3 @6^&@sDddlZddlZddlmZddlmZmZmZGdddeZdS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc @sveZdZdZdddddddddd Zdddd d d d d dd ZdZdZefddZ ddZ ddZ ddZ ddZ dS)sfp_virustotalzzVirusTotal:Investigate,Passive:Reputation Systems:apikey:Obtain information from VirusTotal about identified IP addresses.T) api_keyverify publicapi checkcohostscheckaffiliatesnetblocklookup maxnetblock subnetlookup maxsubnetzVirusTotal API Key.z~Are you using a public key? If so SpiderFoot will pause for 15 seconds after each query to avoid VirusTotal dropping requests.zCheck co-hosted sites?zCheck affiliates?zvLook up all IPs on netblocks deemed to be owned by your target for possible hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)z:Look up all IPs on subnets which your target is a part of?zsIf looking up subnets, the maximum subnet size to look up all the IPs within (CIDR value, 24 = /24, 16 = /16, etc.)zCVerify that any hostnames found on the target domain still resolve?) r r r r rrrrr NFcCs8||_|j|_x"t|jD]}|||j|<qWdS)N)sf tempStorageresultslistkeysopts)selfsfcuserOptsoptr9/var/www/spiderfoot.crq.systems/modules/sfp_virustotal.pysetup7s zsfp_virustotal.setupcCsddddddgS)N IP_ADDRESSAFFILIATE_IPADDR INTERNET_NAMECO_HOSTED_SITENETBLOCK_OWNERNETBLOCK_MEMBERr)rrrr watchedEventsBszsfp_virustotal.watchedEventsc Csddddddddd d d g S) NMALICIOUS_IPADDRMALICIOUS_INTERNET_NAMEMALICIOUS_COHOST!MALICIOUS_AFFILIATE_INTERNET_NAMEMALICIOUS_AFFILIATE_IPADDRMALICIOUS_NETBLOCKMALICIOUS_SUBNETr!AFFILIATE_INTERNET_NAMEINTERNET_NAME_UNRESOLVED DOMAIN_NAMEr)rrrrproducedEventsHs zsfp_virustotal.producedEventscCsd}|jj|rd|}nd|}|jj|d|jd|jddd}|jdr\tjd |d dkr||jjd |dSytj|d }Wn4t k r}z|jj d d d|_ dSd}~XnX|S)Nz9https://www.virustotal.com/vtapi/v2/ip-address/report?ip=z9https://www.virustotal.com/vtapi/v2/domain/report?domain=z&apikey=r _fetchtimeoutr)timeout useragentr contentzNo VirusTotal info found for z/Error processing JSON response from VirusTotal.FT) rvalidIPfetchUrlrtimesleepinfojsonloads Exceptionerror errorState)rqryreturlreserrrqueryOs$     zsfp_virustotal.querycCsh|j}|j}|j}|jrdS|jjd|d||jddkrZ|jjddd|_dS||jkr||jjd|d dSd|j|<|j d r|jd  rdS|d kr|jd  rdS|dkr|jdsdSt |j |jdkr|jjdt t |j dt |jddS|dkrv|jds0dSt |j |jdkrv|jjdt t |j dt |jddSt }|j drx:t |D]"}|jt |d|jt |<qWn |j|x|D]}|jrdS|j|}|dkrqt|jdgdkr|jjd||d0ks4|j dr r$rr NETBLOCK_Z detected_urlsrzFound VirusTotal URL data for rr&z ip-addressr r*r!r'domainr-r)r(z%https://www.virustotal.com/en//z/information/z VirusTotal [z] Zdomain_siblingsr r. _internettldsr/Z subdomains)r)rr!) eventTypemoduledatar?rdebugrr>r startswithr prefixlenstrrappend checkForStoprElengetr:r__name__notifyListeners getTargetmatches resolveHostisDomain)revent eventName srcModuleName eventDataqrylistipaddraddrr:evtZinfotypeinfourlrDsnrrr handleEventls                            zsfp_virustotal.handleEvent)rV __module__ __qualname____doc__roptdescsrr?dictrr%r0rErgrrrrrs4 r) r;r8netaddrrsflibrrrrrrrr s