dxlvtapiclient.client module

class dxlvtapiclient.client.VirusTotalApiClient(dxl_client)

Bases: dxlbootstrap.client.Client

The VirusTotal DXL Python client library provides a high level wrapper for invoking the VirusTotal API via the Data Exchange Layer (DXL) fabric.

Constructor parameters:

Parameters:dxl_client -- The DXL client to use for communication with the fabric

domain_report(domain)

Retrieves a report on the specified domain. See this page for more information.

Parameters:domain -- A domain name. Returns:Returns a dictionary (dict) containing the response information. See this page for more information.

file_report(resource, all_info=None)

Retrieves an existing file scan report for the specified file(s). See this page for more information.

Parameters:

• resource -- An md5/sha1/sha256 hash of a file for which to retrieve the most recent antivirus report. A scan identifier (sha256-timestamp as returned by the scan API) can be specified to access a specific report. Multiple hashes/identifiers can be specified via a Python list.
• all_info -- [private api optional] : Specifying True will cause additional information to be included with the response (This includes the output of several tools acting on the file).

Returns:

Returns a dictionary (dict) containing the response information. See this page for more information.

file_rescan(resource, date=None, period=None, repeat=None, notify_url=None, notify_changes_only=None)

Rescans existing files in VirusTotal's file store without resubmitting them. See this page for more information.

Parameters:

• resource -- An md5/sha1/sha256 hash. Multiple hashes can be specified via a Python list.
• date -- [private api optional] : When the rescan should be performed. If not specified the rescan will be performed immediately. This can be specified as a datetime.datetime value or as a string. If specified as a string, the date must be specified using the %Y%m%d%H%M%S format (For example: 20120725170000).
• period -- [private api optional] : Periodicity (in days) with which the file should be rescanned. If this argument is provided the file will be rescanned periodically every period days, if not, the rescan is performed once and not repeated again.
• repeat -- [private api optional] : Used in conjunction with period to specify the number of times the file should be rescanned. If this argument is provided the file will be rescanned the given amount of times in coherence with the chosen periodicity, if not, the file will be rescanned indefinitely.
• notify_url -- [private api optional] : A URL to which a POST notification should be sent when the rescan finishes.
• notify_changes_only -- [private api optional] : Used in conjunction with notify_url. Specifying True indicates that POST notifications should only be sent if the scan results differ from the previous one.

Returns:

Returns a dictionary (dict) containing the response information. See this page for more information.

ip_report(ip)

Retrieves a report on the specified IP address. See this page for more information.

Parameters:ip -- A valid IPv4 address in dotted quad notation. Returns:Returns a dictionary (dict) containing the response information. See this page for more information.

url_report(resource, scan=None, all_info=None)

Retrieves an existing scan report for the specified URL(s). See this page for more information.

Parameters:

• resource -- Retrieves the most recent report for the specified URL. A scan identifier (sha256-timestamp as returned by the URL submission API) can be specified to access a specific report. Multiple URLs/identifiers can be specified via a Python list.
• scan -- [optional] : Specifying True will automatically submit the URL for analysis if no report is found for it in the VirusTotal database. In this case the result will contain a scan_id field that can be used to query the analysis report later on.
• all_info -- [private api optional] : Specifying True will cause additional information to be included with the response (This includes the output of several tools acting on the URL).

Returns:

Returns a dictionary (dict) containing the response information. See this page for more information.

url_scan(url)

Submits a URL for scanning. See this page for more information.

Parameters:url -- The URL to be scanned. Multiple URLs can be specified via a Python list. Returns:Returns a dictionary (dict) containing the response information. See this page for more information.