From 27d3607e91d86eb789b46b5a9a68871155ca7c66 Mon Sep 17 00:00:00 2001
From: Tobias Kessels <tobias.kessels@certbw.de>
Date: Thu, 22 Feb 2018 15:24:05 +0100
Subject: [PATCH] added scan_vt.py

scan_vt.py is a simple virtustotal query tool
---
 scan_vt.py | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100755 scan_vt.py

diff --git a/scan_vt.py b/scan_vt.py
new file mode 100755
index 0000000..38cde92
--- /dev/null
+++ b/scan_vt.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python3
+import requests
+import sys
+import hashlib
+from os.path import expanduser
+
+
+out_sep=';'
+
+with open(expanduser('~/.virustotal_api_key')) as api_f:
+  api_key=api_f.readline().strip()
+
+with open(sys.argv[1],'rb') as f:
+  hash=hashlib.md5(f.read())
+
+params = {'apikey': api_key, 'resource': hash.hexdigest()}
+headers = {
+  "Accept-Encoding": "gzip, deflate",
+  "User-Agent" : "gzip,  My Python requests library example client or username"
+  }
+
+response = requests.get('https://www.virustotal.com/vtapi/v2/file/report', params=params, headers=headers)
+
+try:
+  json_response = response.json()
+except:
+  print(response)
+  exit(1)
+
+if json_response["response_code"]:
+  print("{}{}{}{}{}/{}{}{}".format(sys.argv[1],out_sep,hash.hexdigest(),out_sep,json_response["positives"],json_response["total"],out_sep,json_response["permalink"]))
+else:
+  print("{}{}{}{}{}".format(sys.argv[1],out_sep,hash.hexdigest(),out_sep,out_sep))
+