使用virustotal VT 查询情报——感觉远远没有微步、思科好用,10万条数据查出来5万条都有postives >0的记录,尼玛!!!

?
1
2
3
4
5
6
7
8
9
10
11
12
1399  git clone https://github.com/VirusTotal/c-vtapi.git
1400  cd c-vtapi/
1402  sudo apt-get install automake autoconf libtool libjansson-dev libcurl4-openssl-dev
1407  autoreconf -fi
1408  ./configure --enable-examples
1409  make
1410  sudo make install
1419  find . -name libcvtapi.so.1
1420  sudo cp lib/.libs/* /lib64/
1421  ./example_progs/ip_report --apikey xxxxx --report 106.38.75.154
1422  sudo cp lib/.libs/* /lib/
1423  ./example_progs/ip_report --apikey xxxx --report 106.38.75.154

 结果:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
main:84: rescan ret=0
Response:
{
    "resolutions": [
        {
            "last_resolved": "2017-12-20 00:00:00",
            "hostname": "testratmal.ddns.net"
        }
    ],
    "undetected_urls": [],
    "detected_downloaded_samples": [],
    "detected_urls": [
        {
            "scan_date": "2018-01-15 10:53:25",
            "url": "http://106.38.75.154/",
            "positives": 1,
            "total": 66
        },
        {
            "scan_date": "2017-12-20 15:23:43",
            "url": "http://testratmal.ddns.net/",
            "positives": 1,
            "total": 66
        }
    ],
    "undetected_downloaded_samples": [],
    "verbose_msg": "IP address in dataset",
    "response_code": 1,
    "as_owner": "China Networks Inter-Exchange",
    "country": "CN",
    "asn": "4847"
}
main:117: Cleanup

 如果是使用python接口则pip install virustotal-api
然后:

?
1
2
3
4
5
6
7
8
9
from __future__ import print_function
import json
from virus_total_apis import PublicApi as VirusTotalPublicApi
 
API_KEY = '1?7?7440?eca037b88fd160ef6c8e04b69ba434bdd76ef2ab0ab52a567650157'
vt = VirusTotalPublicApi(API_KEY)
 
response = vt.get_ip_report("106.38.75.154")
print(json.dumps(response, sort_keys=False, indent=4))

???是你自己的api key,输出结果:

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "results": {
        "undetected_urls": [],
        "undetected_downloaded_samples": [],
        "detected_downloaded_samples": [],
        "response_code": 1,
        "as_owner": "China Networks Inter-Exchange",
        "detected_urls": [
            {
                "url": "http://106.38.75.154/",
                "positives": 1,
                "total": 66,
                "scan_date": "2018-01-15 10:53:25"
            },
            {
                "url": "http://testratmal.ddns.net/",
                "positives": 1,
                "total": 66,
                "scan_date": "2017-12-20 15:23:43"
            }
        ],
        "verbose_msg": "IP address in dataset",
        "country": "CN",
        "resolutions": [
            {
                "last_resolved": "2017-12-20 00:00:00",
                "hostname": "testratmal.ddns.net"
            }
        ],
        "asn": "4847"
    },
    "response_code": 200
}

alkdsjfalksjf abc 109321dlkaDsadfsa测试OK!

posted @   bonelee  阅读(2347)  评论(0编辑  收藏  举报
编辑推荐:
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」
点击右上角即可分享
微信分享提示