public static async Task RunScan() { VirusTotal virusTotal = new VirusTotal("YOUR VT API KEY HERE"); virusTotal.UseTLS = true; using (StreamReader scanHosts = new StreamReader(@"address.txt")) { string line; while ((line = scanHosts.ReadLine()) != null) { try { Console.WriteLine("Hostname: " + line); UrlReport urlreport = await virusTotal.GetUrlReportAsync(line); PrintScan(urlreport); } catch (VirusTotalNET.Exceptions.RateLimitException) { Thread.Sleep(60000); continue; } catch (VirusTotalNET.Exceptions.InvalidResourceException) { Console.WriteLine("-- Blank Entry --"); Console.WriteLine(); continue; } } } }
private static async Task runAPI() { VirusTotal virusTotal = new VirusTotal("7c2ea7a71fa28fe564f9d6ffb63ac6ca11984067052e2fa40bc9cdec24d232f7"); //https 사용 virusTotal.UseTLS = true; UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl); hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; //바이러스 토탈에서 과거 분석 내역 있으면 과거 분석 내역 갖고오기 if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl); //PrintScan(urlResult); await Task.Delay(500); } }
//API 부분 private static async Task runAPI() { VirusTotal virusTotal = new VirusTotal("e94b6cd868bd18f84b422f0e5e3e353b794410c0e7449af2d946e346b92c1662"); //https 사용 virusTotal.UseTLS = true; UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl); hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl); //PrintScan(urlResult); await Task.Delay(500); } }
public void WriteReportCsvFile() { // create url report var urlReport = new UrlReport( new[] { new UrlReportRecord { Url = "/url" } }); // write url report var reportCsvFile = Path.Combine( TestData.TestData.CurrentDirectory, @"report.csv"); using (var reportCsvWriter = new ReportCsvWriter <UrlReportRecord>(reportCsvFile)) { reportCsvWriter.Write(urlReport); } // read url report lines var urlReportLines = File.ReadAllLines(reportCsvFile); // verify url report lines Assert.AreEqual(2, urlReportLines.Length); Assert.AreEqual( "\"Url\"", urlReportLines[0]); Assert.AreEqual( "\"/url\"", urlReportLines[1]); }
public static async Task <string> FindVirusTotalInfoAsync(string url) { string returnString = ""; VirusTotal virusTotal = new VirusTotal("de0a5c113302967ab7d535c84e8a6ce49eacbd2952397c43dc99c13a26df423e"); virusTotal.UseTLS = true; UrlReport urlReport = await virusTotal.GetUrlReportAsync(url); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; //do something return string with info about the url Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(url); PrintScan(urlResult); } returnString = returnString + urlReport.Permalink + "***" + urlReport.Positives + "/" + urlReport.Total; return(returnString); //repeat varius api interaction methods for the other analysis sites with each irl }
public static async Task ScanURL(string url, RichTextBox richtextbox, DataGridView datagridview) { try { VirusTotalNET.VirusTotal virusTotal = new VirusTotalNET.VirusTotal(APIKey); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; UrlReport urlReport = await virusTotal.GetUrlReport(url); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport, url, hasUrlBeenScannedBefore, richtextbox, datagridview); } else { UrlScanResult urlResult = await virusTotal.ScanUrl(url); PrintScan(urlResult, url, hasUrlBeenScannedBefore, richtextbox, datagridview); } } catch (Exception e) { MessageBox.Show(e.Message, "Something went wrong!"); } }
public async Task GetReportKnownUrl() { IgnoreMissingJson("scans.ADMINUSLabs / Detail", "scans.AlienVault / Detail", "scans.Antiy-AVL / Detail", "scans.AutoShun / Detail", "scans.Avira / Detail", "scans.Baidu-International / Detail", "scans.BitDefender / Detail", "scans.Blueliv / Detail", "scans.Certly / Detail", "scans.C-SIRT / Detail", "scans.CyberCrime / Detail", "scans.Emsisoft / Detail", "scans.ESET / Detail", "scans.Fortinet / Detail", "scans.FraudScore / Detail", "scans.FraudSense / Detail", "scans.G-Data / Detail", "scans.K7AntiVirus / Detail", "scans.Kaspersky / Detail", "scans.Malekal / Detail", "scans.Malwared / Detail", "scans.MalwarePatrol / Detail", "scans.Netcraft / Detail", "scans.Nucleon / Detail", "scans.OpenPhish / Detail", "scans.Opera / Detail", "scans.PhishLabs / Detail", "scans.Phishtank / Detail", "scans.Quttera / Detail", "scans.Rising / Detail", "scans.SecureBrain / Detail", "scans.securolytics / Detail", "scans.Sophos / Detail", "scans.Spam404 / Detail", "scans.StopBadware / Detail", "scans.Tencent / Detail", "scans.ThreatHive / Detail", "scans.Trustwave / Detail", "scans.URLQuery / Detail", "scans.Webutation / Detail", "scans.ZCloudsec / Detail", "scans.ZeroCERT / Detail", "scans.Zerofox / Detail", "scans.zvelo / Detail", "scans['AegisLab WebGuard'] / Detail", "scans['CLEAN MX'] / Detail", "scans['Comodo Site Inspector'] / Detail", "scans['desenmascara.me'] / Detail", "scans['Dr.Web'] / Detail", "scans['Forcepoint ThreatSeeker'] / Detail", "scans['Google Safebrowsing'] / Detail", "scans['Malware Domain Blocklist'] / Detail", "scans['Malwarebytes hpHosts'] / Detail", "scans['malwares.com URL checker'] / Detail", "scans['SCUMWARE.org'] / Detail", "scans['Sucuri SiteCheck'] / Detail", "scans['Virusdie External Site Scan'] / Detail", "scans['VX Vault'] / Detail", "scans['Web Security Guard'] / Detail", "scans['ZDB Zeus'] / Detail"); UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.KnownUrls.First()); Assert.Equal(UrlReportResponseCode.Present, urlReport.ResponseCode); }
public async Task GetReportUnknownUrl() { UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com"); Assert.Equal(ReportResponseCode.NotPresent, urlReport.ResponseCode); //We are not supposed to have a scan id Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId)); }
public async Task GetReportForUnknownUrlAndScan() { UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com", true); //It return "present" because we told it to scan it Assert.Equal(ReportResponseCode.Present, urlReport.ResponseCode); //We are supposed to have a scan id because we scanned it Assert.False(string.IsNullOrWhiteSpace(urlReport.ScanId)); }
public async Task GetReportUnknownUrl() { IgnoreMissingJson(" / filescan_id", " / Permalink", " / Positives", " / scan_date", " / scan_id", " / Scans", " / Total", " / URL"); UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.GetUnknownUrls(1).First()); Assert.Equal(UrlReportResponseCode.NotPresent, urlReport.ResponseCode); //We are not supposed to have a scan id Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId)); }
public async Task GetReportForUnknownUrlAndScan() { IgnoreMissingJson(" / filescan_id", " / Positives", " / Scans", " / Total"); UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.GetUnknownUrls(1).First(), true); //It return "present" because we told it to scan it Assert.Equal(UrlReportResponseCode.Present, urlReport.ResponseCode); //We are supposed to have a scan id because we scanned it Assert.False(string.IsNullOrWhiteSpace(urlReport.ScanId)); }
static void Main(string[] args) { VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html FileInfo fileInfo = new FileInfo("EICAR.txt"); File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = virusTotal.GetFileReport(fileInfo); bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = virusTotal.ScanFile(fileInfo); PrintScan(fileResult); } Console.WriteLine(); UrlReport urlReport = virusTotal.GetUrlReport(ScanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { ScanResult urlResult = virusTotal.ScanUrl(ScanUrl); PrintScan(urlResult); } Console.WriteLine("Press a key to continue"); Console.ReadLine(); }
private static void PrintScan(UrlReport urlReport) { Console.WriteLine("Scan ID: " + urlReport.ScanId); Console.WriteLine("Message: " + urlReport.VerboseMsg); if (urlReport.ResponseCode == UrlReportResponseCode.Present) { foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans) { Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); } } Console.WriteLine(); }
public static void ReviewScan(UrlReport urlReport) { string allLines = null; if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans) { string currentLine = string.Format("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); allLines += currentLine + Environment.NewLine; // Adds to string, so it can be written to file later } } }
private static async Task RunExample() { VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html FileInfo fileInfo = new FileInfo("EICAR.txt"); File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReport(fileInfo); bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = await virusTotal.ScanFile(fileInfo); PrintScan(fileResult); } Console.WriteLine(); UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl); PrintScan(urlResult); } }
private static async Task Main(string[] args) { VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt"); PrintScan(fileResult); } Console.WriteLine(); string scanUrl = "http://www.google.com/"; UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl); PrintScan(urlResult); } }
/// <summary> /// The listBox1_DoubleClick /// </summary> /// <param name="sender">The sender<see cref="object"/></param> /// <param name="e">The e<see cref="EventArgs"/></param> private async void listBox1_DoubleClick(object sender, EventArgs e) { var ip = listBox1.SelectedItem.ToString(); VirusTotal virustotal = new VirusTotal("a3f22a4baa6bfb80942e3aa9824c0673acab04140cb7825487590d587d70c485") { UseTLS = true }; UrlReport report = await virustotal.GetUrlReportAsync(ip); bool Scancheck = report.ResponseCode == UrlReportResponseCode.Present; UrlScanResult fileResult = await virustotal.ScanUrlAsync(ip); if (Scancheck) { linkLabel2.Text = fileResult.Permalink; } else { if (fileResult.Permalink.Contains("://")) { Process.Start(fileResult.Permalink); } } if (report.ResponseCode == UrlReportResponseCode.Present) { foreach (KeyValuePair <string, UrlScanEngine> scan in report.Scans) { ListViewItem itm = new ListViewItem { Text = scan.Key }; itm.SubItems.Add(scan.Value.Result); if (scan.Value.Result == "clean site") { itm.SubItems[1].ForeColor = Color.Green; itm.UseItemStyleForSubItems = false; } else { itm.SubItems[1].ForeColor = Color.Red; itm.UseItemStyleForSubItems = false; } itm.SubItems.Add(report.ScanDate.ToString(CultureInfo.CurrentCulture)); itm.SubItems.Add(report.ScanId); listView1.Items.Add(itm); } } }
private static void PrintScan(UrlReport urlReport) { Console.WriteLine("Scan ID: " + urlReport.ScanId); Console.WriteLine("Message: " + urlReport.VerboseMsg); if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (ScanEngine scan in urlReport.Scans) { Console.WriteLine("{0,-25} Detected: {1}", scan.Name, scan.Detected); } } Console.WriteLine(); }
private static void PrintScan(UrlReport urlReport) { Console.WriteLine("Response code: " + urlReport.ResponseCode.ToString()); Console.WriteLine("Scan ID: " + urlReport.ScanId); Console.WriteLine("Message: " + urlReport.VerboseMsg); Console.WriteLine("Last Scan Date: " + urlReport.ScanDate.ToString()); Console.WriteLine("Detection Rate: " + urlReport.Positives.ToString() + " of " + urlReport.Total.ToString()); Console.WriteLine("Permalink: " + urlReport.Permalink); if (urlReport.ResponseCode == ReportResponseCode.Present) { Console.WriteLine("{0,-25} {1}", "URL Scanner", "Result"); foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans) { Console.WriteLine("{0,-25} {1}", scan.Key, scan.Value.Result); } } }
public static void PrintScan(UrlReport urlReport, string urlText) { Console.WriteLine("Scan ID: " + urlReport.ScanId); Console.WriteLine("Message: " + urlReport.VerboseMsg); string folderName = @"ScanReports"; string pathStringURL = System.IO.Path.Combine(folderName, "URL"); System.IO.Directory.CreateDirectory(pathStringURL); string allLines = ""; // For writing to file allLines += "Scan ID : " + urlReport.ScanId + Environment.NewLine; allLines += "Scan Result from VirusTotal \n"; using (new WaitCursor()) { if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans) { string currentLine = string.Format("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); allLines += currentLine + Environment.NewLine; // Adds to string, so it can be written to file later Console.WriteLine(currentLine); // Writes to console } } // Creating a Text File try { string pathURL = @"ScanReports\URL\" + urlText + ".txt"; File.WriteAllText(pathURL, allLines); } catch (Exception e) { Console.WriteLine("Cannot create text file for writing"); Console.WriteLine(e.Message); return; } MessageBox.Show("A report of this scan has been created with Scan ID : " + urlReport.ScanId, "SecureNet"); //MessageBox.Show(allLines); } }
public async Task ExecuteVirusTotalScan(ScanRequest request) { try { VirusTotal virusTotal = new VirusTotal(_possibleScans.VirusTotalApiKey); UrlReport urlReport = await virusTotal.GetUrlReportAsync(request.WebsiteUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; //_logger.LogInformation("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { ParseVirusTotalScanResult(urlReport, request); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(request.WebsiteUrl); int tryCount = 0; while (tryCount < 1000) { UrlReport urlCurrentReport = await virusTotal.GetUrlReportAsync(request.WebsiteUrl); hasUrlBeenScannedBefore = urlCurrentReport.ResponseCode == UrlReportResponseCode.Present; if (hasUrlBeenScannedBefore) { ParseVirusTotalScanResult(urlReport, request); break; } _logger.LogDebug("SKIPPING"); await Task.Delay(2000); tryCount++; } } } catch (Exception e) { _logger.LogError(e, "Error at ExecuteVirusTotalScan, Error: "); } }
private void ParseVirusTotalScanResult(UrlReport urlReport, ScanRequest request) { _logger.LogDebug("Scan ID: " + urlReport.ScanId); _logger.LogDebug("Message: " + urlReport.VerboseMsg); if (urlReport.ResponseCode == UrlReportResponseCode.Present) { foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans) { request.ScanVirusTotal.Add(new ScanVirusTotal() { ScanProvider = scan.Key, ScanResult = scan.Value.Detected }); _logger.LogDebug("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); } } }
private static void PrintScan(UrlReport urlReport, string name, bool hasUrlBeenScannedBefore, RichTextBox richtextbox, DataGridView datagridview) { int infectednum = 0, cleannum = 0, count = 0;; string result = "Scanned URL: " + name + "\n\nURL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes\n" : "No\n\nNote: Scanning may take some time, please try to scan again in a while to see the result!"); //removed part + "Scan ID: " + urlReport.ScanId + "\n" + "Message: " + urlReport.VerboseMsg richtextbox.Text = result; if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans) { datagridview.Rows.Add(); datagridview.Rows[count].HeaderCell.Value = count.ToString(); datagridview.Rows[count].Cells[0].Value = scan.Key; datagridview.Rows[count].Cells[1].Value = (scan.Value.Detected ? "Infected" : "Clean"); datagridview.Rows[count].Cells[2].Value = scan.Value.Result; if (scan.Value.Detected) { datagridview.Rows[count].DefaultCellStyle.BackColor = Color.Red; infectednum++; } else { datagridview.Rows[count].DefaultCellStyle.BackColor = Color.Green; cleannum++; } count++; } datagridview.ClearSelection(); if (infectednum == 0) { richtextbox.ForeColor = Color.Green; } else { richtextbox.ForeColor = Color.Red; } } richtextbox.Text += "\nDetection ratio: " + infectednum + "/" + count; }
private static void PrintScan(UrlReport urlReport) { int temp1 = 0; fcnt = 0; total = urlReport.Total; if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans) { if (scan.Value.Detected) { temp1 += 1; } } fcnt = temp1; } }
//==================== UNUSED CODE==================== #region Unused code #region malicious/suspicious checking; add to beforeRequest before/after checkBlackList /* * AddtoHostList(hostname); //hardcoding of suspicious & malicious hosts * #region checking if urlhostlist has checked host before * for (int i = 0; i < URLHostList.Count; i++) * { * if (URLHostList.ToString().Contains(hostname)) * { * string element = URLHostList[i].ToString(); * if (element.Contains("1")) * { * checkSafeInt = 1; //safe * } * else if (element.Contains("2")) * { * checkSafeInt = 2; //suspicious * } * else if (element.Contains("3")) * { * checkSafeInt = 3; //malicious * } * else * checkSafeInt = 0; //not checked * } * } #endregion * * if (checkSafeInt == 3) //site is unsafe * { * oSession.Abort(); * Console.WriteLine("** Session Aborted"); * * //update datagrid of failure * dataGrid1.Dispatcher.Invoke(new UpdateUI(() => * { * DataObject newDataObject = new DataObject() * { A = oSession.id.ToString(), B = oSession.url, C = oSession.hostname, D = oSession.fullUrl, E = oSession.state.ToString() }; * DataObjects.Add(newDataObject); * dataGrid1.Items.Add(newDataObject); * Console.WriteLine("Add to DataObject"); * * })); * } * else if (checkSafeInt == 2)//site may be compromised * { * //pause thread to ask to proceed * MessageBoxResult result = MessageBox.Show( * "This URL is potentially compromised, do you wish to proceed?", * "SecureNet", * MessageBoxButton.YesNo, * MessageBoxImage.Warning); * * switch (result) * { * case MessageBoxResult.Yes: * { * * } * //user assume is safe * break; * case MessageBoxResult.No: * { * oSession.Abort(); * Console.WriteLine("** Session Aborted"); * * //update datagrid of failure * dataGrid1.Dispatcher.Invoke(new UpdateUI(() => * { * DataObject newDataObject = new DataObject() * { * A = oSession.id.ToString(), * B = oSession.url, * C = oSession.hostname, * D = oSession.fullUrl, * E = oSession.state.ToString() * }; * DataObjects.Add(newDataObject); * dataGrid1.Items.Add(newDataObject); * Console.WriteLine("Add to DataObject"); * })); * break; * } * } * } * else //site is safe * { * //do nothing, proceed to after session * return; * }*/ #endregion #region VirusTotal Scanning -> Not completed as unable to check if it works due to public API constraints public async void VirusTotalURLScan(string shortUrl, string hostname) { VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString()); vt.UseTLS = true; UrlReport urlReport = await vt.GetUrlReport(shortUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; if (hasUrlBeenScannedBefore) { ReviewScan(urlReport); } else { UrlScanResult urlResult = await vt.ScanUrl(shortUrl); NewScan(urlResult, hostname); } }
public async Task <ActionResult <string> > VirusTotalCheckUrlAsync([FromBody] string scanUrl) { UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { return("Number of scans: " + urlReport.Total + " " + "Positive: " + urlReport.Positives); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl); UrlReport newUrlReport = await virusTotal.GetUrlReportAsync(scanUrl); return("Url is being scanned, come back later for the result."); } }
private static void PrintScan(UrlReport urlReport) { Console.WriteLine("Scan Date: " + urlReport.ScanDate); Console.WriteLine("Scan Link: " + urlReport.Permalink); Console.WriteLine("Host Detections: " + urlReport.Positives + "/" + urlReport.Total); if (urlReport.ResponseCode == UrlReportResponseCode.Present) { foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans) { if (scan.Value.Detected) { Console.BackgroundColor = ConsoleColor.White; Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("WARNING: Posible Malicious Host Detected"); Console.ResetColor(); } } } Console.WriteLine(); }
/// <summary> /// URL Scan /// </summary> /// <param name="urlText"></param> public async void startVTAsyncURL(string urlText) { if (urlText.Contains(".")) { using (new WaitCursor()) { //If textbox empty, won't scan if (string.IsNullOrEmpty((ScanTxtBox.Text))) { return; } VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString()); vt.UseTLS = true; UrlReport urlReport = await vt.GetUrlReport(urlText); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present; Console.WriteLine(hasUrlBeenScannedBefore); Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); MessageBox.Show(urlText + " has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport, urlText); } else { UrlScanResult urlResult = await vt.ScanUrl(urlText); PrintScan(urlResult); } } } else { MessageBox.Show("Invalid link", "SecureNet"); } }
/// <summary> /// Performs a URL scan. /// Request a URL scan. /// Then checks every thirty seconds for a result. /// Doesn't return until VT results come in. Can take up to five minutes /// </summary> /// <param name="url"></param> /// <param name="delayBetweenRequestsMs">Virus Total only allows up to 4 request per minute. This delay adds a pause between each api call. Avoids exceptions. Defaults to 30.5 seconds.</param> /// <returns>A Tuple. Item 1 is a detection ratio (a float derived from positives divided by total). Item 2 is Virus Total permalink for scan.</returns> public async Task <Tuple <float, string> > ScanUrlComplete(string url, int delayBetweenRequestsMs = 30500) { Console.WriteLine($"Getting Url Report: {url}"); await _virusTotal.ScanUrl(url); UrlReport urlReport = null; while (urlReport == null || urlReport.ResponseCode != ResponseCodes.ReportResponseCode.Present) { await Task.Delay(delayBetweenRequestsMs); Console.WriteLine($"Waiting {delayBetweenRequestsMs} ms"); urlReport = await _virusTotal.GetUrlReport(url); } var detectionRatio = urlReport.Positives / (float)urlReport.Total; Console.WriteLine($"Detection Ratio: {urlReport.Positives} / {urlReport.Total} = {detectionRatio}"); return(new Tuple <float, string>(detectionRatio, urlReport.Permalink)); }
/// <summary> /// Performs a URL scan. /// Checks every 16 seconds for result finally returns. /// </summary> /// <param name="url"></param> /// <returns>A Tuple. Item 1 is positives count (goal: 0). Item 2 is Virus Total permalink for scan.</returns> public async Task <Tuple <int, string> > ScanUrlComplete(string url) { //todo implement time out auto cancel at five minutes Console.WriteLine($"Getting Url Report: {url}"); UrlReport urlReport = null; while (urlReport == null || urlReport.ResponseCode != ResponseCodes.ReportResponseCode.Present) { if (urlReport != null) { await Task.Delay(ScanCompleteDelayBetweenFileReportRequestsMs); } Console.WriteLine($"Waiting {ScanCompleteDelayBetweenFileReportRequestsMs} ms"); urlReport = await GetUrlReport(url, true); } Console.WriteLine($"FileReport: {urlReport}"); Console.WriteLine($"Positives: {urlReport.Positives}"); return(new Tuple <int, string>(urlReport.Positives, urlReport.Permalink)); }
private static void PrintScan(UrlReport urlReport) { Console.WriteLine("Scan ID: " + urlReport.ScanId); Console.WriteLine("Message: " + urlReport.VerboseMsg); if (urlReport.ResponseCode == ReportResponseCode.Present) { foreach (KeyValuePair<string, ScanEngine> scan in urlReport.Scans) { Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); } } Console.WriteLine(); }