我正在尝试构建某种额外的安全性来检查文件的md5哈希并使用virustotal.com的搜索来检查文件是否已经被扫描(哈希匹配)并被检测到。问题是他们的页面有不可读的HTML代码。我听说Html Agility Pack可以完成这项工作。
HtmlWeb web = new HtmlWeb();
HtmlDocument document = web.Load("https://virustotal.com/#/file/" + md5hash "/detection");
但是,我看到的每个Html Agility Pack示例都是关于HTML代码的。知道我该怎么做吗?
答案 0 :(得分:1)
您不需要解析VirusTotal的HTML,它们具有旨在由计算机处理的API端点。可以在https://developers.virustotal.com/v2.0/reference
找到该文档您甚至可以使用现有的库,通过NuGet包VirusTotal.NET为您包装所有内容,这样您就可以调用一个类并且它可以正常工作。
以下是图书馆GitHub页面中如何使用它的示例
using System;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using VirusTotalNET.Objects;
using VirusTotalNET.ResponseCodes;
using VirusTotalNET.Results;
namespace VirusTotalNET.Client
{
class Program
{
private const string ScanUrl = "http://www.google.com/";
static void Main(string[] args)
{
RunExample().Wait();
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
private static void PrintScan(UrlScanResult scanResult)
{
Console.WriteLine("Scan ID: " + scanResult.ScanId);
Console.WriteLine("Message: " + scanResult.VerboseMsg);
Console.WriteLine();
}
private static void PrintScan(ScanResult scanResult)
{
Console.WriteLine("Scan ID: " + scanResult.ScanId);
Console.WriteLine("Message: " + scanResult.VerboseMsg);
Console.WriteLine();
}
private static void PrintScan(FileReport fileReport)
{
Console.WriteLine("Scan ID: " + fileReport.ScanId);
Console.WriteLine("Message: " + fileReport.VerboseMsg);
if (fileReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair<string, ScanEngine> scan in fileReport.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
}
Console.WriteLine();
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair<string, ScanEngine> scan in urlReport.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
}
Console.WriteLine();
}
}
}