//API 부분
private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("e94b6cd868bd18f84b422f0e5e3e353b794410c0e7449af2d946e346b92c1662");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("7c2ea7a71fa28fe564f9d6ffb63ac6ca11984067052e2fa40bc9cdec24d232f7");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//바이러스 토탈에서 과거 분석 내역 있으면 과거 분석 내역 갖고오기
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
FileInfo fileInfo = new FileInfo("testfile.txt");
//Create a new file
File.WriteAllText(fileInfo.FullName, "This is a test file!");
//Check if the file has been scanned before.
Report fileReport = virusTotal.GetFileReport(fileInfo).First();
bool hasFileBeenScannedBefore = fileReport.ResponseCode == 1;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl).First();
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == 1;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
List <ScanResult> urlResults = virusTotal.ScanUrl(ScanUrl);
urlResults.ForEach(PrintScan);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
Report fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
//==================== UNUSED CODE====================
#region Unused code
#region malicious/suspicious checking; add to beforeRequest before/after checkBlackList
/*
* AddtoHostList(hostname); //hardcoding of suspicious & malicious hosts
*
#region checking if urlhostlist has checked host before
* for (int i = 0; i < URLHostList.Count; i++)
* {
* if (URLHostList.ToString().Contains(hostname))
* {
* string element = URLHostList[i].ToString();
* if (element.Contains("1"))
* {
* checkSafeInt = 1; //safe
* }
* else if (element.Contains("2"))
* {
* checkSafeInt = 2; //suspicious
* }
* else if (element.Contains("3"))
* {
* checkSafeInt = 3; //malicious
* }
* else
* checkSafeInt = 0; //not checked
* }
* }
#endregion
*
* if (checkSafeInt == 3) //site is unsafe
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* { A = oSession.id.ToString(), B = oSession.url, C = oSession.hostname, D = oSession.fullUrl, E = oSession.state.ToString() };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
*
* }));
* }
* else if (checkSafeInt == 2)//site may be compromised
* {
* //pause thread to ask to proceed
* MessageBoxResult result = MessageBox.Show(
* "This URL is potentially compromised, do you wish to proceed?",
* "SecureNet",
* MessageBoxButton.YesNo,
* MessageBoxImage.Warning);
*
* switch (result)
* {
* case MessageBoxResult.Yes:
* {
*
* }
* //user assume is safe
* break;
* case MessageBoxResult.No:
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* {
* A = oSession.id.ToString(),
* B = oSession.url,
* C = oSession.hostname,
* D = oSession.fullUrl,
* E = oSession.state.ToString()
* };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
* }));
* break;
* }
* }
* }
* else //site is safe
* {
* //do nothing, proceed to after session
* return;
* }*/
#endregion
#region VirusTotal Scanning -> Not completed as unable to check if it works due to public API constraints
public async void VirusTotalURLScan(string shortUrl, string hostname)
{
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(shortUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
if (hasUrlBeenScannedBefore)
{
ReviewScan(urlReport);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(shortUrl);
NewScan(urlResult, hostname);
}
}
private void button2_Click(object sender, EventArgs e)
{
VirusTotal virusTotal = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);
string ScanUrl = textBox2.Text;
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
DialogResult dialogresult2 = MessageBox.Show("File has been scan before: ", " hasFileBeenScannedBefore", MessageBoxButtons.YesNo);
//If the url has been scanned before, the results are embedded inside the report.
if (dialogresult2 == DialogResult.Yes)
{
PrintScan(urlReport);
string str = urlReport.Resource;
string[] splitedStrings = str.Split('-');
string requestedValue = splitedStrings[0];
textBox4.Text = requestedValue;
foreach (ScanEngine scan in urlReport.Scans)
{
string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
listView1.Items.Add("Detect:").SubItems.AddRange(row1);
}
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
string str = urlReport.ScanId;
string[] splitedStrings = str.Split('-');
string requestedValue = splitedStrings[0];
textBox4.Text = requestedValue;
foreach (ScanEngine scan in urlReport.Scans)
{
string[] row1 = { scan.Name, Convert.ToString(scan.Detected) };
listView1.Items.Add("Detect:").SubItems.AddRange(row1);
}
}
}
/// <summary>
/// URL Scan
/// </summary>
/// <param name="urlText"></param>
public async void startVTAsyncURL(string urlText)
{
if (urlText.Contains("."))
{
using (new WaitCursor())
{
//If textbox empty, won't scan
if (string.IsNullOrEmpty((ScanTxtBox.Text)))
{
return;
}
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(urlText);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine(hasUrlBeenScannedBefore);
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
MessageBox.Show(urlText + " has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport, urlText);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(urlText);
PrintScan(urlResult);
}
}
}
else
{
MessageBox.Show("Invalid link", "SecureNet");
}
}
private static void UrlScan(string url)
{
try
{
VirusTotal virusTotal = new VirusTotal(api_key);
virusTotal.UseTLS = true;
UrlReport urlReport = virusTotal.GetUrlReport(url);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(url);
PrintScan(urlResult);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
private static List<UrlReport> ParseUrl(IEnumerable<string> sURL)
{
//The below is a placeholder for when this will be encrypted.
//var sAcek = xfidoconf.getVarSet("securityfeed").getVarSet("virustotal").getString("acek", null);
var sVTKey = Object_Fido_Configs.GetAsString("fido.securityfeed.virustotal.apikey", null);
var vtLogin = new VirusTotal(sVTKey);
var isRateLimited = Object_Fido_Configs.GetAsBool("fido.securityfeed.virustotal.ratelimited", false);
List<UrlReport> sVirusTotalUrl = null;
var sVTURLreturn = new List<UrlReport>();
var newurl = string.Empty;
var url = sURL as IList<string> ?? sURL.ToList();
var fidoDB = new SqLiteDB();
var isPaidFeed = Convert.ToBoolean(fidoDB.ExecuteScalar("Select paid_feed from configs_threatfeed_virustotal"));
try
{
if (sURL != null)
{
for (var i = 0; i < url.Count(); i++)
{
if (!url[i].Contains("http://"))
{
newurl = "http://" + url[i];
}
else
{
newurl = url[i];
}
if (!isPaidFeed) Thread.Sleep(15000);
var sVTURLtemp = new List<UrlReport> { vtLogin.GetUrlReport(newurl) };
if (!isPaidFeed) Thread.Sleep(20000);
var icount = 1;
if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLreturn.Add(sVTURLtemp[0]);
continue;
}
while (sVTURLtemp[0].VerboseMsg == "The requested resource is not among the finished, queued or pending scans" && icount <= 3)
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLtemp.RemoveAt(0);
vtLogin.ScanUrl(newurl);
//todo: move sleep integer to db
Thread.Sleep(120000);
icount++;
sVTURLtemp.Add(vtLogin.GetUrlReport(newurl));
if (sVTURLtemp[0].VerboseMsg == "Scan finished, scan information embedded in this object")
{
Console.WriteLine(sVTURLtemp[0].VerboseMsg);
Console.WriteLine(newurl);
sVTURLreturn.Add(sVTURLtemp[0]);
}
}
//if (icount == 1)
//{
// sVTURLreturn.Add(sVTURLtemp[0]);
//}
}
if (sVTURLreturn.Any())
{
sVirusTotalUrl = sVTURLreturn;
return sVirusTotalUrl;
}
}
}
catch (Exception e)
{
if (e.Message == "You have reached the 5 requests pr. min. limit of VirusTotal")
{
if (!isPaidFeed) Thread.Sleep(60000);
sVirusTotalUrl = ParseUrl(url);
return sVirusTotalUrl;
}
Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in VT URL area:" + e);
}
return sVirusTotalUrl;
}
public async Task ScanUnknownUrl()
{
UrlScanResult fileResult = await VirusTotal.ScanUrl("VirusTotal.NET" + Guid.NewGuid() + ".com");
Assert.Equal(ScanResponseCode.Queued, fileResult.ResponseCode);
}
public async Task ScanKnownUrl()
{
UrlScanResult fileResult = await VirusTotal.ScanUrl("google.com");
Assert.Equal(ScanResponseCode.Queued, fileResult.ResponseCode);
}
public void ScanKnownUrl()
{
ScanResult fileResult = _virusTotal.ScanUrl("google.com");
Assert.AreEqual(ScanResponseCode.Queued, fileResult.ResponseCode);
}
private void button1_Click(object sender, EventArgs e)
{
VirusTotal virusTotal = new VirusTotal(System.Configuration.ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
string chosenfile = "";
openFileDialog1.InitialDirectory = "C:";
openFileDialog1.Title = "insert file";
openFileDialog1.FileName = "";
openFileDialog1.ShowDialog();
chosenfile = openFileDialog1.FileName;
textBox1.Text = chosenfile;
FileInfo fileInfo = new FileInfo(textBox1.Text);
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
VirusTotalNET.Objects.Report fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
VirusTotalNET.Objects.ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
Report urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}