Neo23x0 / munin

Online hash checker for Virustotal and other services
Apache License 2.0
810 stars 147 forks source link

[BUG] Not Returning Type or Filenames #22

Closed ssnkhan closed 5 years ago

ssnkhan commented 5 years ago

Running the latest version of munin:

./munin.py -i munin.ini -f Hashes.txt

For all of the 100 hashes passed through, munin does not return the Type or Filenames for any of the hashes, despite the information being available on VT. My API access does allow this information to be retrieved.

Get the same result when running the query through the CLI.

Running the same hash through the VT API endpoint does return the filenames and filetypes. Could this be an issue in the munin JSON parser?

Thanks for your help.

ssnkhan commented 5 years ago

I noticed that the objects and arrays returned from the VT API are as follows:

filenames == submission_names filetype == type

Neo23x0 commented 5 years ago

That's related to VTs changes in the Web frontend. This info isn't included in the API response but has to be parsed from the web page.

On Tue, Jul 23, 2019 at 12:55 PM Sajid Nawaz Khan notifications@github.com wrote:

Running the latest version of munin:

./munin.py -i munin.ini -f Hashes.txt

For all of the 100 hashes passed through, munin does not return the Type or Filenames for any of the hashes, despite the information being available on VT. My API access does allow this information to be retrieved.

Get the same result when running the query through the CLI.

Running the same hash through the VT API endpoint does return the filenames and filetypes. Could this be an issue in the munin JSON parser?

Thanks for your help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Neo23x0/munin/issues/22?email_source=notifications&email_token=AAVYFJEO73X3Y7HGMEJG24LQA3PSXA5CNFSM4IGC6DV2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HA4OMPA, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVYFJGHXIRCCGS4J67PUGTQA3PSXANCNFSM4IGC6DVQ .

-- Florian Roth

Key material (Keybase, S/MIME, PGP, Threema): https://keybase.pub/johngalt/

ssnkhan commented 5 years ago

That's related to VTs changes in the Web frontend. This info isn't included in the API response but has to be parsed from the web page. On Tue, Jul 23, 2019 at 12:55 PM Sajid Nawaz Khan @.***> wrote: Running the latest version of munin: ./munin.py -i munin.ini -f Hashes.txt For all of the 100 hashes passed through, munin does not return the Type or Filenames for any of the hashes, despite the information being available on VT. My API access does allow this information to be retrieved. Get the same result when running the query through the CLI. Running the same hash through the VT API endpoint does return the filenames and filetypes. Could this be an issue in the munin JSON parser? Thanks for your help. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#22?email_source=notifications&email_token=AAVYFJEO73X3Y7HGMEJG24LQA3PSXA5CNFSM4IGC6DV2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HA4OMPA>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVYFJGHXIRCCGS4J67PUGTQA3PSXANCNFSM4IGC6DVQ . -- Florian Roth Key material (Keybase, S/MIME, PGP, Threema): https://keybase.pub/johngalt/

I can see the values in the API response though?

Neo23x0 commented 5 years ago

No, not in the official API. https://developers.virustotal.com/reference#file-report

We'll see if we can find others.

On Tue, Jul 23, 2019 at 1:02 PM Sajid Nawaz Khan notifications@github.com wrote:

That's related to VTs changes in the Web frontend. This info isn't included in the API response but has to be parsed from the web page. … <#m2864367120626693614> On Tue, Jul 23, 2019 at 12:55 PM Sajid Nawaz Khan @.***> wrote: Running the latest version of munin: ./munin.py -i munin.ini -f Hashes.txt For all of the 100 hashes passed through, munin does not return the Type or Filenames for any of the hashes, despite the information being available on VT. My API access does allow this information to be retrieved. Get the same result when running the query through the CLI. Running the same hash through the VT API endpoint does return the filenames and filetypes. Could this be an issue in the munin JSON parser? Thanks for your help. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#22 https://github.com/Neo23x0/munin/issues/22?email_source=notifications&email_token=AAVYFJEO73X3Y7HGMEJG24LQA3PSXA5CNFSM4IGC6DV2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HA4OMPA>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVYFJGHXIRCCGS4J67PUGTQA3PSXANCNFSM4IGC6DVQ . -- Florian Roth Key material (Keybase, S/MIME, PGP, Threema): https://keybase.pub/johngalt/

I can see the values in the API response though?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Neo23x0/munin/issues/22?email_source=notifications&email_token=AAVYFJCHL2L4EQDRSESUMKTQA3QK7A5CNFSM4IGC6DV2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2SX7QI#issuecomment-514162625, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVYFJG7GVBZ4P7ASL6QNKLQA3QK7ANCNFSM4IGC6DVQ .

-- Florian Roth

Key material (Keybase, S/MIME, PGP, Threema): https://keybase.pub/johngalt/

ssnkhan commented 5 years ago

allinfo must be set to true, which then returns the submission name. Entering a sample hash here https://developers.virustotal.com/reference#file-report shows that the API response does return this information.

Neo23x0 commented 5 years ago

Try the newest commit that I've just pushed

Neo23x0 commented 5 years ago

'allinfo' is only accessible with private API keys

There's still a reCAPTCHA issue

Screenshot 2019-07-23 at 15 26 11

ssnkhan commented 5 years ago

Perfect, this is working now -- thank you!