VirusTotal Python Submission Script

Here is a simple python script for batch malware submissions to VirusTotal via its email interface.  Simply replace the SMTP-related variables at the top of the script and you’re ready to rock!

Download vtsubmit.py

#!/usr/bin/env python

# vtsubmit.py
# VirusTotal Submission Script
# Jon Oberheide <jon@oberheide.org>
# http://jon.oberheide.org

import os, sys, email, smtplib, hashlib

SMTP_HOST = '_HOST_'
SMTP_PORT = 587
SMTP_USER = '_USER_'
SMTP_PASS = '_PASS_'

TO_ADDR   = 'scan@virustotal.com'
FROM_ADDR = '_EMAIL_'

def main():
    if len(sys.argv) == 1:
        print 'please specify files to submit'
        sys.exit(1)

    filelist = sys.argv[1:]
    total = len(filelist)
    progress = 0

    for filename in filelist:
        progress += 1
        data = open(filename, 'rb').read()
        sha1 = hashlib.sha1(data).hexdigest()
        base = os.path.basename(filename)

        print '%d of %d: %s (%s)' % (progress, total, base, sha1)

        msg = email.MIMEMultipart.MIMEMultipart()
        msg['From'] = FROM_ADDR
        msg['To'] = TO_ADDR
        msg['Date'] = email.Utils.formatdate()
        msg['Subject'] = 'SCAN'

        part = email.MIMEBase.MIMEBase('application', 'octet-stream')
        part.set_payload(data)
        email.Encoders.encode_base64(part)
        part.add_header('Content-Disposition', 'attachment; filename="%s"' % base)
        msg.attach(part)

        smtp = smtplib.SMTP(host=SMTP_HOST, port=SMTP_PORT)
        if SMTP_USER and SMTP_PASS:
            smtp.starttls()
            smtp.login(SMTP_USER, SMTP_PASS)
        smtp.sendmail(FROM_ADDR, TO_ADDR, msg.as_string())
        smtp.close()

if __name__ == '__main__':
    main()

This entry was posted on Thursday, November 20th, 2008 at 12:11 pm and is filed under Technical. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.