Skip to content

Latest commit

 

History

History
51 lines (30 loc) · 2.67 KB

README.md

File metadata and controls

51 lines (30 loc) · 2.67 KB
Raw

url-malware-analyzer

This script uses the VirusTotal API to analyze a given URL and save screenshots of the URL's details page and WHOIS tab. Installation

  • Clone this repository.
  • Install the required Python packages by running pip install -r requirements.txt.
  • Obtain a VirusTotal API key by signing up for a free account at https://www.virustotal.com/.
  • Set your API key as an environment variable called VT_API_KEY.

Usage

To run the script, use the following command:

   python url-malware-analyzer.py --api_key YOUR_API_KEY --url URL_TO_ANALYZE

The --api_key option is required and should be set to your VirusTotal API key. The --url option is also required and should be set to the URL you wish to analyze.

By default, the script will save the screenshots to files named details_screenshot.png and whois_screenshot.png in the current working directory. You can specify different file names using the --details_screenshot and --whois_screenshot options. Dependencies

  • Click (for command-line interface)
  • Defang (for URL defanging and refanging)
  • Selenium (for taking screenshots with Chrome)
  • virustotal-python (for interacting with the VirusTotal API)

Thanks to these libraries

  • time: This module is imported to add delays to the program to allow for elements of a webpage to load before interacting with them.

  • base64.urlsafe_b64encode: This function from the base64 module is used to encode URLs with base64 encoding, in order to send them to the VirusTotal API for analysis.

  • click: This module is used to simplify the creation of command-line interfaces.

  • tldextract: This module is used to extract the top-level domain (TLD) from a URL.

  • whois: This module is used to retrieve WHOIS information for a given domain.

  • defang: This function from the defang module is used to replace certain characters in a URL with their textual equivalents. This is useful for preventing URLs from being interpreted as clickable links when displayed in text.

  • refang: This function from the defang module is used to replace textual equivalents of characters in a URL with their original character representations.

  • selenium.webdriver: This module from the selenium package is used for automated web browsing.

  • selenium.webdriver.chrome.options.Options: This class from the selenium.webdriver.chrome.options module is used to configure options for a Chrome browser instance.

  • virustotal_python.Virustotal: This class from the virustotal_python module is used to interact with the VirusTotal API to retrieve information about a given URL.

Contributing

If you find a bug or have a feature request, please open an issue or submit a pull request.