Ejemplo n.º 1
0
        //API 부분
        private static async Task runAPI()
        {
            VirusTotal virusTotal = new VirusTotal("e94b6cd868bd18f84b422f0e5e3e353b794410c0e7449af2d946e346b92c1662");

            //https 사용
            virusTotal.UseTLS = true;

            UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);

            hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;



            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);

                //PrintScan(urlResult);
                await Task.Delay(500);
            }
        }
Ejemplo n.º 2
0
        private static async Task runAPI()
        {
            VirusTotal virusTotal = new VirusTotal("7c2ea7a71fa28fe564f9d6ffb63ac6ca11984067052e2fa40bc9cdec24d232f7");

            //https 사용
            virusTotal.UseTLS = true;

            UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);

            hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;



            //바이러스 토탈에서 과거 분석 내역 있으면 과거 분석 내역 갖고오기
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);

                //PrintScan(urlResult);
                await Task.Delay(500);
            }
        }
Ejemplo n.º 3
0
        static void Main(string[] args)
        {
            VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            FileInfo fileInfo = new FileInfo("testfile.txt");

            //Create a new file
            File.WriteAllText(fileInfo.FullName, "This is a test file!");

            //Check if the file has been scanned before.
            Report fileReport = virusTotal.GetFileReport(fileInfo).First();

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == 1;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                ScanResult fileResult = virusTotal.ScanFile(fileInfo);
                PrintScan(fileResult);
            }

            Console.WriteLine();

            Report urlReport = virusTotal.GetUrlReport(ScanUrl).First();

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == 1;

            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                List <ScanResult> urlResults = virusTotal.ScanUrl(ScanUrl);
                urlResults.ForEach(PrintScan);
            }

            Console.WriteLine("Press a key to continue");
            Console.ReadLine();
        }
Ejemplo n.º 4
0
        static void Main(string[] args)
        {
            VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
            FileInfo fileInfo = new FileInfo("EICAR.txt");

            File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

            //Check if the file has been scanned before.
            Report fileReport = virusTotal.GetFileReport(fileInfo);

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                ScanResult fileResult = virusTotal.ScanFile(fileInfo);
                PrintScan(fileResult);
            }

            Console.WriteLine();

            Report urlReport = virusTotal.GetUrlReport(ScanUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
                PrintScan(urlResult);
            }

            Console.WriteLine("Press a key to continue");
            Console.ReadLine();
        }
Ejemplo n.º 5
0
        private static async Task RunExample()
        {
            VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
            FileInfo fileInfo = new FileInfo("EICAR.txt");

            File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

            //Check if the file has been scanned before.
            FileReport fileReport = await virusTotal.GetFileReport(fileInfo);

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                ScanResult fileResult = await virusTotal.ScanFile(fileInfo);

                PrintScan(fileResult);
            }

            Console.WriteLine();

            UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);

                PrintScan(urlResult);
            }
        }
Ejemplo n.º 6
0
        static void Main(string[] args)
        {
            VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
            FileInfo fileInfo = new FileInfo("EICAR.txt");
            File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

            //Check if the file has been scanned before.
            FileReport fileReport = virusTotal.GetFileReport(fileInfo);

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                ScanResult fileResult = virusTotal.ScanFile(fileInfo);
                PrintScan(fileResult);
            }

            Console.WriteLine();

            UrlReport urlReport = virusTotal.GetUrlReport(ScanUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
                PrintScan(urlResult);
            }

            Console.WriteLine("Press a key to continue");
            Console.ReadLine();
        }
Ejemplo n.º 7
0
        private static async Task RunExample()
        {
            VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
            FileInfo fileInfo = new FileInfo("EICAR.txt");
            File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

            //Check if the file has been scanned before.
            FileReport fileReport = await virusTotal.GetFileReport(fileInfo);

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
                PrintScan(fileResult);
            }

            Console.WriteLine();

            UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
                PrintScan(urlResult);
            }
        }
Ejemplo n.º 8
0
        //==================== UNUSED CODE====================

        #region Unused code

        #region malicious/suspicious checking; add to beforeRequest before/after checkBlackList

        /*
         * AddtoHostList(hostname); //hardcoding of suspicious & malicious hosts
         *
         #region checking if urlhostlist has checked host before
         * for (int i = 0; i < URLHostList.Count; i++)
         * {
         *  if (URLHostList.ToString().Contains(hostname))
         *  {
         *      string element = URLHostList[i].ToString();
         *      if (element.Contains("1"))
         *      {
         *          checkSafeInt = 1; //safe
         *      }
         *      else if (element.Contains("2"))
         *      {
         *          checkSafeInt = 2; //suspicious
         *      }
         *      else if (element.Contains("3"))
         *      {
         *          checkSafeInt = 3; //malicious
         *      }
         *      else
         *          checkSafeInt = 0; //not checked
         *  }
         * }
         #endregion
         *
         * if (checkSafeInt == 3) //site is unsafe
         * {
         *  oSession.Abort();
         *  Console.WriteLine("** Session Aborted");
         *
         *  //update datagrid of failure
         *  dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
         *  {
         *      DataObject newDataObject = new DataObject()
         *      { A = oSession.id.ToString(), B = oSession.url, C = oSession.hostname, D = oSession.fullUrl, E = oSession.state.ToString() };
         *      DataObjects.Add(newDataObject);
         *      dataGrid1.Items.Add(newDataObject);
         *      Console.WriteLine("Add to DataObject");
         *
         *  }));
         * }
         * else if (checkSafeInt == 2)//site may be compromised
         * {
         *  //pause thread to ask to proceed
         *  MessageBoxResult result = MessageBox.Show(
         *      "This URL is potentially compromised, do you wish to proceed?",
         *      "SecureNet",
         *      MessageBoxButton.YesNo,
         *      MessageBoxImage.Warning);
         *
         *  switch (result)
         *  {
         *      case MessageBoxResult.Yes:
         *          {
         *
         *          }
         *          //user assume is safe
         *          break;
         *      case MessageBoxResult.No:
         *          {
         *              oSession.Abort();
         *              Console.WriteLine("** Session Aborted");
         *
         *              //update datagrid of failure
         *              dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
         *              {
         *                  DataObject newDataObject = new DataObject()
         *                  {
         *                      A = oSession.id.ToString(),
         *                      B = oSession.url,
         *                      C = oSession.hostname,
         *                      D = oSession.fullUrl,
         *                      E = oSession.state.ToString()
         *                  };
         *                  DataObjects.Add(newDataObject);
         *                  dataGrid1.Items.Add(newDataObject);
         *                  Console.WriteLine("Add to DataObject");
         *              }));
         *              break;
         *          }
         *  }
         * }
         * else //site is safe
         * {
         *  //do nothing, proceed to after session
         *  return;
         * }*/
        #endregion

        #region VirusTotal Scanning -> Not completed as unable to check if it works due to public API constraints
        public async void VirusTotalURLScan(string shortUrl, string hostname)
        {
            VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());

            vt.UseTLS = true;
            UrlReport urlReport = await vt.GetUrlReport(shortUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;

            if (hasUrlBeenScannedBefore)
            {
                ReviewScan(urlReport);
            }
            else
            {
                UrlScanResult urlResult = await vt.ScanUrl(shortUrl);

                NewScan(urlResult, hostname);
            }
        }
Ejemplo n.º 9
0
        private void button2_Click(object sender, EventArgs e)
        {
            VirusTotal   virusTotal    = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);
            string       ScanUrl       = textBox2.Text;
            Report       urlReport     = virusTotal.GetUrlReport(ScanUrl);
            DialogResult dialogresult2 = MessageBox.Show("File has been scan before: ", " hasFileBeenScannedBefore", MessageBoxButtons.YesNo);

            //If the url has been scanned before, the results are embedded inside the report.
            if (dialogresult2 == DialogResult.Yes)
            {
                PrintScan(urlReport);
                string str = urlReport.Resource;


                string[] splitedStrings = str.Split('-');
                string   requestedValue = splitedStrings[0];
                textBox4.Text = requestedValue;

                foreach (ScanEngine scan in urlReport.Scans)
                {
                    string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
                    listView1.Items.Add("Detect:").SubItems.AddRange(row1);
                }
            }
            else
            {
                ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
                PrintScan(urlResult);
                string str = urlReport.ScanId;

                string[] splitedStrings = str.Split('-');
                string   requestedValue = splitedStrings[0];
                textBox4.Text = requestedValue;

                foreach (ScanEngine scan in urlReport.Scans)
                {
                    string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
                    listView1.Items.Add("Detect:").SubItems.AddRange(row1);
                }
            }
        }
Ejemplo n.º 10
0
        /// <summary>
        /// URL Scan
        /// </summary>
        /// <param name="urlText"></param>
        public async void startVTAsyncURL(string urlText)
        {
            if (urlText.Contains("."))
            {
                using (new WaitCursor())
                {
                    //If textbox empty, won't scan
                    if (string.IsNullOrEmpty((ScanTxtBox.Text)))
                    {
                        return;
                    }

                    VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
                    vt.UseTLS = true;
                    UrlReport urlReport = await vt.GetUrlReport(urlText);

                    bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;

                    Console.WriteLine(hasUrlBeenScannedBefore);
                    Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
                    MessageBox.Show(urlText + " has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

                    //If the url has been scanned before, the results are embedded inside the report.
                    if (hasUrlBeenScannedBefore)
                    {
                        PrintScan(urlReport, urlText);
                    }
                    else
                    {
                        UrlScanResult urlResult = await vt.ScanUrl(urlText);

                        PrintScan(urlResult);
                    }
                }
            }
            else
            {
                MessageBox.Show("Invalid link", "SecureNet");
            }
        }
Ejemplo n.º 11
0
 private static void UrlScan(string url)
 {
     try
     {
         VirusTotal virusTotal = new VirusTotal(api_key);
         virusTotal.UseTLS = true;
         UrlReport urlReport = virusTotal.GetUrlReport(url);
         bool      hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
         Console.WriteLine("File has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
         if (hasUrlBeenScannedBefore)
         {
             PrintScan(urlReport);
         }
         else
         {
             ScanResult urlResult = virusTotal.ScanUrl(url);
             PrintScan(urlResult);
         }
     }
     catch (Exception e)
     {
         Console.WriteLine(e.Message);
     }
 }
Ejemplo n.º 12
0
    private static List<UrlReport> ParseUrl(IEnumerable<string> sURL)
    {

      //The below is a placeholder for when this will be encrypted.
      //var sAcek = xfidoconf.getVarSet("securityfeed").getVarSet("virustotal").getString("acek", null);
      var sVTKey = Object_Fido_Configs.GetAsString("fido.securityfeed.virustotal.apikey", null);
      var vtLogin = new VirusTotal(sVTKey);
      var isRateLimited = Object_Fido_Configs.GetAsBool("fido.securityfeed.virustotal.ratelimited", false);
      List<UrlReport> sVirusTotalUrl = null;
      var sVTURLreturn = new List<UrlReport>();
      var newurl = string.Empty;
      var url = sURL as IList<string> ?? sURL.ToList();
      var fidoDB = new SqLiteDB();
      var isPaidFeed = Convert.ToBoolean(fidoDB.ExecuteScalar("Select paid_feed from configs_threatfeed_virustotal"));

      try
      {
        if (sURL != null)
        {
          for (var i = 0; i < url.Count(); i++)
          {

            if (!url[i].Contains("http://"))
            {
              newurl = "http://" + url[i];
            }
            else
            {
              newurl = url[i];
            }

            if (!isPaidFeed) Thread.Sleep(15000); 
            var sVTURLtemp = new List<UrlReport> { vtLogin.GetUrlReport(newurl) };
            if (!isPaidFeed) Thread.Sleep(20000); 
            var icount = 1;
            if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
            {
              Console.WriteLine(sVTURLtemp[0].VerboseMsg);
              Console.WriteLine(newurl);
              sVTURLreturn.Add(sVTURLtemp[0]);
              continue;
            }
            while (sVTURLtemp[0].VerboseMsg == "The requested resource is not among the finished, queued or pending scans" && icount <= 3)
            {
              Console.WriteLine(sVTURLtemp[0].VerboseMsg);
              Console.WriteLine(newurl);
              sVTURLtemp.RemoveAt(0);
              vtLogin.ScanUrl(newurl);
              //todo: move sleep integer to db
              Thread.Sleep(120000);
              icount++;
              sVTURLtemp.Add(vtLogin.GetUrlReport(newurl));
              if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
              {
                Console.WriteLine(sVTURLtemp[0].VerboseMsg);
                Console.WriteLine(newurl);
                sVTURLreturn.Add(sVTURLtemp[0]);
              }
            }
            //if (icount == 1)
            //{
            //  sVTURLreturn.Add(sVTURLtemp[0]);
            //}
          }
          if (sVTURLreturn.Any())
          {
            sVirusTotalUrl = sVTURLreturn;
            return sVirusTotalUrl;
          }
        }
      }
      catch (Exception e)
      {
        if (e.Message == "You have reached the 5 requests pr. min. limit of VirusTotal")
        {
          if (!isPaidFeed) Thread.Sleep(60000);
          sVirusTotalUrl = ParseUrl(url);
          return sVirusTotalUrl;
        }

        Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in VT URL area:" + e);
      }
      return sVirusTotalUrl;
    }
Ejemplo n.º 13
0
        public async Task ScanUnknownUrl()
        {
            UrlScanResult fileResult = await VirusTotal.ScanUrl("VirusTotal.NET" + Guid.NewGuid() + ".com");

            Assert.Equal(ScanResponseCode.Queued, fileResult.ResponseCode);
        }
Ejemplo n.º 14
0
        public async Task ScanKnownUrl()
        {
            UrlScanResult fileResult = await VirusTotal.ScanUrl("google.com");

            Assert.Equal(ScanResponseCode.Queued, fileResult.ResponseCode);
        }
Ejemplo n.º 15
0
        public void ScanKnownUrl()
        {
            ScanResult fileResult = _virusTotal.ScanUrl("google.com");

            Assert.AreEqual(ScanResponseCode.Queued, fileResult.ResponseCode);
        }
Ejemplo n.º 16
0
        private void button1_Click(object sender, EventArgs e)
        {
            VirusTotal virusTotal = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);

            //Use HTTPS instead of HTTP
            virusTotal.UseTLS = true;

            //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
            string chosenfile = "";

            openFileDialog1.InitialDirectory = "C:";
            openFileDialog1.Title            = "insert file";
            openFileDialog1.FileName         = "";
            openFileDialog1.ShowDialog();
            chosenfile    = openFileDialog1.FileName;
            textBox1.Text = chosenfile;


            FileInfo fileInfo = new FileInfo(textBox1.Text);

            File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

            //Check if the file has been scanned before.
            VirusTotalNET.Objects.Report fileReport = virusTotal.GetFileReport(fileInfo);

            bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));

            //If the file has been scanned before, the results are embedded inside the report.
            if (hasFileBeenScannedBefore)
            {
                PrintScan(fileReport);
            }
            else
            {
                VirusTotalNET.Objects.ScanResult fileResult = virusTotal.ScanFile(fileInfo);
                PrintScan(fileResult);
            }

            Console.WriteLine();

            Report urlReport = virusTotal.GetUrlReport(ScanUrl);

            bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;

            Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));

            //If the url has been scanned before, the results are embedded inside the report.
            if (hasUrlBeenScannedBefore)
            {
                PrintScan(urlReport);
            }
            else
            {
                ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
                PrintScan(urlResult);
            }

            Console.WriteLine("Press a key to continue");
            Console.ReadLine();
        }