VT_Url-IP.py

#!/usr/bin/env python
import json
import json as simplejson
import urllib
import urllib2
import sys
import time
from IPy import IP

"""
VirusTotal encourage you to retrieve the latest report on the URL before performing the submission,
if it is recent enough you might want to save time and bandwidth by making use of it.
Keep in mind that URLs sent using the API have the lowest scanning priority, depending on VirusTotal's load,
it may take several hours before the URL is scanned, so query the report at regular intervals until the result shows up
and do not keep submitting the URL once and over again.
"""
apikey = "YOUR VT API KEY"

def howto():
    print '\n===============================================\
          \nVT URL / IP Scan tdr[dot]local[at]gmail[dot]com\n==============================================='
    print 'Usage: VT_Url-IP.py <-url|-ip> <parameter>'
    sys.exit(1)

def main():

    if len(sys.argv)<=2:
        howto()

    global input_options
    global input_para

    input_options = sys.argv[1]
    input_para = sys.argv[2]

    if input_options == '-url':

        url2 = "https://www.virustotal.com/vtapi/v2/url/report"
        parameters2 = {"resource": input_para, "apikey": apikey}
        data2 = urllib.urlencode(parameters2)
        req2 = urllib2.Request(url2, data2)
        response2 = urllib2.urlopen(req2)
        json2 = response2.read()
        #print json2
        try:
            global response_dict
            response_dict = simplejson.loads(json2)
        except ValueError:
            print "No JSON object could be decoded. Sending for submission.."
            return scan()

        date = response_dict.get("scan_date")
        if response_dict.get("verbose_msg") == 'The requested resource is not among the finished, queued or pending scans':
            print '\nURL report is not available!'
            s = raw_input('Send for scan? Keep in mind that URLs sent using the API \nhave the lowest scanning priority (y/n)')
            if s == 'y':
                return scan()
            else:
                print 'Bye-bye'
                sys.exit()
        else:
            if date[0:4] == '2012':
                print '\nReport is older than current year: '+date
                s = raw_input('Send for rescan? Keep in mind that URLs sent using the API \nhave the lowest scanning priority (y/n)')
                if s == 'y':
                    return scan()
                elif s == 'n':
                    return result()
                else:
                    print 'Invalid option.Exiting.'
                    sys.exit()
            result()

    elif input_options == '-ip':
        try:
            IP(input_para) #test for valid IP from IPy module
            url = 'https://www.virustotal.com/vtapi/v2/ip-address/report'
            parameters = {'ip': input_para, 'apikey': '47e428f4e7b84a1bbdbeff0108d97163e6a27c3b8af5802b9554801c493da747'}
            response = urllib.urlopen('%s?%s' % (url, urllib.urlencode(parameters))).read()
            response_dict = json.loads(response)
            #print response_dict

            lala = response_dict.get("resolutions")
            detect_url = response_dict.get("detected_urls")

            #print detect_url
            print "\n======================\nVT IP address reports\n======================"
            print "\nIP address: " + input_para + "\n"
            print "last_resolved\t\t\thostname\n----------------------------------------"

            try:
                for k in lala:
                #print k
                    t = '\t\t'.join(str(e) for e in k.values())
                    if 'None' in t:
                        t = '\t\t\t\t'.join(str(e) for e in k.values())
                        print t
                    else: print t
                print '\nDetected URLs\n---------------'
                print 'Date\t\t\tRatio\t\t\tURL\n'
                for detected in detect_url:
                    value = detected.values()
                    print value[3] +"     "+ str(value[1]) + "/" + str(value[2]) + "\t" + value[0]
            except TypeError:
                print '*Not detected/Not in dataset*'
        except ValueError:
            print '\nLimit 4 submissions per minute or Please insert valid IP address!'
    else:
        howto()

def result():
    print "\nOlder/Most recent report:\n------------------------"
    print "Scan date on: " +response_dict.get("scan_date")
    print "URL: " +response_dict.get("url")
    print "Total scanner: " + str(response_dict.get("total"))
    print "Positives: " + str(response_dict.get("positives")) +"\n"

    lala = response_dict.get("scans").items()
    print 'URL scanner results:\n-------------------\n'
    for k, v in lala:
        #detect = ' '.join('{}->{}'.format(key, val) for key, val in v.items())
        value = v.values()
        if 'True' in str(value[0]):
            print ('%25s     %s' % (k , value[1]))
    print '\n\t\t  **End of results**'
    print '_______________________________\nPermalink:'
    print response_dict.get("permalink")

def scan():
    url = "https://www.virustotal.com/vtapi/v2/url/scan"
    parameters = {"url": input_para, "apikey": apikey}
    data = urllib.urlencode(parameters)
    req = urllib2.Request(url, data)
    response = urllib2.urlopen(req)
    json = response.read()
    #print json
    try:
        response_dict = simplejson.loads(json)
        print "\n"+response_dict.get("scan_date")
        print response_dict.get("verbose_msg")
    except ValueError:
        print "No JSON object could be decoded..retrying in 60secs"
        time.sleep(60)

if __name__ == '__main__':
    main()