-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvt-parser-ssh.py
46 lines (38 loc) · 1.26 KB
/
vt-parser-ssh.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import json
import re
import requests
#file containg ssh logging
with open('/home/asad/PycharmProjects/vtsshparser/vtssh-parser/ok.txt', 'r') as file:
file = file.read()
pattern = re.compile(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
ips = pattern.findall(file)
unique_ips = list(set(ips))
#replace api-key with actual key
headers = {
"accept": "application/json",
"x-apikey": "#REPLACEME#"
}
i = 0
url = "https://www.virustotal.com/api/v3/ip_addresses/"
out_json= {"providers": []}
while i < len(unique_ips):
furl = url + str(unique_ips[i])
response = requests.get(furl, headers=headers)
data_ = response.json()
messages = data_['data']['attributes']['last_analysis_results']
for k, vv in messages.items():
out_json1 = {
"indicators": [{
"value": str(unique_ips[i]),
"type": 'ip',
}]
}
out_json["providers"].append(
{
"provider": str([vv["engine_name"]]),
"verdict": str([vv["category"]]),
"score":str([vv["result"]])
}
)
i += 1
print(json.dumps(out_json1,indent=2),json.dumps(out_json,indent=2))