public static async Task RunScan()
{
VirusTotal virusTotal = new VirusTotal("YOUR VT API KEY HERE");
virusTotal.UseTLS = true;
using (StreamReader scanHosts = new StreamReader(@"address.txt"))
{
string line;
while ((line = scanHosts.ReadLine()) != null)
{
try
{
Console.WriteLine("Hostname: " + line);
UrlReport urlreport = await virusTotal.GetUrlReportAsync(line);
PrintScan(urlreport);
}
catch (VirusTotalNET.Exceptions.RateLimitException)
{
Thread.Sleep(60000);
continue;
}
catch (VirusTotalNET.Exceptions.InvalidResourceException)
{
Console.WriteLine("-- Blank Entry --");
Console.WriteLine();
continue;
}
}
}
}
private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("7c2ea7a71fa28fe564f9d6ffb63ac6ca11984067052e2fa40bc9cdec24d232f7");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//바이러스 토탈에서 과거 분석 내역 있으면 과거 분석 내역 갖고오기
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
//API 부분
private static async Task runAPI()
{
VirusTotal virusTotal = new VirusTotal("e94b6cd868bd18f84b422f0e5e3e353b794410c0e7449af2d946e346b92c1662");
//https 사용
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
//PrintScan(urlResult);
await Task.Delay(500);
}
}
public void WriteReportCsvFile()
{
// create url report
var urlReport = new UrlReport(
new[]
{
new UrlReportRecord
{
Url = "/url"
}
});
// write url report
var reportCsvFile = Path.Combine(
TestData.TestData.CurrentDirectory,
@"report.csv");
using (var reportCsvWriter = new ReportCsvWriter <UrlReportRecord>(reportCsvFile))
{
reportCsvWriter.Write(urlReport);
}
// read url report lines
var urlReportLines =
File.ReadAllLines(reportCsvFile);
// verify url report lines
Assert.AreEqual(2, urlReportLines.Length);
Assert.AreEqual(
"\"Url\"",
urlReportLines[0]);
Assert.AreEqual(
"\"/url\"",
urlReportLines[1]);
}
public static async Task <string> FindVirusTotalInfoAsync(string url)
{
string returnString = "";
VirusTotal virusTotal = new VirusTotal("de0a5c113302967ab7d535c84e8a6ce49eacbd2952397c43dc99c13a26df423e");
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReportAsync(url);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present;
//do something return string with info about the url
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrlAsync(url);
PrintScan(urlResult);
}
returnString = returnString + urlReport.Permalink + "***" + urlReport.Positives + "/" + urlReport.Total;
return(returnString);
//repeat varius api interaction methods for the other analysis sites with each irl
}
public static async Task ScanURL(string url, RichTextBox richtextbox, DataGridView datagridview)
{
try
{
VirusTotalNET.VirusTotal virusTotal = new VirusTotalNET.VirusTotal(APIKey);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
UrlReport urlReport = await virusTotal.GetUrlReport(url);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport, url, hasUrlBeenScannedBefore, richtextbox, datagridview);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(url);
PrintScan(urlResult, url, hasUrlBeenScannedBefore, richtextbox, datagridview);
}
}
catch (Exception e)
{
MessageBox.Show(e.Message, "Something went wrong!");
}
}
public async Task GetReportKnownUrl()
{
IgnoreMissingJson("scans.ADMINUSLabs / Detail", "scans.AlienVault / Detail", "scans.Antiy-AVL / Detail", "scans.AutoShun / Detail", "scans.Avira / Detail", "scans.Baidu-International / Detail", "scans.BitDefender / Detail", "scans.Blueliv / Detail", "scans.Certly / Detail", "scans.C-SIRT / Detail", "scans.CyberCrime / Detail", "scans.Emsisoft / Detail", "scans.ESET / Detail", "scans.Fortinet / Detail", "scans.FraudScore / Detail", "scans.FraudSense / Detail", "scans.G-Data / Detail", "scans.K7AntiVirus / Detail", "scans.Kaspersky / Detail", "scans.Malekal / Detail", "scans.Malwared / Detail", "scans.MalwarePatrol / Detail", "scans.Netcraft / Detail", "scans.Nucleon / Detail", "scans.OpenPhish / Detail", "scans.Opera / Detail", "scans.PhishLabs / Detail", "scans.Phishtank / Detail", "scans.Quttera / Detail", "scans.Rising / Detail", "scans.SecureBrain / Detail", "scans.securolytics / Detail", "scans.Sophos / Detail", "scans.Spam404 / Detail", "scans.StopBadware / Detail", "scans.Tencent / Detail", "scans.ThreatHive / Detail", "scans.Trustwave / Detail", "scans.URLQuery / Detail", "scans.Webutation / Detail", "scans.ZCloudsec / Detail", "scans.ZeroCERT / Detail", "scans.Zerofox / Detail", "scans.zvelo / Detail", "scans['AegisLab WebGuard'] / Detail", "scans['CLEAN MX'] / Detail", "scans['Comodo Site Inspector'] / Detail", "scans['desenmascara.me'] / Detail", "scans['Dr.Web'] / Detail", "scans['Forcepoint ThreatSeeker'] / Detail", "scans['Google Safebrowsing'] / Detail", "scans['Malware Domain Blocklist'] / Detail", "scans['Malwarebytes hpHosts'] / Detail", "scans['malwares.com URL checker'] / Detail", "scans['SCUMWARE.org'] / Detail", "scans['Sucuri SiteCheck'] / Detail", "scans['Virusdie External Site Scan'] / Detail", "scans['VX Vault'] / Detail", "scans['Web Security Guard'] / Detail", "scans['ZDB Zeus'] / Detail");
UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.KnownUrls.First());
Assert.Equal(UrlReportResponseCode.Present, urlReport.ResponseCode);
}
public async Task GetReportUnknownUrl()
{
UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com");
Assert.Equal(ReportResponseCode.NotPresent, urlReport.ResponseCode);
//We are not supposed to have a scan id
Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
public async Task GetReportForUnknownUrlAndScan()
{
UrlReport urlReport = await VirusTotal.GetUrlReport("VirusTotal.NET" + Guid.NewGuid() + ".com", true);
//It return "present" because we told it to scan it
Assert.Equal(ReportResponseCode.Present, urlReport.ResponseCode);
//We are supposed to have a scan id because we scanned it
Assert.False(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
public async Task GetReportUnknownUrl()
{
IgnoreMissingJson(" / filescan_id", " / Permalink", " / Positives", " / scan_date", " / scan_id", " / Scans", " / Total", " / URL");
UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.GetUnknownUrls(1).First());
Assert.Equal(UrlReportResponseCode.NotPresent, urlReport.ResponseCode);
//We are not supposed to have a scan id
Assert.True(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
public async Task GetReportForUnknownUrlAndScan()
{
IgnoreMissingJson(" / filescan_id", " / Positives", " / Scans", " / Total");
UrlReport urlReport = await VirusTotal.GetUrlReportAsync(TestData.GetUnknownUrls(1).First(), true);
//It return "present" because we told it to scan it
Assert.Equal(UrlReportResponseCode.Present, urlReport.ResponseCode);
//We are supposed to have a scan id because we scanned it
Assert.False(string.IsNullOrWhiteSpace(urlReport.ScanId));
}
static void Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
ScanResult urlResult = virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
Console.WriteLine("Press a key to continue");
Console.ReadLine();
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
if (urlReport.ResponseCode == UrlReportResponseCode.Present)
{
foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
}
Console.WriteLine();
}
public static void ReviewScan(UrlReport urlReport)
{
string allLines = null;
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans)
{
string currentLine = string.Format("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
allLines += currentLine + Environment.NewLine; // Adds to string, so it can be written to file later
}
}
}
private static async Task RunExample()
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
FileInfo fileInfo = new FileInfo("EICAR.txt");
File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult);
}
Console.WriteLine();
UrlReport urlReport = await virusTotal.GetUrlReport(ScanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrl(ScanUrl);
PrintScan(urlResult);
}
}
private static async Task Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReportAsync(eicar);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt");
PrintScan(fileResult);
}
Console.WriteLine();
string scanUrl = "http://www.google.com/";
UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl);
PrintScan(urlResult);
}
}
/// <summary>
/// The listBox1_DoubleClick
/// </summary>
/// <param name="sender">The sender<see cref="object"/></param>
/// <param name="e">The e<see cref="EventArgs"/></param>
private async void listBox1_DoubleClick(object sender, EventArgs e)
{
var ip = listBox1.SelectedItem.ToString();
VirusTotal virustotal =
new VirusTotal("a3f22a4baa6bfb80942e3aa9824c0673acab04140cb7825487590d587d70c485")
{
UseTLS = true
};
UrlReport report = await virustotal.GetUrlReportAsync(ip);
bool Scancheck = report.ResponseCode == UrlReportResponseCode.Present;
UrlScanResult fileResult = await virustotal.ScanUrlAsync(ip);
if (Scancheck)
{
linkLabel2.Text = fileResult.Permalink;
}
else
{
if (fileResult.Permalink.Contains("://"))
{
Process.Start(fileResult.Permalink);
}
}
if (report.ResponseCode == UrlReportResponseCode.Present)
{
foreach (KeyValuePair <string, UrlScanEngine> scan in report.Scans)
{
ListViewItem itm = new ListViewItem {
Text = scan.Key
};
itm.SubItems.Add(scan.Value.Result);
if (scan.Value.Result == "clean site")
{
itm.SubItems[1].ForeColor = Color.Green;
itm.UseItemStyleForSubItems = false;
}
else
{
itm.SubItems[1].ForeColor = Color.Red;
itm.UseItemStyleForSubItems = false;
}
itm.SubItems.Add(report.ScanDate.ToString(CultureInfo.CurrentCulture));
itm.SubItems.Add(report.ScanId);
listView1.Items.Add(itm);
}
}
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (ScanEngine scan in urlReport.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Name, scan.Detected);
}
}
Console.WriteLine();
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Response code: " + urlReport.ResponseCode.ToString());
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
Console.WriteLine("Last Scan Date: " + urlReport.ScanDate.ToString());
Console.WriteLine("Detection Rate: " + urlReport.Positives.ToString() + " of " + urlReport.Total.ToString());
Console.WriteLine("Permalink: " + urlReport.Permalink);
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
Console.WriteLine("{0,-25} {1}", "URL Scanner", "Result");
foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans)
{
Console.WriteLine("{0,-25} {1}", scan.Key, scan.Value.Result);
}
}
}
public static void PrintScan(UrlReport urlReport, string urlText)
{
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
string folderName = @"ScanReports";
string pathStringURL = System.IO.Path.Combine(folderName, "URL");
System.IO.Directory.CreateDirectory(pathStringURL);
string allLines = ""; // For writing to file
allLines += "Scan ID : " + urlReport.ScanId + Environment.NewLine;
allLines += "Scan Result from VirusTotal \n";
using (new WaitCursor())
{
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans)
{
string currentLine = string.Format("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
allLines += currentLine + Environment.NewLine; // Adds to string, so it can be written to file later
Console.WriteLine(currentLine); // Writes to console
}
}
// Creating a Text File
try
{
string pathURL = @"ScanReports\URL\" + urlText + ".txt";
File.WriteAllText(pathURL, allLines);
}
catch (Exception e)
{
Console.WriteLine("Cannot create text file for writing");
Console.WriteLine(e.Message);
return;
}
MessageBox.Show("A report of this scan has been created with Scan ID : " + urlReport.ScanId, "SecureNet");
//MessageBox.Show(allLines);
}
}
public async Task ExecuteVirusTotalScan(ScanRequest request)
{
try
{
VirusTotal virusTotal = new VirusTotal(_possibleScans.VirusTotalApiKey);
UrlReport urlReport = await virusTotal.GetUrlReportAsync(request.WebsiteUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present;
//_logger.LogInformation("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
ParseVirusTotalScanResult(urlReport, request);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrlAsync(request.WebsiteUrl);
int tryCount = 0;
while (tryCount < 1000)
{
UrlReport urlCurrentReport = await virusTotal.GetUrlReportAsync(request.WebsiteUrl);
hasUrlBeenScannedBefore = urlCurrentReport.ResponseCode == UrlReportResponseCode.Present;
if (hasUrlBeenScannedBefore)
{
ParseVirusTotalScanResult(urlReport, request);
break;
}
_logger.LogDebug("SKIPPING");
await Task.Delay(2000);
tryCount++;
}
}
}
catch (Exception e)
{
_logger.LogError(e, "Error at ExecuteVirusTotalScan, Error: ");
}
}
private void ParseVirusTotalScanResult(UrlReport urlReport, ScanRequest request)
{
_logger.LogDebug("Scan ID: " + urlReport.ScanId);
_logger.LogDebug("Message: " + urlReport.VerboseMsg);
if (urlReport.ResponseCode == UrlReportResponseCode.Present)
{
foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans)
{
request.ScanVirusTotal.Add(new ScanVirusTotal()
{
ScanProvider = scan.Key,
ScanResult = scan.Value.Detected
});
_logger.LogDebug("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
}
}
private static void PrintScan(UrlReport urlReport, string name, bool hasUrlBeenScannedBefore, RichTextBox richtextbox, DataGridView datagridview)
{
int infectednum = 0, cleannum = 0, count = 0;;
string result = "Scanned URL: " + name + "\n\nURL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes\n" : "No\n\nNote: Scanning may take some time, please try to scan again in a while to see the result!"); //removed part + "Scan ID: " + urlReport.ScanId + "\n" + "Message: " + urlReport.VerboseMsg
richtextbox.Text = result;
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans)
{
datagridview.Rows.Add();
datagridview.Rows[count].HeaderCell.Value = count.ToString();
datagridview.Rows[count].Cells[0].Value = scan.Key;
datagridview.Rows[count].Cells[1].Value = (scan.Value.Detected ? "Infected" : "Clean");
datagridview.Rows[count].Cells[2].Value = scan.Value.Result;
if (scan.Value.Detected)
{
datagridview.Rows[count].DefaultCellStyle.BackColor = Color.Red;
infectednum++;
}
else
{
datagridview.Rows[count].DefaultCellStyle.BackColor = Color.Green;
cleannum++;
}
count++;
}
datagridview.ClearSelection();
if (infectednum == 0)
{
richtextbox.ForeColor = Color.Green;
}
else
{
richtextbox.ForeColor = Color.Red;
}
}
richtextbox.Text += "\nDetection ratio: " + infectednum + "/" + count;
}
private static void PrintScan(UrlReport urlReport)
{
int temp1 = 0;
fcnt = 0;
total = urlReport.Total;
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in urlReport.Scans)
{
if (scan.Value.Detected)
{
temp1 += 1;
}
}
fcnt = temp1;
}
}
//==================== UNUSED CODE====================
#region Unused code
#region malicious/suspicious checking; add to beforeRequest before/after checkBlackList
/*
* AddtoHostList(hostname); //hardcoding of suspicious & malicious hosts
*
#region checking if urlhostlist has checked host before
* for (int i = 0; i < URLHostList.Count; i++)
* {
* if (URLHostList.ToString().Contains(hostname))
* {
* string element = URLHostList[i].ToString();
* if (element.Contains("1"))
* {
* checkSafeInt = 1; //safe
* }
* else if (element.Contains("2"))
* {
* checkSafeInt = 2; //suspicious
* }
* else if (element.Contains("3"))
* {
* checkSafeInt = 3; //malicious
* }
* else
* checkSafeInt = 0; //not checked
* }
* }
#endregion
*
* if (checkSafeInt == 3) //site is unsafe
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* { A = oSession.id.ToString(), B = oSession.url, C = oSession.hostname, D = oSession.fullUrl, E = oSession.state.ToString() };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
*
* }));
* }
* else if (checkSafeInt == 2)//site may be compromised
* {
* //pause thread to ask to proceed
* MessageBoxResult result = MessageBox.Show(
* "This URL is potentially compromised, do you wish to proceed?",
* "SecureNet",
* MessageBoxButton.YesNo,
* MessageBoxImage.Warning);
*
* switch (result)
* {
* case MessageBoxResult.Yes:
* {
*
* }
* //user assume is safe
* break;
* case MessageBoxResult.No:
* {
* oSession.Abort();
* Console.WriteLine("** Session Aborted");
*
* //update datagrid of failure
* dataGrid1.Dispatcher.Invoke(new UpdateUI(() =>
* {
* DataObject newDataObject = new DataObject()
* {
* A = oSession.id.ToString(),
* B = oSession.url,
* C = oSession.hostname,
* D = oSession.fullUrl,
* E = oSession.state.ToString()
* };
* DataObjects.Add(newDataObject);
* dataGrid1.Items.Add(newDataObject);
* Console.WriteLine("Add to DataObject");
* }));
* break;
* }
* }
* }
* else //site is safe
* {
* //do nothing, proceed to after session
* return;
* }*/
#endregion
#region VirusTotal Scanning -> Not completed as unable to check if it works due to public API constraints
public async void VirusTotalURLScan(string shortUrl, string hostname)
{
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(shortUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
if (hasUrlBeenScannedBefore)
{
ReviewScan(urlReport);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(shortUrl);
NewScan(urlResult, hostname);
}
}
public async Task <ActionResult <string> > VirusTotalCheckUrlAsync([FromBody] string scanUrl)
{
UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present;
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
return("Number of scans: " + urlReport.Total + " " + "Positive: " + urlReport.Positives);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl);
UrlReport newUrlReport = await virusTotal.GetUrlReportAsync(scanUrl);
return("Url is being scanned, come back later for the result.");
}
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Scan Date: " + urlReport.ScanDate);
Console.WriteLine("Scan Link: " + urlReport.Permalink);
Console.WriteLine("Host Detections: " + urlReport.Positives + "/" + urlReport.Total);
if (urlReport.ResponseCode == UrlReportResponseCode.Present)
{
foreach (KeyValuePair <string, UrlScanEngine> scan in urlReport.Scans)
{
if (scan.Value.Detected)
{
Console.BackgroundColor = ConsoleColor.White;
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("WARNING: Posible Malicious Host Detected");
Console.ResetColor();
}
}
}
Console.WriteLine();
}
/// <summary>
/// URL Scan
/// </summary>
/// <param name="urlText"></param>
public async void startVTAsyncURL(string urlText)
{
if (urlText.Contains("."))
{
using (new WaitCursor())
{
//If textbox empty, won't scan
if (string.IsNullOrEmpty((ScanTxtBox.Text)))
{
return;
}
VirusTotal vt = new VirusTotal(ConfigurationManager.AppSettings["virusTotalAPIKey"].ToString());
vt.UseTLS = true;
UrlReport urlReport = await vt.GetUrlReport(urlText);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == ReportResponseCode.Present;
Console.WriteLine(hasUrlBeenScannedBefore);
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
MessageBox.Show(urlText + " has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport, urlText);
}
else
{
UrlScanResult urlResult = await vt.ScanUrl(urlText);
PrintScan(urlResult);
}
}
}
else
{
MessageBox.Show("Invalid link", "SecureNet");
}
}
/// <summary>
/// Performs a URL scan.
/// Request a URL scan.
/// Then checks every thirty seconds for a result.
/// Doesn't return until VT results come in. Can take up to five minutes
/// </summary>
/// <param name="url"></param>
/// <param name="delayBetweenRequestsMs">Virus Total only allows up to 4 request per minute. This delay adds a pause between each api call. Avoids exceptions. Defaults to 30.5 seconds.</param>
/// <returns>A Tuple. Item 1 is a detection ratio (a float derived from positives divided by total). Item 2 is Virus Total permalink for scan.</returns>
public async Task <Tuple <float, string> > ScanUrlComplete(string url, int delayBetweenRequestsMs = 30500)
{
Console.WriteLine($"Getting Url Report: {url}");
await _virusTotal.ScanUrl(url);
UrlReport urlReport = null;
while (urlReport == null || urlReport.ResponseCode != ResponseCodes.ReportResponseCode.Present)
{
await Task.Delay(delayBetweenRequestsMs);
Console.WriteLine($"Waiting {delayBetweenRequestsMs} ms");
urlReport = await _virusTotal.GetUrlReport(url);
}
var detectionRatio = urlReport.Positives / (float)urlReport.Total;
Console.WriteLine($"Detection Ratio: {urlReport.Positives} / {urlReport.Total} = {detectionRatio}");
return(new Tuple <float, string>(detectionRatio, urlReport.Permalink));
}
/// <summary>
/// Performs a URL scan.
/// Checks every 16 seconds for result finally returns.
/// </summary>
/// <param name="url"></param>
/// <returns>A Tuple. Item 1 is positives count (goal: 0). Item 2 is Virus Total permalink for scan.</returns>
public async Task <Tuple <int, string> > ScanUrlComplete(string url)
{
//todo implement time out auto cancel at five minutes
Console.WriteLine($"Getting Url Report: {url}");
UrlReport urlReport = null;
while (urlReport == null || urlReport.ResponseCode != ResponseCodes.ReportResponseCode.Present)
{
if (urlReport != null)
{
await Task.Delay(ScanCompleteDelayBetweenFileReportRequestsMs);
}
Console.WriteLine($"Waiting {ScanCompleteDelayBetweenFileReportRequestsMs} ms");
urlReport = await GetUrlReport(url, true);
}
Console.WriteLine($"FileReport: {urlReport}");
Console.WriteLine($"Positives: {urlReport.Positives}");
return(new Tuple <int, string>(urlReport.Positives, urlReport.Permalink));
}
private static void PrintScan(UrlReport urlReport)
{
Console.WriteLine("Scan ID: " + urlReport.ScanId);
Console.WriteLine("Message: " + urlReport.VerboseMsg);
if (urlReport.ResponseCode == ReportResponseCode.Present)
{
foreach (KeyValuePair<string, ScanEngine> scan in urlReport.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
}
Console.WriteLine();
}
