Automate VirusTotal API Retrieval with Python

By /

Introduction to VirusTotal and Its API

In the ever-evolving landscape of cybersecurity, tools that assist developers and security professionals in analyzing potential threats are invaluable. One such tool is VirusTotal, which aggregates various antivirus engines and tools to assess the safety of files and URLs. By leveraging the VirusTotal API, developers can automate the process of querying this information, providing an efficient solution for integrating security checks into their applications.

The VirusTotal API offers various functionalities, from URL analysis to file scanning. For developers who are keen on building automated workflows, understanding how to interact with this API using Python is crucial. In this guide, we will take an in-depth look at how to set up your Python environment to access the VirusTotal API and create a small utility that retrieves and processes information.

This article is intended for both beginners eager to enhance their Python programming skills and seasoned developers looking to streamline processes with automation. You will learn step-by-step how to harness the power of the VirusTotal API using GitHub for version control, ensuring that you can create manageable and maintainable code.

Setting Up Your Environment

Before diving into coding, you need to set up your development environment. We will use PyCharm or VS Code as our IDE and manage dependencies with pip. Make sure Python is installed on your machine (preferably version 3.6 or above) and check it by running python --version in your terminal.

Begin by creating a new directory for your project and initializing a new Git repository. Use the following commands in your terminal:

mkdir virustotal_api_automation 
cd virustotal_api_automation 
git init

Next, create a virtual environment to manage your project dependencies. In your project directory, run:

python -m venv venv 
source venv/bin/activate  # On Windows use `venv\Scripts\activate`

Now, install the required Python packages. We will need the requests library to send HTTP requests to the VirusTotal API:

pip install requests

Once you have completed these steps, you are ready to start writing your Python script!

Getting Your API Key

To interact with the VirusTotal API, you will need an API key. This key identifies your account and grants you permission to access the various API features. You can obtain a free API key by signing up on the VirusTotal website. Once logged in, navigate to your user settings to find your API key.

Keep your API key secure; it is important not to expose it in public repositories. For this article, we will utilize environment variables to safely manage the API key. Create a new file in your project directory called .env and add your API key as follows:

VIRUSTOTAL_API_KEY=your_api_key_here

After creating your .env file, you will need to install the python-dotenv package to load the API key from the environment variable:

pip install python-dotenv

With the API key securely stored, we can now start writing our main script to query the VirusTotal API.

Writing the Python Script

Create a Python file in your project directory called virustotal_query.py. This script will handle API requests to VirusTotal. Begin by importing the necessary libraries:

import os 
import requests 
from dotenv import load_dotenv 

load_dotenv()  # Load environment variables

Next, define the base URL for the VirusTotal API and create a function that retrieves your API key:

API_KEY = os.getenv('VIRUSTOTAL_API_KEY') 
BASE_URL = "https://www.virustotal.com/api/v3/"

Now, let’s create a function to query VirusTotal for a URL analysis. This function will take a URL as input, send a request to the VirusTotal API, and return the response:

def query_url(url):
    headers = { 'x-apikey': API_KEY }  # Set the API key in request headers
    response = requests.get(BASE_URL + 'urls/' + url, headers=headers)
    return response.json()

In this function, make sure to encode the URL appropriately, as it should be base64 encoded for the API request. You can implement this using the following code:

import base64 

def query_url(url):
    url_id = base64.urlsafe_b64encode(url.encode()).decode().strip("=") 
    headers = { 'x-apikey': API_KEY }
    response = requests.get(BASE_URL + 'urls/' + url_id, headers=headers)
    return response.json()

This functionality will allow you to send URL queries directly to VirusTotal and retrieve the associated report.

Processing the Response

After querying the VirusTotal API, the next step is to process and display the results. Let’s create a function that handles the API response and extracts relevant information. Here’s an example of a function that checks if the URL is safe:

def analyze_response(response):
    if 'data' in response:
        attributes = response['data']['attributes']
        last_analysis = attributes['last_analysis_results']
        is_safe = all(result['malware'] == 0 for result in last_analysis.values())  # Check for malware
        return is_safe, attributes
    return False, None

This function checks the analysis results for any malware flags and returns a boolean indicating whether the URL is safe, along with the full attributes details.

Putting It All Together

Now that we have the individual components of our script, let’s tie everything together into a main function that accepts user input (the URL to be checked) and outputs the results:

def main():

    url = input('Enter a URL to analyze: ')

    response = query_url(url)

    is_safe, attributes = analyze_response(response)

    print(f'The URL {url} is {

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top