Giters

Neo23x0 / munin

Online hash checker for Virustotal and other services

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Request Feature & One Issue

seantree opened this issue · comments

commented

HI @Neo23x0 Thanks for creating the amazing tool, I just want to ask one thing I was facing one warning of headless, check it below:

UserWarning: Selenium support for PhantomJS has been deprecated, please use headless versions of Chrome or Firefox instead
warnings.warn('Selenium support for PhantomJS has been deprecated, please use headless '

===============================================================

How to solve this above warning.

and can you please tell me few more thing about this tool,

  1. Is this tool submit the sample or rescan to VT?

  2. Is this tool provide us the warning message when we hit the daily usage limit of API on VT, if not can you add this feature so that we can know about it.

  3. I am facing one issue sometimes not often, when I am analyzing 5000 samples (Only using VT API) sometimes it's stop at random number of file scanning and it don't goes beyond to analyze other files. (Ex. 265>5000) I don't know the reason why it don't scan from the next file if the particular file has some problem.

  4. Last Question I know that VT provides V2 API key to Users and this API key doesn't scan the file whose size limit is more than 32 MB but on portal it scan 128 MB. Do you know is there any way to increase the size quota of API.

.
Thank you again for this tool and waiting for your feedback.
.
Seantree

commented

Hello Seantree
I am not a developer here, but of the longer existing "Feature and Issue"
i try to answer the best of my knowledge.

  1. Try to switch to the latest version of "munin".
  2. The checksums (hash) are queried whether they are present. An upload or ReScan is not done. If the file has not already been scanned, an "unknown" will be returned.
  3. That would be good, I adjusted the waiting time to counteract the limit.
    WAIT_TIME = 18 # Public API allows 4 request per minute, so we wait 15 secs by default - https://github.com/Neo23x0/munin/blob/master/munin.py#L66
    ** BTW: The VENDORS list can also be customized if you miss a VENDOR on the list. - https://github.com/Neo23x0/munin/blob/master/munin.py#L63
  4. Do you have any additional info? Start the script with --debug
    Possibly the files have never been scanned by VT before.
    VT also has a captcha for too many requests which must be solved.
    This can be done via SSH tunnel and browser proxy settings
    [See: https://www.ssh.com/ssh/tunneling/example // https://docs.bitnami.com/bch/faq/get-started/access-ssh-tunnel/ ]
    or use VPN connection from the server
    [See: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04]
    VT probably has other protection mechanisms that should prevent the API from being "overused" or even misused.
  5. "In order to submit files bigger than 32MB you need to obtain a special upload URL to which you can POST files up to 200MB in size. This API generates such a URL. Then you must POST a multi-part file upload to the upload_url."

Restricted API
This API requires additional privileges. Please contact us if you need to upload files bigger than 32MB in size.
Source: https://developers.virustotal.com/reference#file-scan-upload-url

@Neo23x0 Danke auch noch für deine Arbeit und der Veröffentlichung deiner Projekte.