Ruby gem for VirusTotal Public API v2.0
https://www.virustotal.com/en/documentation/public-api/
Installation
Add this line to your application's Gemfile:
gem 'vtapi'
And then execute:
$ bundle
Or install it yourself as:
$ gem install vtapi
Usage
Prepare
# initialize
api = VtAPI.new('-- Your API KEY--')
File Report
# retrieve file report by file hash(SHA256, SHA1, MD5)
resp = api.file_report('00ce460c8b337110912066f746731a916e85bf1d7f4b44f09ca3cc39f9b52a98')
puts resp.response_code # 1: OK, 0: result doesn't exist, -2: still queued
# resp is a instance of VtAPI::Response class
puts resp.positives # num of positives
puts resp.scan_results # {"McAfee"=>nil, "Symantec"=>"Android.ZertSecurity", ... }
File Report (multiple resources)
# retrieve file report by file hash(SHA256, SHA1, MD5)
# up to 4 resources can assign
resources = ['00ce460c8b33711091206..', ..]
resps = api.file_report(resources)
resps.each do |r|
puts "#{r.sha256}: #{r.positives} / #{r.total}" if r.response_code == 1
end
The following APIs are supported Posting multi resources(URLs).
- VtAPI#file_report
- VtAPI#file_rescan
- VtAPI#url_scan
- VtAPI#url_report
File Scan (File Upload)
# read file
data = File.open(some_path, 'rb') {|f| f.read }
# upload data
resp = api.file_scan(data)
# confirm response_code
puts resp.response_code # 1: OK, 0: result doesn't exist, -2: still queued
URL Scan
# upload url
resp = api.url_scan(url)
# confirm response_code
puts resp.response_code # 1: OK, 0: result doesn't exist, -2: still queued
URL Report
# upload url
resp = api.url_scan(url)
# confirm result
puts resp.scans
Features
Support API
- file/scan
- file/resan
- file/report
- url/scan
- url/report
Not implemented yet
- ip-address/report
- domain/report
Unsupported
- comments/puts
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request