Posts | Archive

VirusTotal Python Submission Script

Here is a simple python script for batch malware submissions to VirusTotal via its email interface. Simply replace the SMTP-related variables at the top of the script and you're ready to rock!

Download vtsubmit.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/env python

# vtsubmit.py
# VirusTotal Submission Script
# Jon Oberheide <jon@oberheide.org>
# http://jon.oberheide.org

import os, sys, email, smtplib, hashlib

SMTP_HOST = '_HOST_'
SMTP_PORT = 587
SMTP_USER = '_USER_'
SMTP_PASS = '_PASS_'

TO_ADDR   = 'scan@virustotal.com'
FROM_ADDR = '_EMAIL_'

def main():
    if len(sys.argv) == 1:
        print 'please specify files to submit'
        sys.exit(1)

    filelist = sys.argv[1:]
    total = len(filelist)
    progress = 0

    for filename in filelist:
        progress += 1
        data = open(filename, 'rb').read()
        sha1 = hashlib.sha1(data).hexdigest()
        base = os.path.basename(filename)

        print '%d of %d: %s (%s)' % (progress, total, base, sha1)

        msg = email.MIMEMultipart.MIMEMultipart()
        msg['From'] = FROM_ADDR
        msg['To'] = TO_ADDR
        msg['Date'] = email.Utils.formatdate()
        msg['Subject'] = 'SCAN'

        part = email.MIMEBase.MIMEBase('application', 'octet-stream')
        part.set_payload(data)
        email.Encoders.encode_base64(part)
        part.add_header('Content-Disposition', 'attachment; filename="%s"' % base)
        msg.attach(part)

        smtp = smtplib.SMTP(host=SMTP_HOST, port=SMTP_PORT)
        if SMTP_USER and SMTP_PASS:
            smtp.starttls()
            smtp.login(SMTP_USER, SMTP_PASS)
        smtp.sendmail(FROM_ADDR, TO_ADDR, msg.as_string())
        smtp.close()

if __name__ == '__main__':
    main()

Copyright © 2018 - Jon Oberheide