic.D2900286"
"true Trojan.GenericKD.42992262"
"true Trojan.PDF.Generic.O!c"
"true Trojan.GenericKD.42992262"
"true Trojan.GenericKD.42992262 (B)"
"true Artemis"
"true malware (ai score=86)"
"true Trojan.GenericKD.42992262"
"true Trojan.GenericKD.42992262"
和
jq '. | select( .scans[].detected == true ) | .result ' vt-json.txt
null
null
null
null
null
null
null
null
null
null
null
在此先感谢您的帮助。 埃瓦尔德...
答案 0 :(得分:0)
与此类似,您可能会得到与您所显示的输出接近的输出,但在有效的json中。
jq '
.scans |= with_entries(
select(.value.detected)
| .value |= .version + " / " + .update + " / " + .result
)
' vt-json.txt
{
"scans": {
"MicroWorld-eScan": "14.0.409.0 / 20200418 / Trojan.GenericKD.42992262",
"McAfee": "6.0.6.653 / 20200417 / Artemis!A860FF8B038D",
"Arcabit": "1.0.0.870 / 20200418 / Trojan.Generic.D2900286",
"BitDefender": "7.2 / 20200418 / Trojan.GenericKD.42992262",
"AegisLab": "4.2 / 20200418 / Trojan.PDF.Generic.O!c",
"Ad-Aware": "3.0.5.370 / 20200418 / Trojan.GenericKD.42992262",
"Emsisoft": "2018.12.0.1641 / 20200418 / Trojan.GenericKD.42992262 (B)",
"McAfee-GW-Edition": "v2017.3010 / 20200418 / Artemis",
"MAX": "2019.9.16.1 / 20200418 / malware (ai score=86)",
"ALYac": "1.1.1.5 / 20200418 / Trojan.GenericKD.42992262",
"GData": "A:25.25440B:26.18419 / 20200418 / Trojan.GenericKD.42992262"
},
"scan_id": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b-1587213404",
"sha1": "155f680dfc91b0f90976c0892bb883f7a360e041",
"resource": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"response_code": 1,
"scan_date": "2020-04-18 12:36:44",
"permalink": "https://www.virustotal.com/file/b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b/analysis/1587213404/",
"verbose_msg": "Scan finished, information embedded",
"total": 61,
"positives": 11,
"sha256": "b2349998571ab733d4ee0ca8a82afa614527aec75679569a91940631851c3d2b",
"md5": "a860ff8b038de1ab70706163f4adf955"
}
过滤器select(.value.detected)删除未检测到任何东西的工具,而过滤器.version + " / " + .update + " / " + .result则在检测到肯定结果时格式化输出。