| Title: | R Client for the VirusTotal API |
|---|---|
| Description: | Use VirusTotal, a Google service that analyzes files and URLs for viruses, worms, trojans etc., provides category of the content hosted by a domain from a variety of prominent services, provides passive DNS information, among other things. See <http://www.virustotal.com> for more information. |
| Authors: | Gaurav Sood [aut, cre] |
| Maintainer: | Gaurav Sood <[email protected]> |
| License: | MIT + file LICENSE |
| Version: | 0.2.2 |
| Built: | 2024-11-12 04:56:37 UTC |
| Source: | https://github.com/themains/virustotal |
Access virustotal API. See https://www.virustotal.com/. Details about results of calls to the API can be found at https://developers.virustotal.com/v2.0/reference.
You will need credentials to use this application. If you haven't already, get the API Key at https://www.virustotal.com/.
Gaurav Sood
Add comments on files and URLs. For instance, flagging false positives, adding details about malware, instructions for cleaning malware, etc.
add_comments(hash = NULL, comment = NULL, ...)add_comments(hash = NULL, comment = NULL, ...)
hash |
hash for the resource you want to comment on; Required; String |
comment |
review; Required; String |
... |
Additional arguments passed to |
data.frame with 2 columns: response_code, verbose_msg
If the hash is incorrect or a duplicate comment is posted, response_code will be 0
If the hash is incorrect, verbose_msg will be 'Invalid resource'
If a duplicate comment is posted, verbose_msg will be 'Duplicate comment'
If a comment is posted successfully, response_code will be 1
and verbose_msg will be 'Your comment was successfully posted'
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') add_comments(hash='99017f6eebbac24f351415dd410d522d', comment="This is great.") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') add_comments(hash='99017f6eebbac24f351415dd410d522d', comment="This is great.") ## End(Not run)
Retrieves report on a given domain, including passive DNS, urls detected by at least one url scanner. Gives category of the domain from bitdefender.
domain_report(domain = NULL, ...)domain_report(domain = NULL, ...)
domain |
domain name. String. Required. |
... |
Additional arguments passed to |
named list with the following possible items:
`BitDefender category`, undetected_referrer_samples, whois_timestamp,
detected_downloaded_samples, detected_referrer_samples, `Webutation domain info`, `Alexa category`, undetected_downloaded_samples,
resolutions, detected_communicating_samples, `Opera domain info`, `TrendMicro category`, categories, domain_siblings,
`BitDefender domain info`, whois, `Alexa domain info`, response_code, verbose_msg, `Websense ThreatSeeker category`, subdomains,
`WOT domain info`, detected_urls, `Alexa rank`, undetected_communicating_samples, `Dr.Web category`, pcaps
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') domain_report("http://www.google.com") domain_report("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') domain_report("http://www.google.com") domain_report("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)
Get File Scan Report
file_report(hash = NULL, ...)file_report(hash = NULL, ...)
hash |
Hash for the scan |
... |
Additional arguments passed to |
data.frame with 16 columns:
service, detected, version, update, result, scan_id, sha1, resource, response_code,
scan_date, permalink, verbose_msg, total, positives, sha256, md5
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') file_report(hash='99017f6eebbac24f351415dd410d522d') ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') file_report(hash='99017f6eebbac24f351415dd410d522d') ## End(Not run)
Retrieve comments for an Internet domain
get_domain_comments(domain = NULL, limit = limit, cursor = cursor, ...)get_domain_comments(domain = NULL, limit = limit, cursor = cursor, ...)
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list with the following possible items:
`BitDefender category`, undetected_referrer_samples, whois_timestamp,
detected_downloaded_samples, detected_referrer_samples, `Webutation domain info`, `Alexa category`, undetected_downloaded_samples,
resolutions, detected_communicating_samples, `Opera domain info`, `TrendMicro category`, categories, domain_siblings,
`BitDefender domain info`, whois, `Alexa domain info`, response_code, verbose_msg, `Websense ThreatSeeker category`, subdomains,
`WOT domain info`, detected_urls, `Alexa rank`, undetected_communicating_samples, `Dr.Web category`, pcaps
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_comments("http://www.google.com") get_domain_comments("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_comments("http://www.google.com") get_domain_comments("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)
Retrieve information about an Internet domain
get_domain_info(domain = NULL, limit = NULL, cursor = NULL, ...)get_domain_info(domain = NULL, limit = NULL, cursor = NULL, ...)
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_info("http://www.google.com") get_domain_info("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_info("http://www.google.com") get_domain_info("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)
Retrieve related objects to an Internet domain
get_domain_relationship( domain = NULL, relationship = "subdomains", limit = NULL, cursor = NULL, ... )get_domain_relationship( domain = NULL, relationship = "subdomains", limit = NULL, cursor = NULL, ... )
domain |
domain name. String. Required. |
relationship |
relationship name. String. Required. Default is |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_relationship("https://www.google.com") get_domain_relationship("https://www.goodsfwrfw.com") # Domain not found ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_relationship("https://www.google.com") get_domain_relationship("https://www.goodsfwrfw.com") # Domain not found ## End(Not run)
Retrieve votes for an Internet domain
get_domain_votes(domain = NULL, limit = NULL, cursor = NULL, ...)get_domain_votes(domain = NULL, limit = NULL, cursor = NULL, ...)
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_votes("http://www.google.com") get_domain_votes("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_domain_votes("http://www.google.com") get_domain_votes("http://www.goodsfwrfw.com") # Domain not found ## End(Not run)
Retrieve comments for an IP address
get_ip_comments(ip = NULL, limit = NULL, cursor = NULL, ...)get_ip_comments(ip = NULL, limit = NULL, cursor = NULL, ...)
ip |
IP Address. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_comments("64.233.160.0") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_comments("64.233.160.0") ## End(Not run)
Retrieves report on a given domain, including passive DNS, urls detected by at least one url scanner. Gives category of the domain from bitdefender.
get_ip_info(ip = NULL, limit = NULL, cursor = NULL, ...)get_ip_info(ip = NULL, limit = NULL, cursor = NULL, ...)
ip |
IP address. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_info("64.233.160.0") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_info("64.233.160.0") ## End(Not run)
Retrieve votes for an IP address
get_ip_votes(ip = NULL, limit = NULL, cursor = NULL, ...)get_ip_votes(ip = NULL, limit = NULL, cursor = NULL, ...)
ip |
IP address. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_votes("64.233.160.0") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') get_ip_votes("64.233.160.0") ## End(Not run)
Get passive DNS data and URLs detected by URL scanners
ip_report(ip = NULL, ...)ip_report(ip = NULL, ...)
ip |
a valid IPv4 address in dotted quad notation; String; Required |
... |
Additional arguments passed to |
named list with the following potential items:
undetected_referrer_samples, detected_downloaded_samples, detected_referrer_samples,
undetected_downloaded_samples, detected_urls, undetected_downloaded_samples, response_code, as_owner, verbose_msg, country,
undetected_referrer_samples, detected_communicating_samples, resolutions, undetected_communicating_samples, asn
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') ip_report(ip="8.8.8.8") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') ip_report(ip="8.8.8.8") ## End(Not run)
Add a comment to an Internet domain
post_domain_comments(domain = NULL, comment = NULL, ...)post_domain_comments(domain = NULL, comment = NULL, ...)
domain |
domain name. String. Required. |
comment |
vote. String. Required. Any word starting with # in your comment's text will be considered a tag, and added to the comment's tag attribute. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_domain_comments(domain = "https://google.com", comment = "Great!") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_domain_comments(domain = "https://google.com", comment = "Great!") ## End(Not run)
Add a vote for a hostname or domain
post_domain_votes(domain = NULL, vote = NULL, ...)post_domain_votes(domain = NULL, vote = NULL, ...)
domain |
domain name. String. Required. |
vote |
vote. String. Required. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_domain_votes("http://google.com", vote = "malicious") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_domain_votes("http://google.com", vote = "malicious") ## End(Not run)
Add a comment to an IP address
post_ip_comments(ip = NULL, comment = NULL, ...)post_ip_comments(ip = NULL, comment = NULL, ...)
ip |
IP address. String. Required. |
comment |
Comment. String. Required. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_ip_comments(ip = "64.233.160.0", comment = "test") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_ip_comments(ip = "64.233.160.0", comment = "test") ## End(Not run)
Add a vote for a IP address
post_ip_votes(ip = NULL, vote = NULL, ...)post_ip_votes(ip = NULL, vote = NULL, ...)
ip |
IP address. String. Required. |
vote |
vote. String. Required. |
... |
Additional arguments passed to |
named list
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_ip_votes(ip = "64.233.160.0", vote = "malicious") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') post_ip_votes(ip = "64.233.160.0", vote = "malicious") ## End(Not run)
Virustotal requests throttled at 4 per min. The function creates an env. var. that tracks number of requests per minute, and enforces appropriate waiting.
rate_limit()rate_limit()
The function returns a data.frame with a scan_id and sha256, sha1, md5 hashes,
all of which can be used to retrieve the report using file_report
rescan_file(hash = NULL, ...)rescan_file(hash = NULL, ...)
hash |
Hash for the scan. String. Required. |
... |
Additional arguments passed to |
data.frame with 12 columns:
scans, scan_id, sha1, resource, response_code, scan_date, permalink, verbose_msg, total, positives, sha256, md5
response_code is 0 if the file is not in the database (hash can't be found).
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') rescan_file(hash='99017f6eebbac24f351415dd410d522d') rescan_file(hash='99017f6ee51415dd410d522d') # incorrect hash ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') rescan_file(hash='99017f6eebbac24f351415dd410d522d') rescan_file(hash='99017f6ee51415dd410d522d') # incorrect hash ## End(Not run)
Submit a file for scanning
scan_file(file_path = NULL, ...)scan_file(file_path = NULL, ...)
file_path |
Required; Path to the document |
... |
Additional arguments passed to |
data.frame with the following columns:
scan_id, sha1, resource, response_code, sha256, permalink, md5, verbose_msg
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') scan_file(file_path='path_to_suspicious_file') ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') scan_file(file_path='path_to_suspicious_file') ## End(Not run)
Submit a URL for scanning. Returns a data.frame with scan_id which can be used to
fetch the report using url_report
scan_url(url = NULL, ...)scan_url(url = NULL, ...)
url |
url; string; required |
... |
Additional arguments passed to |
data.frame with 7 columns:
permalink, resource, url, response_code, scan_date, scan_id, verbose_msg
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') scan_url("http://www.google.com") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') scan_url("http://www.google.com") ## End(Not run)
Before anything else, get the API key from https://www.virustotal.com/en/.
Next, use set_key to store the API key in an environment variable VirustotalToken.
Once you have set the API key, you can use any of the functions.
set_key(api_key = NULL)set_key(api_key = NULL)
api_key |
API key. String. Required. |
https://developers.virustotal.com/v2.0/reference
## Not run: set_key('api_key_here') ## End(Not run)## Not run: set_key('api_key_here') ## End(Not run)
Retrieve a scan report for a given URL. If no scan report is available, set scan to 1 to get a new report.
url_report(url = NULL, scan_id = NULL, scan = 1, ...)url_report(url = NULL, scan_id = NULL, scan = 1, ...)
url |
URL. String. |
scan_id |
scan id for a particular url scan. String. |
scan |
String. Optional. Can be 0 or 1. Default is |
... |
Additional arguments passed to |
data.frame with 13 columns:
scan_id, resource, url, response_code, scan_date, permalink, verbose_msg, positives, total, .id, detected, result, detail
https://developers.virustotal.com/v2.0/reference
set_key for setting the API key
## Not run: # Before calling the function, set the API key using set_key('api_key_here') url_report("http://www.google.com") url_report(scan_id = "ebdd15c397d2b0c6f50c3f2df531357d1201ff5976802316405e60880d6bf5ec-1478786749") ## End(Not run)## Not run: # Before calling the function, set the API key using set_key('api_key_here') url_report("http://www.google.com") url_report(scan_id = "ebdd15c397d2b0c6f50c3f2df531357d1201ff5976802316405e60880d6bf5ec-1478786749") ## End(Not run)
Request Response Verification
virustotal_check(req)virustotal_check(req)
req |
request |
in case of failure, a message
GET for the Current V3 API
virustotal_GET( query = list(), path = path, key = Sys.getenv("VirustotalToken"), ... )virustotal_GET( query = list(), path = path, key = Sys.getenv("VirustotalToken"), ... )
query |
query list |
path |
path to the specific API service url |
key |
A character string containing Virustotal API Key. The default is retrieved from |
... |
Additional arguments passed to |
list
POST for the Current V3 API
virustotal_POST( query = list(), path = path, body = NULL, key = Sys.getenv("VirustotalToken"), ... )virustotal_POST( query = list(), path = path, body = NULL, key = Sys.getenv("VirustotalToken"), ... )
query |
query list |
path |
path to the specific API service url |
body |
file |
key |
A character string containing Virustotal API Key. The default is retrieved from |
... |
Additional arguments passed to |
list
GET for the v2 API
virustotal2_GET( query = list(), path = path, key = Sys.getenv("VirustotalToken"), ... )virustotal2_GET( query = list(), path = path, key = Sys.getenv("VirustotalToken"), ... )
query |
query list |
path |
path to the specific API service url |
key |
A character string containing Virustotal API Key. The default is retrieved from |
... |
Additional arguments passed to |
list
POST for V2 API
virustotal2_POST( query = list(), path = path, body = NULL, key = Sys.getenv("VirustotalToken"), ... )virustotal2_POST( query = list(), path = path, body = NULL, key = Sys.getenv("VirustotalToken"), ... )
query |
query list |
path |
path to the specific API service url |
body |
file |
key |
A character string containing Virustotal API Key. The default is retrieved from |
... |
Additional arguments passed to |
list