-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathscanner.py
More file actions
91 lines (78 loc) · 3.49 KB
/
scanner.py
File metadata and controls
91 lines (78 loc) · 3.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import subprocess
import os
import re
import json
import hashlib
from colorama import Fore, Style
from utils import get_malware_signatures_path
import requests
API_KEY = '54c7eeb1cfba5e921b7d375077f42880d383c7238479e63405ad3321c6478c34' # Remplacez par votre API Key
API_URL = 'https://www.virustotal.com/vtapi/v2/url/report'
API_FILE_URL = 'https://www.virustotal.com/vtapi/v2/file/report'
API_SCAN_URL = 'https://www.virustotal.com/vtapi/v2/file/scan'
def load_malware_signatures():
try:
with open(get_malware_signatures_path(), 'r') as file:
return json.load(file)
except FileNotFoundError:
return []
MALWARE_SIGNATURES = load_malware_signatures()
def analyze_apk(apk_path):
temp_dir = "temp_apk_analysis"
os.makedirs(temp_dir, exist_ok=True)
# Décompiler l'APK
subprocess.call(["apktool", "d", apk_path, "-o", temp_dir])
# Analyser les fichiers décompilés pour voir s’il y a des trucs malveillants
for root, dirs, files in os.walk(temp_dir):
for file in files:
if file.endswith(".smali"):
file_path = os.path.join(root, file)
with open(file_path, "r", encoding="utf-8", errors="ignore") as f:
content = f.read()
for signature in MALWARE_SIGNATURES:
if re.search(signature, content):
return Fore.RED + f"Malicious pattern detected: {signature}" + Style.RESET_ALL
# Nettoyer le répertoire temporaire
subprocess.call(["rm", "-rf", temp_dir])
return Fore.GREEN + "No malicious patterns detected." + Style.RESET_ALL
def check_apk(apk_path):
# Vérifier avec VirusTotal
vt_result = check_file(apk_path)
if "Safe file" not in vt_result:
return vt_result
# Analyser l'APK
return analyze_apk(apk_path)
def check_file(file_path):
with open(file_path, "rb") as f:
file_hash = hashlib.sha256(f.read()).hexdigest()
params = {'apikey': API_KEY, 'resource': file_hash}
response = requests.get(API_FILE_URL, params=params)
if response.status_code == 200:
json_response = response.json()
if json_response['response_code'] == 1:
positives = json_response['positives']
if positives > 0:
return Fore.RED + f"Malicious file detected! ({positives} engines flagged this file)" + Style.RESET_ALL
else:
return Fore.GREEN + "Safe file." + Style.RESET_ALL
else:
return Fore.YELLOW + "File not found in VirusTotal database." + Style.RESET_ALL
else:
return Fore.RED + "Error connecting to VirusTotal." + Style.RESET_ALL
def check_link(url, malicious_links):
if url in malicious_links:
return Fore.RED + "Malicious link detected!" + Style.RESET_ALL
params = {'apikey': API_KEY, 'resource': url}
response = requests.get(API_URL, params=params)
if response.status_code == 200:
json_response = response.json()
if json_response['response_code'] == 1:
positives = json_response['positives']
if positives > 0:
return Fore.RED + f"Malicious link detected! ({positives} engines flagged this link)" + Style.RESET_ALL
else:
return Fore.GREEN + "Safe link." + Style.RESET_ALL
else:
return Fore.YELLOW + "Link not found in VirusTotal database." + Style.RESET_ALL
else:
return Fore.RED + "Error connecting to VirusTotal." + Style.RESET_ALL