<a href="https://colab.research.google.com/github/Davidljq/David-Lee/blob/main/Codechecker.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# New Section

In [18]:
# ===========================================
# 1) Install dependencies
# ===========================================
!pip install --upgrade requests

# ===========================================
# 2) Imports
# ===========================================
import requests
import re
import sys
import os
from urllib.parse import urlparse
import time

# ===========================================
# 3) Welcome the user
# ===========================================

print(f"(*) This is a Malwaredetector, before continuing, please ensure that you have")
print(f"(*) A Gemini API key from https://aistudio.google.com/ after creating your account")
print(f"(*) A Virustotal API key from https://www.virustotal.com/ after creating your account")
print(f"(*) Important! If you are checking a file, please upload it to Colab (on the left) before continuing!")
input("Press Enter to continue...")

# ===========================================
# 4) Get API Keys
# ===========================================
GEMINI_API_KEY = input("(?) Enter your Gemini 2.0 API key: ").strip()
VIRUSTOTAL_API_KEY = input("(?) Enter your VirusTotal API key (or press Enter to skip): ").strip()

# ===========================================
# 5) Gemini REST helper — minimal prompt
# ===========================================
def call_gemini_rest_simple(target_label, api_key):
    endpoint = "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent"

    headers = {
        "Content-Type": "application/json",
        "X-goog-api-key": api_key
    }

    prompt_text = f"Tell me as how a friend would, why this {target_label} is flagged as malicious."

    payload = {
        "contents": [
            {
                "parts": [
                    {
                        "text": prompt_text
                    }
                ]
            }
        ]
    }

    try:
        response = requests.post(endpoint, headers=headers, json=payload)
        response.raise_for_status()
        result = response.json()
        return result['candidates'][0]['content']['parts'][0]['text']
    except Exception as e:
        print(f"Gemini REST API error: {e}")
        return None

# ===========================================
# 6) VirusTotal helper — direct URL scan
# ===========================================
def scan_url_virustotal(url, api_key):
    scan_url = "https://www.virustotal.com/api/v3/urls"
    report_url = "https://www.virustotal.com/api/v3/analyses/{id}"

    headers = {
        "x-apikey": api_key,
        "accept": "application/json",
        "Content-Type": "application/x-www-form-urlencoded"
    }
    payload = {"url": url}

    try:
        scan_response = requests.post(scan_url, headers=headers, data=payload)
        scan_response.raise_for_status()
        scan_data = scan_response.json()
        analysis_id = scan_data["data"]["id"]

        print(f"(*) Submitted to VirusTotal. Analysis ID: {analysis_id}. Waiting for results...")
        time.sleep(30)  # Wait for VirusTotal to process

        report_response = requests.get(report_url.format(id=analysis_id), headers=headers)
        report_response.raise_for_status()
        return report_response.json()

    except requests.exceptions.RequestException as e:
        print(f"(!) (VirusTotal) Request error: {e}")
        return None

# ===========================================
# 7) Choose: File or URL (with retries)
# ===========================================
max_tries = 3
tries = 0

while tries < max_tries:
    mode = input("(?) Do you want to scan a (1) file or (2) website? Enter 1 or 2: ").strip()
    if mode in ["1", "2"]:
        break
    else:
        print("(!) Invalid choice. Please enter 1 or 2.")
        tries += 1

if tries >= max_tries:
    print("(!) Too many invalid attempts. Exiting.")
    sys.exit(1)

content = ""
load_successful = False
url_malicious = False
file_suspicious = False
findings = []

# ===========================================
# If FILE selected
# ===========================================
if mode == "1":
    tries = 0
    while tries < max_tries:
        file_path = input("(?) Enter file path (Press the 3 dots next to the file you uploaded and press copy path): ").strip()
        if not os.path.exists(file_path):
            print(f"(!) File not found: {file_path}. Try again.")
            tries += 1
        else:
            try:
                with open(file_path, 'r', encoding='utf-8', errors='ignore') as f:
                    content = f.read()
                    load_successful = True
                break
            except Exception as e:
                print(f"(!) Could not read file: {e}. Try again.")
                tries += 1

    if not load_successful:
        print("(!) Failed to load a valid file after 3 attempts. Exiting.")
        sys.exit(1)

    # Local suspicious pattern check
    suspicious_patterns = [
        (r'eval\(', "Executes arbitrary Python code."),
        (r'os\.system', "Runs system commands."),
        (r'curl|wget', "Downloads data from internet."),
        (r'exec\(', "Executes dynamic Python code."),
        (r'<script>', "Contains raw HTML script."),
        (r'iframe', "Embeds external content.")
    ]

    for lineno, line in enumerate(content.split('\n'), 1):
        for pattern, reason in suspicious_patterns:
            if re.search(pattern, line):
                findings.append((lineno, line.strip(), reason))
                file_suspicious = True

# ===========================================
# If URL selected
# ===========================================
elif mode == "2":
    tries = 0
    while tries < max_tries:
        website_url = input("(?) Enter website URL: ").strip()
        if not re.match(r'https?://', website_url):
            website_url = 'https://' + website_url

        result = urlparse(website_url)
        if not all([result.scheme, result.netloc]):
            print(f"(!) Invalid URL format: {website_url}. Try again.")
            tries += 1
            continue

        try:
            response = requests.get(website_url, timeout=15)
            if response.status_code == 200:
                content = response.text
                load_successful = True
                break
            else:
                print(f"(!) Failed to fetch: HTTP {response.status_code}. Try again.")
                tries += 1
        except Exception as e:
            print(f"(!) Request failed: {e}. Try again.")
            tries += 1

    if not load_successful:
        print("(!) Failed to load a valid website after 3 attempts. Exiting.")
        sys.exit(1)

    if VIRUSTOTAL_API_KEY:
        vt_report = scan_url_virustotal(website_url, VIRUSTOTAL_API_KEY)
        if vt_report and 'data' in vt_report and 'attributes' in vt_report['data']:
            stats = vt_report['data']['attributes'].get('stats', {})
            malicious = stats.get('malicious', 0)
            if malicious > 0:
                url_malicious = True
                print(f"VirusTotal: {malicious} engines flagged this URL as malicious.")
            else:
                print("VirusTotal: URL appears clean.")
        else:
            print("VirusTotal did not return a valid report.")

# ===========================================
# If suspicious or malicious → call Gemini
# ===========================================
if file_suspicious or url_malicious:
    if mode == "1":
        target_label = f"file '{file_path}'"
    elif mode == "2":
        target_label = f"URL '{website_url}'"
    else:
        target_label = "target"

    gemini_output = call_gemini_rest_simple(target_label, GEMINI_API_KEY)
    if gemini_output:
        print("\n=== Gemini Explanation ===\n")
        print(gemini_output)

# ===========================================
# 8) Local Findings output
# ===========================================
if findings:
    print("\n=== Local Suspicious Findings ===\n")
    for lineno, line, reason in findings:
        print(f"Line {lineno}: {line} → {reason}")

# ===========================================
# 9) Final verdict if not suspicious
# ===========================================
if not file_suspicious and not url_malicious and not findings:
    print("\n(*) No suspicious code or malicious URLs found.")


(*) This is a Malwaredetector, before continuing, please ensure that you have
(*) A Gemini API key from https://aistudio.google.com/ after creating your account
(*) A Virustotal API key from https://www.virustotal.com/ after creating your account
(*) Important! If you are checking a file, please upload it to Colab (on the left) before continuing!
Press Enter to continue...
(?) Enter your Gemini 2.0 API key: AIzaSyB3JSzM_SG53DhZZsQuz54HZqDcthPW2mc
(?) Enter your VirusTotal API key (or press Enter to skip): Wrong
(?) Do you want to scan a (1) file or (2) website? Enter 1 or 2: 2
(?) Enter website URL: https://colab.research.google.com/
(!) (VirusTotal) Request error: 401 Client Error: Unauthorized for url: https://www.virustotal.com/api/v3/urls
VirusTotal did not return a valid report.

(*) No suspicious code or malicious URLs found.
