virusgotal: github.com/moldabekov/virusgotal/vt Index | Files

package govt

import "github.com/moldabekov/virusgotal/vt"

Package govt is a VirusTotal API v2 client written for the Go programming language.

Written by Willi Ballenthin while at Mandiant. June, 2013.

File upload capabilities by Florian 'scusi' Walther June, 2014.

File distribution support by Christopher 'tankbusta' Schmitt while at Mandiant October, 2014.

File updated and patched by M. Moldabek, 2017.

Index

Package Files

vt.go

Constants

const (
    // Fallback VT API URL
    DefaultURL = "https://www.virustotal.com/vtapi/v2/"
)

func SetErrorLog Uses

func SetErrorLog(logger *log.Logger) func(*Client) error

SetErrorLog sets the logger for critical messages. It is nil by default.

func SetTraceLog Uses

func SetTraceLog(logger *log.Logger) func(*Client) error

SetTraceLog specifies the logger to use for output of trace messages like HTTP requests and responses. It is nil by default.

type AdditionnalInfoResult Uses

type AdditionnalInfoResult struct {
    Magic            string               `json:"magic"`
    Signature        SigCheck             `json:"sigcheck"`
    PEImpHash        string               `json:"pe-imphash"`
    PETimeStamp      int                  `json:"pe-timestamp"`
    PEResourceList   map[string]string    `json:"pe-resource-list"`
    PEResourceLangs  map[string]int       `json:"pe-resource-langs"`
    PEResourceTypes  map[string]int       `json:"pe-resource-types"`
    PEResourceDetail []PEResource         `json:"pe-resource-detail"`
    PEMachineType    int                  `json:"pe-machine-type"`
    PEEntryPoint     int                  `json:"pe-entry-point"`
    AutoStart        []AutoStartEntry     `json:"autostart"`
    Imports          map[string][]string  `json:"imports"`
    TrustedVerdict   TrustedVerdictResult `json:"trusted_verdict"`
}

type AutoStartEntry Uses

type AutoStartEntry struct {
    Entry    string `json:"entry"`
    Location string `json:"location"`
}

type Client Uses

type Client struct {
    // contains filtered or unexported fields
}

Client interacts with the services provided by VirusTotal.

func New Uses

func New(options ...OptionFunc) (*Client, error)

New creates a new virustotal client.

The caller can configure the new client by passing configuration options to the func.

Example:

client, err := govt.New(
  govt.SetUrl("http://some.url.com:port"),
  govt.SetErrorLog(log.New(os.Stderr, "VT: ", log.Lshortfile))

If no URL is configured, Client uses DefaultURL by default.

If no HttpClient is configured, then http.DefaultClient is used. You can use your own http.Client with some http.Transport for advanced scenarios.

An error is also returned when some configuration option is invalid.

func (*Client) GetComments Uses

func (client *Client) GetComments(resource string) (r *CommentReport, err error)

GetComments gets comments for file/URL/IP/domain.

func (*Client) GetDetailedFileReport Uses

func (client *Client) GetDetailedFileReport(md5 string) (r *DetailedFileReport, err error)

GetDetailedFileReport fetches the AV scan reports tracked by VT given an MD5 hash value. This API is part of the VTI Private API, requiring a licenced API key

func (*Client) GetDomainReport Uses

func (client *Client) GetDomainReport(domain string) (r *DomainReport, err error)

GetDomainReport fetches the passive DNS information about a DNS address.

func (*Client) GetFile Uses

func (client *Client) GetFile(hash string) (r *FileDownloadResult, err error)

GetFile fetches a file from VT that matches a given md5/sha1/sha256 sum

func (*Client) GetFileDistribution Uses

func (client *Client) GetFileDistribution(params *Parameters) (r *FileDistributionResults, err error)

GetFileDistribution fetches files from the VT distribution API

func (*Client) GetFileFeed Uses

func (client *Client) GetFileFeed(packageRange string) ([]FileFeed, error)

GetFileFeed fetches files from the VT feed API

func (*Client) GetFileNetworkTraffic Uses

func (client *Client) GetFileNetworkTraffic(hash string) (r *FileDownloadResult, err error)

func (*Client) GetFileReport Uses

func (client *Client) GetFileReport(md5 string) (r *FileReport, err error)

GetFileReport fetches the AV scan reports tracked by VT given an MD5 hash value.

func (*Client) GetFileReports Uses

func (client *Client) GetFileReports(md5s []string) (r *FileReportResults, err error)

GetFileReports fetches the AV scan reports tracked by VT given set of MD5 hash values.

func (*Client) GetIpReport Uses

func (client *Client) GetIpReport(ip string) (r *IpReport, err error)

GetIpReport fetches the passive DNS information about an IP address.

func (*Client) GetUrlReport Uses

func (client *Client) GetUrlReport(url string) (r *UrlReport, err error)

GetUrlReport fetches the AV scan reports tracked by VT given a URL. Does not support the optional `scan` parameter.

func (*Client) GetUrlReports Uses

func (client *Client) GetUrlReports(urls []string) (r *UrlReports, err error)

GetUrlReports fetches AV scan reports tracked by VT given URLs. Does not support the optional `scan` parameter.

func (*Client) MakeAPIGetRequest Uses

func (client *Client) MakeAPIGetRequest(fullurl string, parameters Parameters) (resp *http.Response, err error)

MakeAPIGetRequest fetches a URL with querystring via HTTP GET and

returns the response if the status code is HTTP 200

`parameters` should not include the apikey. The caller must call `resp.Body.Close()`.

func (*Client) MakeComment Uses

func (client *Client) MakeComment(resource string, comment string) (r *Status, err error)

MakeComment adds a comment to a file/URL/IP/domain.

func (*Client) RescanFile Uses

func (client *Client) RescanFile(md5 string) (r *RescanFileResult, err error)

RescanFile asks VT to redo analysis on the specified file.

func (*Client) RescanFiles Uses

func (client *Client) RescanFiles(md5s []string) (r *RescanFileResults, err error)

RescanFiles asks VT to redo analysis on the specified files.

func (*Client) ScanFile Uses

func (client *Client) ScanFile(file string) (r *ScanFileResult, err error)

ScanFile asks VT to analysis on the specified file, thats also uploaded.

func (*Client) ScanUrl Uses

func (client *Client) ScanUrl(url string) (r *ScanUrlResult, err error)

ScanUrl asks VT to redo analysis on the specified file.

func (*Client) ScanUrls Uses

func (client *Client) ScanUrls(urls []string) (r *ScanUrlResults, err error)

ScanUrls asks VT to redo analysis on the specified files.

func (*Client) SearchFile Uses

func (client *Client) SearchFile(query, offset string) (r *FileSearchResult, err error)

SearchFile(query, offset) - searches VT Intelligence for files that meet the given search criteria It returns a list of hashes of files that matched the search criteria. See the following URL for possible search operators: https://www.virustotal.com/intelligence/help/file-search/#search-operators This functionality is part of the VT PrivateAPI.

type ClientError Uses

type ClientError struct {
    // contains filtered or unexported fields
}

ClientError is a generic error specific to the `govt` package.

func (ClientError) Error Uses

func (client ClientError) Error() string

Error returns a string representation of the error condition.

type Comment Uses

type Comment struct {
    Date    string `json:"date"`
    Comment string `json:"comment"`
}

Comment is defined by VT

type CommentReport Uses

type CommentReport struct {
    Status
    Resource string    `json:"resource"`
    Comments []Comment `json:"comments"`
}

CommentReport is defined by VT.

type DetailedFileReport Uses

type DetailedFileReport struct {
    FileReportDistrib
    Tags                []string              `json:"tags"`
    UniqueSources       uint16                `json:"unique_sources"`
    TimesSubmitted      uint16                `json:"times_submitted"`
    HarmlessVotes       uint16                `json:"harmless_votes"`
    MaliciousVotes      uint16                `json:"malicious_votes"`
    CommunityReputation int                   `json:"community_reputation"`
    AdditionnalInfo     AdditionnalInfoResult `json:"additional_info"`
    IntoTheWildURLs     []string              `json:"ITW_urls"`
    SubmissionNames     []string              `json:"submission_names"`
    Ssdeep              string                `json:"ssdeep"`
}

type DetectedUrl Uses

type DetectedUrl struct {
    Url       string `json:"url"`
    Total     uint16 `json:"total"`
    Positives uint16 `json:"positives"`
    ScanDate  string `json:"scan_date"`
}

DetectedUrl is defined by VT.

type DomainReport Uses

type DomainReport struct {
    Status
    Resolutions  []DomainResolution
    DetectedUrls []DetectedUrl `json:"detected_urls"`
}

DomainReport is defined by VT.

type DomainResolution Uses

type DomainResolution struct {
    LastResolved string `json:"last_resolved"`
    IpAddress    string `json:"ip_address"`
}

DomainResolution is defined by VT.

type FileDistributionResults Uses

type FileDistributionResults []FileReportDistrib

type FileDownloadResult Uses

type FileDownloadResult struct {
    Content []byte
}

FileDownloadResult

type FileFeed Uses

type FileFeed struct {
    Vhash               string        `json:"vhash"`
    SubmissionNames     []string      `json:"submission_names"`
    ScanDate            string        `json:"scan_date"`
    FirstSeen           string        `json:"first_seen"`
    TimesSubmitted      int           `json:"times_submitted"`
    Size                int           `json:"size"`
    ScanID              string        `json:"scan_id"`
    Total               int           `json:"total"`
    HarmlessVotes       int           `json:"harmless_votes"`
    VerboseMsg          string        `json:"verbose_msg"`
    Sha256              string        `json:"sha256"`
    Type                string        `json:"type"`
    Link                string        `json:"link"`
    Positives           int           `json:"positives"`
    Ssdeep              string        `json:"ssdeep"`
    Md5                 string        `json:"md5"`
    Permalink           string        `json:"permalink"`
    Sha1                string        `json:"sha1"`
    ResponseCode        int           `json:"response_code"`
    CommunityReputation int           `json:"community_reputation"`
    MaliciousVotes      int           `json:"malicious_votes"`
    ITWUrls             []interface{} `json:"ITW_urls"`
    LastSeen            string        `json:"last_seen"`
}

FileFeed high level elements of the file feed API As much more data but kept simple for brevity

type FileReport Uses

type FileReport struct {
    Status
    Resource  string              `json:"resource"`
    ScanId    string              `json:"scan_id"`
    Md5       string              `json:"md5"`
    Sha1      string              `json:"sha1"`
    Sha256    string              `json:"sha256"`
    ScanDate  string              `json:"scan_date"`
    Positives uint16              `json:"positives"`
    Total     uint16              `json:"total"`
    Scans     map[string]FileScan `json:"scans"`
    Permalink string              `json:"permalink"`
}

FileReport is defined by VT.

type FileReportDistrib Uses

type FileReportDistrib struct {
    Status
    Md5           string `json:"md5"`
    Sha1          string `json:"sha1"`
    Sha256        string `json:"sha256"`
    Type          string `json:"type"`
    FirstSeen     string `json:"first_seen"`
    LastSeen      string `json:"last_seen"`
    Link          string `json:"link"`
    Name          string `json:"name"`
    Size          int    `json:"size"`
    SourceCountry string `json:"source_country"`
    SourceId      string `json:"source_id"`
    Timestamp     int    `json:"timestamp"`
    VHash         string `json:"vhash"`
    // Ugh. VT inconsistency. Data is an array rather than k/v like other APIs
    Scans map[string][]string `json:"report"`
}

type FileReportResults Uses

type FileReportResults []FileReport

FileReportResults is defined by VT.

type FileScan Uses

type FileScan struct {
    Detected bool   `json:"detected"`
    Version  string `json:"version"`
    Result   string `json:"result"`
    Update   string `json:"update"`
}

FileScan is defined by VT.

type FileSearchResult Uses

type FileSearchResult struct {
    ResponseCode int      `json:"response_code"`
    Offset       string   `json:"offset"`
    Hashes       []string `json:"hashes"`
}

File Search Result

type IpReport Uses

type IpReport struct {
    Status
    Resolutions  []IpResolution
    DetectedUrls []DetectedUrl `json:"detected_urls"`
}

IpReport is defined by VT.

type IpResolution Uses

type IpResolution struct {
    LastResolved string `json:"last_resolved"`
    Hostname     string `json:"hostname"`
}

IpResolution is defined by VT.

type OptionFunc Uses

type OptionFunc func(*Client) error

OptionFunc is a function that configures a Client. It is used in New

func SetApikey Uses

func SetApikey(apikey string) OptionFunc

SetApikey sets the VT API key to use

func SetBasicAuth Uses

func SetBasicAuth(username, password string) OptionFunc

SetBasicAuth allows to set proxy credentials

func SetHttpClient Uses

func SetHttpClient(httpClient *http.Client) OptionFunc

SetHttpClient can be used to specify the http.Client to use when making HTTP requests to VT.

func SetUrl Uses

func SetUrl(rawurl string) OptionFunc

SetUrl defines the URL endpoint VT

type PEResource Uses

type PEResource struct {
    Lang     string `json:"lang"`
    FileType string `json:"filetype"`
    Sha256   string `json:"sha256"`
    Type     string `json:"type"`
}

type Parameters Uses

type Parameters map[string]string

Parameters for the HTTP requests

type RescanFileResult Uses

type RescanFileResult struct {
    Status
    Resource  string `json:"resource"`
    ScanId    string `json:"scan_id"`
    Permalink string `json:"permalink"`
    Sha256    string `json:"sha256"`
}

RescanFileResult is defined by VT.

type RescanFileResults Uses

type RescanFileResults []RescanFileResult

RescanFileResults is defined by VT.

type ScanFileResult Uses

type ScanFileResult struct {
    Status
    Resource  string `json:"resource"`
    ScanId    string `json:"scan_id"`
    Permalink string `json:"permalink"`
    Sha256    string `json:"sha256"`
    Sha1      string `json:"sha1"`
    Md5       string `json:"md5"`
}

ScanFileResult is defined by VT.

type ScanUrlResult Uses

type ScanUrlResult struct {
    Status
    ScanId    string `json:"scan_id"`
    ScanDate  string `json:"scan_date"`
    Permalink string `json:"permalink"`
    Url       string `json:"url"`
}

ScanUrlResult is defined by VT.

type ScanUrlResults Uses

type ScanUrlResults []ScanUrlResult

ScanUrlResults is defined by VT.

type SigCheck Uses

type SigCheck struct {
    SignersDetails []SignerDetail `json:"signers details"`
    Verified       string         `json:"verified"`
    Publisher      string         `json:"publisher"`
    Product        string         `json:"product"`
    Description    string         `json:"description"`
    SigningDate    string         `json:"signing date"`
}

type SignerDetail Uses

type SignerDetail struct {
    Status       string `json:"status"`
    Name         string `json:"name"`
    Thumbprint   string `json:"thumbprint"`
    SerialNumber string `json:"serial number"`
    ValidFrom    string `json:"valid from"`
    ValidTo      string `json:"valid to"`
}

type Status Uses

type Status struct {
    ResponseCode int    `json:"response_code"`
    VerboseMsg   string `json:"verbose_msg"`
}

Status is the set of fields shared among all VT responses.

type TrustedVerdictResult Uses

type TrustedVerdictResult struct {
    Organization string `json:"organization"`
    Verdict      string `json:"verdict"`
    Filename     string `json:"filename"`
}

type UrlReport Uses

type UrlReport struct {
    Status
    Url        string             `json:"url"`
    Resource   string             `json:"resource"`
    ScanId     string             `json:"scan_id"`
    ScanDate   string             `json:"scan_date"`
    Permalink  string             `json:"permalink"`
    Positives  uint16             `json:"positives"`
    Total      uint16             `json:"total"`
    Scans      map[string]UrlScan `json:"scans"`
    FileScanId string             `json:"filescan_id"`
}

UrlReport is defined by VT.

type UrlReports Uses

type UrlReports []UrlReport

UrlReports is defined by VT.

type UrlScan Uses

type UrlScan struct {
    Detected bool   `json:"detected"`
    Result   string `json:"result"`
}

UrlScan is defined by VT.

Package govt imports 16 packages (graph) and is imported by 2 packages. Updated 2018-04-23. Refresh now. Tools for package owners.