private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("7c2ea7a71fa28fe564f9d6ffb63ac6ca11984067052e2fa40bc9cdec24d232f7");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//바이러스 토탈에서 과거 분석 내역 있으면 과거 분석 내역 갖고오기
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
//API 부분
private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("e94b6cd868bd18f84b422f0e5e3e353b794410c0e7449af2d946e346b92c1662");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
public async Task GetReportKnownUrl()
{
IgnoreMissingJson("scans.ADMINUSLabs / Detail", "scans.ADMINUSLabs / Update", "scans.ADMINUSLabs / Version", "scans.AlienVault / Detail", "scans.AlienVault / Update", "scans.AlienVault / Version", "scans.Antiy-AVL / Detail", "scans.Antiy-AVL / Update", "scans.Antiy-AVL / Version", "scans.AutoShun / Detail", "scans.AutoShun / Update", "scans.AutoShun / Version", "scans.Avira / Detail", "scans.Avira / Update", "scans.Avira / Version", "scans.Baidu-International / Detail", "scans.Baidu-International / Update", "scans.Baidu-International / Version", "scans.BitDefender / Detail", "scans.BitDefender / Update", "scans.BitDefender / Version", "scans.Blueliv / Detail", "scans.Blueliv / Update", "scans.Blueliv / Version", "scans.Certly / Detail", "scans.Certly / Update", "scans.Certly / Version", "scans.C-SIRT / Detail", "scans.C-SIRT / Update", "scans.C-SIRT / Version", "scans.CyberCrime / Detail", "scans.CyberCrime / Update", "scans.CyberCrime / Version", "scans.Emsisoft / Detail", "scans.Emsisoft / Update", "scans.Emsisoft / Version", "scans.ESET / Detail", "scans.ESET / Update", "scans.ESET / Version", "scans.Fortinet / Detail", "scans.Fortinet / Update", "scans.Fortinet / Version", "scans.FraudScore / Detail", "scans.FraudScore / Update", "scans.FraudScore / Version", "scans.FraudSense / Detail", "scans.FraudSense / Update", "scans.FraudSense / Version", "scans.G-Data / Detail", "scans.G-Data / Update", "scans.G-Data / Version", "scans.K7AntiVirus / Detail", "scans.K7AntiVirus / Update", "scans.K7AntiVirus / Version", "scans.Kaspersky / Detail", "scans.Kaspersky / Update", "scans.Kaspersky / Version", "scans.Malekal / Detail", "scans.Malekal / Update", "scans.Malekal / Version", "scans.Malwared / Detail", "scans.Malwared / Update", "scans.Malwared / Version", "scans.MalwareDomainList / Update", "scans.MalwareDomainList / Version", "scans.MalwarePatrol / Detail", "scans.MalwarePatrol / Update", "scans.MalwarePatrol / Version", "scans.Netcraft / Detail", "scans.Netcraft / Update", "scans.Netcraft / Version", "scans.Nucleon / Detail", "scans.Nucleon / Update", "scans.Nucleon / Version", "scans.OpenPhish / Detail", "scans.OpenPhish / Update", "scans.OpenPhish / Version", "scans.Opera / Detail", "scans.Opera / Update", "scans.Opera / Version", "scans.ParetoLogic / Detail", "scans.ParetoLogic / Update", "scans.ParetoLogic / Version", "scans.PhishLabs / Detail", "scans.PhishLabs / Update", "scans.PhishLabs / Version", "scans.Phishtank / Detail", "scans.Phishtank / Update", "scans.Phishtank / Version", "scans.Quttera / Detail", "scans.Quttera / Update", "scans.Quttera / Version", "scans.Rising / Detail", "scans.Rising / Update", "scans.Rising / Version", "scans.SecureBrain / Detail", "scans.SecureBrain / Update", "scans.SecureBrain / Version", "scans.securolytics / Detail", "scans.securolytics / Update", "scans.securolytics / Version", "scans.Sophos / Detail", "scans.Sophos / Update", "scans.Sophos / Version", "scans.Spam404 / Detail", "scans.Spam404 / Update", "scans.Spam404 / Version", "scans.StopBadware / Detail", "scans.StopBadware / Update", "scans.StopBadware / Version", "scans.Tencent / Detail", "scans.Tencent / Update", "scans.Tencent / Version", "scans.ThreatHive / Detail", "scans.ThreatHive / Update", "scans.ThreatHive / Version", "scans.Trustwave / Detail", "scans.Trustwave / Update", "scans.Trustwave / Version", "scans.URLQuery / Detail", "scans.URLQuery / Update", "scans.URLQuery / Version", "scans.Webutation / Detail", "scans.Webutation / Update", "scans.Webutation / Version", "scans.ZCloudsec / Detail", "scans.ZCloudsec / Update", "scans.ZCloudsec / Version", "scans.ZeroCERT / Detail", "scans.ZeroCERT / Update", "scans.ZeroCERT / Version", "scans.Zerofox / Detail", "scans.Zerofox / Update", "scans.Zerofox / Version", "scans.ZeusTracker / Update", "scans.ZeusTracker / Version", "scans.zvelo / Detail", "scans.zvelo / Update", "scans.zvelo / Version", "scans['AegisLab WebGuard'] / Detail", "scans['AegisLab WebGuard'] / Update", "scans['AegisLab WebGuard'] / Version", "scans['CLEAN MX'] / Detail", "scans['CLEAN MX'] / Update", "scans['CLEAN MX'] / Version", "scans['Comodo Site Inspector'] / Detail", "scans['Comodo Site Inspector'] / Update", "scans['Comodo Site Inspector'] / Version", "scans['desenmascara.me'] / Detail", "scans['desenmascara.me'] / Update", "scans['desenmascara.me'] / Version", "scans['Dr.Web'] / Detail", "scans['Dr.Web'] / Update", "scans['Dr.Web'] / Version", "scans['Google Safebrowsing'] / Detail", "scans['Google Safebrowsing'] / Update", "scans['Google Safebrowsing'] / Version", "scans['Malc0de Database'] / Update", "scans['Malc0de Database'] / Version", "scans['Malware Domain Blocklist'] / Detail", "scans['Malware Domain Blocklist'] / Update", "scans['Malware Domain Blocklist'] / Version", "scans['Malwarebytes hpHosts'] / Detail", "scans['Malwarebytes hpHosts'] / Update", "scans['Malwarebytes hpHosts'] / Version", "scans['malwares.com URL checker'] / Detail", "scans['malwares.com URL checker'] / Update", "scans['malwares.com URL checker'] / Version", "scans['SCUMWARE.org'] / Detail", "scans['SCUMWARE.org'] / Update", "scans['SCUMWARE.org'] / Version", "scans['Sucuri SiteCheck'] / Detail", "scans['Sucuri SiteCheck'] / Update", "scans['Sucuri SiteCheck'] / Version", "scans['VX Vault'] / Detail", "scans['VX Vault'] / Update", "scans['VX Vault'] / Version", "scans['Web Security Guard'] / Detail", "scans['Web Security Guard'] / Update", "scans['Web Security Guard'] / Version", "scans['Websense ThreatSeeker'] / Detail", "scans['Websense ThreatSeeker'] / Update", "scans['Websense ThreatSeeker'] / Version", "scans['Yandex Safebrowsing'] / Update", "scans['Yandex Safebrowsing'] / Version", "scans['ZDB Zeus'] / Detail", "scans['ZDB Zeus'] / Update", "scans['ZDB Zeus'] / Version");
UrlReport urlReport = await VirusTotal.GetUrlReport("google.com");
Assert.Equal(ReportResponseCode.Present, urlReport.ResponseCode);
}
public async Task GetReportUnknownUrl()
{
UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com");
Assert.Equal(ReportResponseCode.NotPresent, urlReport.ResponseCode);
//We are not supposed to have a scan id
Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
public async Task GetReportForUnknownUrlAndScan()
{
UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com", true);
//It return "present" because we told it to scan it
Assert.Equal(ReportResponseCode.Present, urlReport.ResponseCode);
//We are supposed to have a scan id because we scanned it
Assert.False(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
public async Task GetReportUnknownUrl()
{
IgnoreMissingJson(" / filescan_id", " / Permalink", " / Positives", " / scan_date", " / scan_id", " / Scans", " / Total", " / URL");
UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com");
Assert.Equal(ReportResponseCode.NotPresent, urlReport.ResponseCode);
//We are not supposed to have a scan id
Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
FileInfo fileInfo = new FileInfo("testfile.txt");
//Create a new file
File.WriteAllText(fileInfo.FullName, "This is a test file!");
//Check if the file has been scanned before.
Report fileReport = virusTotal.GetFileReport(fileInfo).First();
bool hasFileBeenScannedBefore = fileReport.ResponseCode == 1;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl).First();
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == 1;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
List <ScanResult> urlResults = virusTotal.ScanUrl(ScanUrl);
urlResults.ForEach(PrintScan);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
Report fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
//==================== UNUSED CODE====================
#region Unused code
#region malicious/suspicious checking; add to beforeRequest before/after checkBlackList
/*
* AddtoHostList(hostname); //hardcoding of suspicious & malicious hosts
*
#region checking if urlhostlist has checked host before
* for (int i = 0; i < URLHostList.Count; i++)
* {
* if (URLHostList.ToString().Contains(hostname))
* {
* string element = URLHostList[i].ToString();
* if (element.Contains("1"))
* {
* checkSafeInt = 1; //safe
* }
* else if (element.Contains("2"))
* {
* checkSafeInt = 2; //suspicious
* }
* else if (element.Contains("3"))
* {
* checkSafeInt = 3; //malicious
* }
* else
* checkSafeInt = 0; //not checked
* }
* }
#endregion
*
* if (checkSafeInt == 3) //site is unsafe
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* { A = oSession.id.ToString(), B = oSession.url, C = oSession.hostname, D = oSession.fullUrl, E = oSession.state.ToString() };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
*
* }));
* }
* else if (checkSafeInt == 2)//site may be compromised
* {
* //pause thread to ask to proceed
* MessageBoxResult result = MessageBox.Show(
* "This URL is potentially compromised, do you wish to proceed?",
* "SecureNet",
* MessageBoxButton.YesNo,
* MessageBoxImage.Warning);
*
* switch (result)
* {
* case MessageBoxResult.Yes:
* {
*
* }
* //user assume is safe
* break;
* case MessageBoxResult.No:
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* {
* A = oSession.id.ToString(),
* B = oSession.url,
* C = oSession.hostname,
* D = oSession.fullUrl,
* E = oSession.state.ToString()
* };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
* }));
* break;
* }
* }
* }
* else //site is safe
* {
* //do nothing, proceed to after session
* return;
* }*/
#endregion
#region VirusTotal Scanning -> Not completed as unable to check if it works due to public API constraints
public async void VirusTotalURLScan(string shortUrl, string hostname)
{
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(shortUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
if (hasUrlBeenScannedBefore)
{
ReviewScan(urlReport);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(shortUrl);
NewScan(urlResult, hostname);
}
}
private void button2_Click(object sender, EventArgs e)
{
VirusTotal virusTotal = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);
string ScanUrl = textBox2.Text;
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
DialogResult dialogresult2 = MessageBox.Show("File has been scan before: ", " hasFileBeenScannedBefore", MessageBoxButtons.YesNo);
//If the url has been scanned before, the results are embedded inside the report.
if (dialogresult2 == DialogResult.Yes)
{
PrintScan(urlReport);
string str = urlReport.Resource;
string[] splitedStrings = str.Split('-');
string requestedValue = splitedStrings[0];
textBox4.Text = requestedValue;
foreach (ScanEngine scan in urlReport.Scans)
{
string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
listView1.Items.Add("Detect:").SubItems.AddRange(row1);
}
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
string str = urlReport.ScanId;
string[] splitedStrings = str.Split('-');
string requestedValue = splitedStrings[0];
textBox4.Text = requestedValue;
foreach (ScanEngine scan in urlReport.Scans)
{
string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
listView1.Items.Add("Detect:").SubItems.AddRange(row1);
}
}
}
/// <summary>
/// URL Scan
/// </summary>
/// <param name="urlText"></param>
public async void startVTAsyncURL(string urlText)
{
if (urlText.Contains("."))
{
using (new WaitCursor())
{
//If textbox empty, won't scan
if (string.IsNullOrEmpty((ScanTxtBox.Text)))
{
return;
}
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(urlText);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine(hasUrlBeenScannedBefore);
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
MessageBox.Show(urlText + " has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport, urlText);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(urlText);
PrintScan(urlResult);
}
}
}
else
{
MessageBox.Show("Invalid link", "SecureNet");
}
}
private static void UrlScan(string url)
{
try
{
VirusTotal virusTotal = new VirusTotal(api_key);
virusTotal.UseTLS = true;
UrlReport urlReport = virusTotal.GetUrlReport(url);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(url);
PrintScan(urlResult);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
private static List<UrlReport> ParseUrl(IEnumerable<string> sURL)
{
//The below is a placeholder for when this will be encrypted.
//var sAcek = xfidoconf.getVarSet("securityfeed").getVarSet("virustotal").getString("acek", null);
var sVTKey = Object_Fido_Configs.GetAsString("fido.securityfeed.virustotal.apikey", null);
var vtLogin = new VirusTotal(sVTKey);
var isRateLimited = Object_Fido_Configs.GetAsBool("fido.securityfeed.virustotal.ratelimited", false);
List<UrlReport> sVirusTotalUrl = null;
var sVTURLreturn = new List<UrlReport>();
var newurl = string.Empty;
var url = sURL as IList<string> ?? sURL.ToList();
var fidoDB = new SqLiteDB();
var isPaidFeed = Convert.ToBoolean(fidoDB.ExecuteScalar("Select paid_feed from configs_threatfeed_virustotal"));
try
{
if (sURL != null)
{
for (var i = 0; i < url.Count(); i++)
{
if (!url[i].Contains("http://"))
{
newurl = "http://" + url[i];
}
else
{
newurl = url[i];
}
if (!isPaidFeed) Thread.Sleep(15000);
var sVTURLtemp = new List<UrlReport> { vtLogin.GetUrlReport(newurl) };
if (!isPaidFeed) Thread.Sleep(20000);
var icount = 1;
if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLreturn.Add(sVTURLtemp[0]);
continue;
}
while (sVTURLtemp[0].VerboseMsg == "The requested resource is not among the finished, queued or pending scans" && icount <= 3)
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLtemp.RemoveAt(0);
vtLogin.ScanUrl(newurl);
//todo: move sleep integer to db
Thread.Sleep(120000);
icount++;
sVTURLtemp.Add(vtLogin.GetUrlReport(newurl));
if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLreturn.Add(sVTURLtemp[0]);
}
}
//if (icount == 1)
//{
// sVTURLreturn.Add(sVTURLtemp[0]);
//}
}
if (sVTURLreturn.Any())
{
sVirusTotalUrl = sVTURLreturn;
return sVirusTotalUrl;
}
}
}
catch (Exception e)
{
if (e.Message == "You have reached the 5 requests pr. min. limit of VirusTotal")
{
if (!isPaidFeed) Thread.Sleep(60000);
sVirusTotalUrl = ParseUrl(url);
return sVirusTotalUrl;
}
Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in VT URL area:" + e);
}
return sVirusTotalUrl;
}
private void button1_Click(object sender, EventArgs e)
{
VirusTotal virusTotal = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
string chosenfile = "";
openFileDialog1.InitialDirectory = "C:";
openFileDialog1.Title = "insert file";
openFileDialog1.FileName = "";
openFileDialog1.ShowDialog();
chosenfile = openFileDialog1.FileName;
textBox1.Text = chosenfile;
FileInfo fileInfo = new FileInfo(textBox1.Text);
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
VirusTotalNET.Objects.Report fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
VirusTotalNET.Objects.ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
public void GetReportKnownUrl()
{
UrlReport urlReport = _virusTotal.GetUrlReport("google.com");
Assert.AreEqual(ReportResponseCode.Present, urlReport.ResponseCode);
}
public async Task GetReportInvalidUrl()
{
await Assert.ThrowsAsync <Exception>(async() => await VirusTotal.GetUrlReport("."));
}
public async Task GetReportKnownUrl()
{
UrlReport urlReport = await VirusTotal.GetUrlReport("google.com");
Assert.Equal(ReportResponseCode.Present, urlReport.ResponseCode);
}