时间戳

首页 > 解决方案 > 如何让此代码工作以确定 VirusTotal 输出是否是恶意的?

python - 如何让此代码工作以确定 VirusTotal 输出是否是恶意的?

问题描述

我的代码应该确定从 VirusTotal 输出的关于域的 .txt 文件的内容是恶意的还是良性的。但是,此代码不起作用。如果有人能让这段代码正常工作,我将不胜感激!我想将结果导出到带有结果列的 csv 文件。如果域有任何积极的结果,我想返回 True 值,否则我想在结果列中返回 false。

import csv
import json
import pprint
import sys


TOPCERTPATH = 'TopScoringCERTS_clean.txt'
BOTTOMCERTPATH = 'BottomScoringCERTS_clean.txt'
TOPCSVPATH = 'TopScoringResults.csv'
BOTTOMCSVPATH = 'BottomScoringResults.csv'
VTOUTPUTPATH = './output/'
VTOUTPUTEXT = '.txt'


pp = pprint.PrettyPrinter(indent=4)


# Check files from VirusTotal queries for any positive results
# Result is false unless any nonzero positive result is true
def vt_result_check(vt_result_path):
    vt_result = None
    try:
        vt_result = False
        with open(vt_result_path) as vt_result_file:
            vt_data = json.load(vt_result_file)

            # Look for any positive detected referrer samples
            try:
                for sample in (vt_data['detected_referrer_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected communicating samples
            try:
                for sample in (vt_data['detected_communicating_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected downloaded samples
            try:
                for sample in (vt_data['detected_downloaded_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected URLs
            try:
                for sample in (vt_data['detected_urls']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for a Dr. Web category of known infection source
            try:
                if (vt_data['Dr.Web category'] == "known infection source"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of elevated exposure
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "elevated exposure"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of phishing and other frauds
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "phishing and other frauds"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of suspicious content
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "suspicious content"):
                    vt_result = True
            except:
                pass

            #pp.pprint(vt_data)
    except:
        pass
    return vt_result

标签: pythonjsonpython-3.x

解决方案

推荐阅读