dxlvtapiclient.client module¶
-
class
dxlvtapiclient.client.
VirusTotalApiClient
(dxl_client)¶ Bases:
dxlbootstrap.client.Client
The VirusTotal DXL Python client library provides a high level wrapper for invoking the VirusTotal API via the Data Exchange Layer (DXL) fabric.
Constructor parameters:
Parameters: dxl_client -- The DXL client to use for communication with the fabric -
domain_report
(domain)¶ Retrieves a report on the specified domain. See this page for more information.
Parameters: domain -- A domain name. Returns: Returns a dictionary ( dict
) containing the response information. See this page for more information.
-
file_report
(resource, all_info=None)¶ Retrieves an existing file scan report for the specified file(s). See this page for more information.
Parameters: - resource -- An md5/sha1/sha256 hash of a file for which to retrieve
the most recent antivirus report. A scan identifier
(sha256-timestamp as returned by the scan API) can be specified to
access a specific report. Multiple hashes/identifiers can be
specified via a Python
list
. - all_info -- [
private api
optional
] : SpecifyingTrue
will cause additional information to be included with the response (This includes the output of several tools acting on the file).
Returns: Returns a dictionary (
dict
) containing the response information. See this page for more information.- resource -- An md5/sha1/sha256 hash of a file for which to retrieve
the most recent antivirus report. A scan identifier
(sha256-timestamp as returned by the scan API) can be specified to
access a specific report. Multiple hashes/identifiers can be
specified via a Python
-
file_rescan
(resource, date=None, period=None, repeat=None, notify_url=None, notify_changes_only=None)¶ Rescans existing files in VirusTotal's file store without resubmitting them. See this page for more information.
Parameters: - resource -- An md5/sha1/sha256 hash. Multiple hashes can be
specified via a Python
list
. - date -- [
private api
optional
] : When the rescan should be performed. If not specified the rescan will be performed immediately. This can be specified as adatetime.datetime
value or as a string. If specified as a string, the date must be specified using the%Y%m%d%H%M%S
format (For example:20120725170000
). - period -- [
private api
optional
] : Periodicity (in days) with which the file should be rescanned. If this argument is provided the file will be rescanned periodically every period days, if not, the rescan is performed once and not repeated again. - repeat -- [
private api
optional
] : Used in conjunction with period to specify the number of times the file should be rescanned. If this argument is provided the file will be rescanned the given amount of times in coherence with the chosen periodicity, if not, the file will be rescanned indefinitely. - notify_url -- [
private api
optional
] : A URL to which a POST notification should be sent when the rescan finishes. - notify_changes_only -- [
private api
optional
] : Used in conjunction withnotify_url
. SpecifyingTrue
indicates that POST notifications should only be sent if the scan results differ from the previous one.
Returns: Returns a dictionary (
dict
) containing the response information. See this page for more information.- resource -- An md5/sha1/sha256 hash. Multiple hashes can be
specified via a Python
-
ip_report
(ip)¶ Retrieves a report on the specified IP address. See this page for more information.
Parameters: ip -- A valid IPv4 address in dotted quad notation. Returns: Returns a dictionary ( dict
) containing the response information. See this page for more information.
-
url_report
(resource, scan=None, all_info=None)¶ Retrieves an existing scan report for the specified URL(s). See this page for more information.
Parameters: - resource -- Retrieves the most recent report for the specified URL.
A scan identifier (sha256-timestamp as returned by the URL submission
API) can be specified to access a specific report. Multiple
URLs/identifiers can be specified via a Python
list
. - scan -- [
optional
] : SpecifyingTrue
will automatically submit the URL for analysis if no report is found for it in the VirusTotal database. In this case the result will contain ascan_id
field that can be used to query the analysis report later on. - all_info -- [
private api
optional
] : SpecifyingTrue
will cause additional information to be included with the response (This includes the output of several tools acting on the URL).
Returns: Returns a dictionary (
dict
) containing the response information. See this page for more information.- resource -- Retrieves the most recent report for the specified URL.
A scan identifier (sha256-timestamp as returned by the URL submission
API) can be specified to access a specific report. Multiple
URLs/identifiers can be specified via a Python
-