A PHP library for accessing the VirusTotal API.
Based off of work done by IzzySoft and jayzeng.
Uses Guzzle6 or Guzzle7
Install using composer
composer install retrochaos/virustotal-api- Firstly you need to instantiate a HttpClient object with your API key from VirusTotal (you can obtain one from creating an account for free).
- Then you create a new Service object with the HttpClient. This is the main object where requests are made, such as scanning files, domains and IPs. Behind the scenes API objects are actually making the calls.
- The Service object will return back a Response object of that type eg. if you're calling:
$service->scanDomain()aDomainResponseobject will be returned. You can always call thegetRawResponse()method on the object to get an associative array returned from Guzzle - To aid with your code, each response comes with a dedicated Analyser class to call specific methods on the response that was returned, e.g. a DomainAnalyser object requires a DomainResponse object.
To recap: HttpClient -> Service -> Response -> Analyser
Example script modified from test/file-test.php
use RetroChaos\VirusTotalApi\Analyser\FileAnalyser;
use RetroChaos\VirusTotalApi\Exception\PropertyNotFoundException;
use RetroChaos\VirusTotalApi\HttpClient;
use RetroChaos\VirusTotalApi\Service;
$httpClient = new HttpClient('your-api-key');
$virusTotal = new Service($httpClient);
//Password optional
echo "Scanning until complete...\n";
$response = $virusTotal->scanFileUntilCompleted('/path/to/file.zip');
if ($response->isSuccessful()) {
$analyser = new FileAnalyser($response);
try {
echo $analyser->getStatus() . "\n";
echo $analyser->isFileSafe() ? "File is safe!\n" : "File is malicious!\n";
echo $analyser->getFileSize() . "MB\n";
} catch (PropertyNotFoundException $e) {
echo $e->getMessage() . "\n";
}
} else {
echo $response->getErrorMessage() . "\n";
}Another example is testing IP addresses:
(Example script modified from test/ip-test.php)
use RetroChaos\VirusTotalApi\Analyser\IpAddressAnalyser;
use RetroChaos\VirusTotalApi\HttpClient;
use RetroChaos\VirusTotalApi\Exception\PropertyNotFoundException;
use RetroChaos\VirusTotalApi\Service;
$httpClient = new HttpClient('your-api-key');
$virusTotal = new Service($httpClient);
$response = $virusTotal->scanIpAddress('8.8.8.8');
if ($response->isSuccessful()) {
try {
$analyser = new IpAddressAnalyser($response);
echo $analyser->isIpAddressSafe() ? "IP address is safe!\n" : "IP address is malicious!\n";
echo $analyser->getLastAnalysisDate() . "\n";
} catch (PropertyNotFoundException $e) {
echo $e->getMessage() ."\n";
}
} else {
echo $response->getErrorMessage() . "\n";
}- Add other methods found in the API.
- POST file data to the endpoint, not just filesystem paths.