使用virustotal的api进行URL扫描

毕设的一部分功能是完成恶意URL的检测，为了获取到带标签的数据，提交URL到virustotal网站上可以获得URL的标签，即它是否是恶意的。

首先需要在网站上注册，获取自己的apikey https://www.virustotal.com

具体的内容可以通过查阅https://developers.virustotal.com/v2.0/reference

这里举例提交一个URL进行检测，并且获取结果的代码实现

import requests

url = 'https://www.virustotal.com/vtapi/v2/url/report'

params = {'apikey': 'a2c4c89637e57dc27bdb3048989da16c530c2dfffc4783c62fa95ea936e19d80', 'resource':'baidu.com'}

response = requests.get(url, params=params)

print(response.json())

返回的结果比较长,主要就是在那六十多个恶意URL数据库中是否检测到了该URL。

{'filescan_id': None, 'total': 67, 'scan_date': '2018-03-26 04:17:30', 'scan_id': 'ccb3443904fdb38ab01c29ec81f082192a1cc9a373fe5074911770252f7fda45-1522037850', 'response_code': 1, 'positives': 0, 'url': 'http://baidu.com/', 'scans': {'G-Data': {'detected': False, 'result': 'clean site'}, 'Zerofox': {'detected': False, 'result': 'clean site'}, 'Avira': {'detected': False, 'result': 'clean site'}, 'CyRadar': {'detected': False, 'result': 'clean site'}, 'ESET': {'detected': False, 'result': 'clean site'}, 'MalwarePatrol': {'detected': False, 'result': 'clean site'}, 'zvelo': {'detected': False, 'result': 'clean site'}, 'Rising': {'detected': False, 'result': 'clean site'}, 'Baidu-International': {'detected': False, 'result': 'clean site'}, 'Web Security Guard': {'detected': False, 'result': 'clean site'}, 'Malwared': {'detected': False, 'result': 'clean site'}, 'FraudSense': {'detected': False, 'result': 'clean site'}, 'DNS8': {'detected': False, 'result': 'clean site'}, 'BitDefender': {'detected': False, 'result': 'clean site'}, 'Malware Domain Blocklist': {'detected': False, 'result': 'clean site'}, 'Kaspersky': {'detected': False, 'result': 'clean site'}, 'ZeusTracker': {'detected': False, 'result': 'clean site', 'detail': 'https://zeustracker.abuse.ch/monitor.php?host=baidu.com'}, 'NotMining': {'detected': False, 'result': 'unrated site'}, 'AlienVault': {'detected': False, 'result': 'clean site'}, 'OpenPhish': {'detected': False, 'result': 'clean site'}, 'StopBadware': {'detected': False, 'result': 'unrated site'}, 'VX Vault': {'detected': False, 'result': 'clean site'}, 'Tencent': {'detected': False, 'result': 'clean site'}, 'Fortinet': {'detected': False, 'result': 'clean site'}, 'PhishLabs': {'detected': False, 'result': 'unrated site'}, 'Webutation': {'detected': False, 'result': 'clean site'}, 'Comodo Site Inspector': {'detected': False, 'result': 'clean site'}, 'CyberCrime': {'detected': False, 'result': 'clean site'}, 'Nucleon': {'detected': False, 'result': 'clean site'}, 'desenmascara.me': {'detected': False, 'result': 'clean site'}, 'Opera': {'detected': False, 'result': 'clean site'}, 'Sucuri SiteCheck': {'detected': False, 'result': 'clean site'}, 'AegisLab WebGuard': {'detected': False, 'result': 'clean site'}, 'URLQuery': {'detected': False, 'result': 'clean site'}, 'CLEAN MX': {'detected': False, 'result': 'clean site'}, 'Spam404': {'detected': False, 'result': 'clean site'}, 'SecureBrain': {'detected': False, 'result': 'clean site'}, 'securolytics': {'detected': False, 'result': 'clean site'}, 'SCUMWARE.org': {'detected': False, 'result': 'clean site'}, 'MalwareDomainList': {'detected': False, 'result': 'clean site', 'detail': 'http://www.malwaredomainlist.com/mdl.php?search=baidu.com'}, 'Malekal': {'detected': False, 'result': 'clean site'}, 'ZDB Zeus': {'detected': False, 'result': 'clean site'}, 'Google Safebrowsing': {'detected': False, 'result': 'clean site'}, 'Trustwave': {'detected': False, 'result': 'clean site'}, 'FraudScore': {'detected': False, 'result': 'clean site'}, 'Malwarebytes hpHosts': {'detected': False, 'result': 'clean site'}, 'Phishtank': {'detected': False, 'result': 'clean site'}, 'Netcraft': {'detected': False, 'result': 'unrated site'}, 'AutoShun': {'detected': False, 'result': 'unrated site'}, 'Quttera': {'detected': False, 'result': 'suspicious site'}, 'ADMINUSLabs': {'detected': False, 'result': 'clean site'}, 'ZCloudsec': {'detected': False, 'result': 'clean site'}, 'ZeroCERT': {'detected': False, 'result': 'clean site'}, 'Certly': {'detected': False, 'result': 'clean site'}, 'Yandex Safebrowsing': {'detected': False, 'result': 'clean site', 'detail': 'http://yandex.com/infected?l10n=en&url=http://baidu.com/'}, 'Virusdie External Site Scan': {'detected': False, 'result': 'clean site'}, 'Forcepoint ThreatSeeker': {'detected': False, 'result': 'clean site'}, 'Antiy-AVL': {'detected': False, 'result': 'clean site'}, 'Blueliv': {'detected': False, 'result': 'clean site'}, 'Dr.Web': {'detected': False, 'result': 'clean site'}, 'Sophos': {'detected': False, 'result': 'unrated site'}, 'ThreatHive': {'detected': False, 'result': 'clean site'}, 'malwares.com URL checker': {'detected': False, 'result': 'clean site'}, 'Malc0de Database': {'detected': False, 'result': 'clean site', 'detail': 'http://malc0de.com/database/index.php?search=baidu.com'}, 'Emsisoft': {'detected': False, 'result': 'clean site'}, 'K7AntiVirus': {'detected': False, 'result': 'clean site'}, 'C-SIRT': {'detected': False, 'result': 'clean site'}}, 'resource': 'baidu.com', 'verbose_msg': 'Scan finished, scan information embedded in this object', 'permalink': 'https://www.virustotal.com/url/ccb3443904fdb38ab01c29ec81f082192a1cc9a373fe5074911770252f7fda45/analysis/1522037850/'}

然而，当试图批量进行url检测的时候会出现新的问题,返回simplejson.scanner.JSONDecodeError

输出response查看后发现：

response = requests.get(url, params=params)
print(response)

输出结果：
00ksw.org
<Response [200]>
0img.mgtv.com
<Response [200]>
1.173.19.221
<Response [200]>
1.192.137.245
<Response [200]>
1.192.137.248
<Response [204]>
1.192.192.131
<Response [204]>

查看官方FAQ才知道公共API一分钟只能发起4次查询请求。

并且，要注意这一项response_code ：若搜索项不在VirusTotals的收录中，将被返回0；若请求项仍入队请求分析，将被返回-2；若请求项存在并且可被检索，将返回1。