Skip to content
/ url-malware-analyzer Public

Analyze and capture screenshots of URL threat intelligence and WHOIS information using VirusTotal API, Selenium, and Defang libraries.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PKHarsimran/url-malware-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

.idea

.idea

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

url-malware-analyzer.py

url-malware-analyzer.py

 
 

Repository files navigation

url-malware-analyzer

This script uses the VirusTotal API to analyze a given URL and save screenshots of the URL's details page and WHOIS tab. Installation

  • Clone this repository.
  • Install the required Python packages by running pip install -r requirements.txt.
  • Obtain a VirusTotal API key by signing up for a free account at https://www.virustotal.com/.
  • Set your API key as an environment variable called VT_API_KEY.

Usage

To run the script, use the following command:

   python url-malware-analyzer.py --api_key YOUR_API_KEY --url URL_TO_ANALYZE

The --api_key option is required and should be set to your VirusTotal API key. The --url option is also required and should be set to the URL you wish to analyze.

By default, the script will save the screenshots to files named details_screenshot.png and whois_screenshot.png in the current working directory. You can specify different file names using the --details_screenshot and --whois_screenshot options. Dependencies

  • Click (for command-line interface)
  • Defang (for URL defanging and refanging)
  • Selenium (for taking screenshots with Chrome)
  • virustotal-python (for interacting with the VirusTotal API)

Thanks to these libraries

  • time: This module is imported to add delays to the program to allow for elements of a webpage to load before interacting with them.

  • base64.urlsafe_b64encode: This function from the base64 module is used to encode URLs with base64 encoding, in order to send them to the VirusTotal API for analysis.

  • click: This module is used to simplify the creation of command-line interfaces.

  • tldextract: This module is used to extract the top-level domain (TLD) from a URL.

  • whois: This module is used to retrieve WHOIS information for a given domain.

  • defang: This function from the defang module is used to replace certain characters in a URL with their textual equivalents. This is useful for preventing URLs from being interpreted as clickable links when displayed in text.

  • refang: This function from the defang module is used to replace textual equivalents of characters in a URL with their original character representations.

  • selenium.webdriver: This module from the selenium package is used for automated web browsing.

  • selenium.webdriver.chrome.options.Options: This class from the selenium.webdriver.chrome.options module is used to configure options for a Chrome browser instance.

  • virustotal_python.Virustotal: This class from the virustotal_python module is used to interact with the VirusTotal API to retrieve information about a given URL.

Contributing

If you find a bug or have a feature request, please open an issue or submit a pull request.

About

Analyze and capture screenshots of URL threat intelligence and WHOIS information using VirusTotal API, Selenium, and Defang libraries.

Topics

python security selenium virus-scanning virustotal command-line-interface screenshot-capture defanging url-analysis web-browser-automation

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages