Batch file downloads
Google Threat Intelligence's web interface allows you to download packages of files matching the first 25, 50 or 100 results of a given query. If you wish to download any other custom number, including more than 100 files, you should use one of the examples of vt-py the official Python client library for Google Threat Intelligence.
This library requires Python 3.6.0+, Python 2.x is not supported. This is because vt-py makes use of the new async/await syntax for implementing asynchronous coroutines.
The easiest and recommended way of installing vt-py is using pip:
$ pip install vt-py
Alternatively, you can get the source code directly from the GitHub and run setup.py. For getting the code you can either clone the public repository:
$ git clone git://github.com/VirusTotal/vt-py.git
$ cd vt-py
Or, download the tarball for the latest release and uncompress it:
$ tar -zxvf vt-py-X.Y.Z.tar.gz
$ cd vt-py-X.Y.Z
Once you have the code you can install it with:
$ sudo python3 setup.py install
After installing the library, you can use the search_and_download_topn_files.py script:
user@machine:~/$ python3 search\_and\_download\_topn\_files.py --help
usage: usage: prog [options] <intelligence\_query/local\_file\_with\_hashes>
Allows you to download the top-n files returned by a given Google Threat Intelligence
Intelligence search. Example: python %prog type:"peexe" positives:5+ -n 10
--apikey=<your api key>
positional arguments:
query a Google Threat Intelligence Intelligence search query.
optional arguments:
-h, --help show this help message and exit
-n NUMFILES, --numfiles NUMFILES
Number of files to download
--apikey APIKEY Your Google Threat Intelligence API key
-o OUTPUT_PATH, --output-path OUTPUT_PATH
The path where you want to put the files in
-w WORKERS, --workers WORKERS
Concurrent workers for downloading files
Hence, if you wish to download the top 500 files matching the query type:"peexe" you would just have to type:
python3 search\_and\_download\_topn\_files.py -n 500 'type:"peexe"' --apikey $VT\_API\_KEY
Updated 5 months ago