如何使此代码正常工作以确定VirusTotal输出是否是恶意的?

时间:2018-07-23 16:48:35

标签: python json python-3.x

我有一些代码可以确定VirusTotal输出的有关某个域的.txt文件的内容是恶意的还是良性的。但是,此代码不起作用。如果有人可以使该代码正常工作,我将不胜感激!我想将结果导出到带有结果列的csv文件。如果某个域有任何正面结果,我想返回True值,否则我想在结果列中返回false。

import csv
import json
import pprint
import sys


TOPCERTPATH = 'TopScoringCERTS_clean.txt'
BOTTOMCERTPATH = 'BottomScoringCERTS_clean.txt'
TOPCSVPATH = 'TopScoringResults.csv'
BOTTOMCSVPATH = 'BottomScoringResults.csv'
VTOUTPUTPATH = './output/'
VTOUTPUTEXT = '.txt'


pp = pprint.PrettyPrinter(indent=4)


# Check files from VirusTotal queries for any positive results
# Result is false unless any nonzero positive result is true
def vt_result_check(vt_result_path):
    vt_result = None
    try:
        vt_result = False
        with open(vt_result_path) as vt_result_file:
            vt_data = json.load(vt_result_file)

            # Look for any positive detected referrer samples
            try:
                for sample in (vt_data['detected_referrer_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected communicating samples
            try:
                for sample in (vt_data['detected_communicating_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected downloaded samples
            try:
                for sample in (vt_data['detected_downloaded_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected URLs
            try:
                for sample in (vt_data['detected_urls']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for a Dr. Web category of known infection source
            try:
                if (vt_data['Dr.Web category'] == "known infection source"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of elevated exposure
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "elevated exposure"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of phishing and other frauds
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "phishing and other frauds"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of suspicious content
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "suspicious content"):
                    vt_result = True
            except:
                pass

            #pp.pprint(vt_data)
    except:
        pass
    return vt_result

0 个答案:

没有答案
相关问题
最新问题