Rescan URL's when "The requested resource is not among the finished, queued or pending scans"

[darrenmcentee]

Hi,
I have a URL list i want to scan with VT API.
My current command is:

vt.py -r --rescan -ur urls_for_scan.txt > GP-000-Results.txt

This works well, and returns back the report from the URL scan.
But within the report, about 1/3 (a third) of all the URLs scanned, come back with the response:

[!] Status : The requested resource is not among the finished, queued or pending scans

See attached.

Many are not scanned for me, so we are missing out on many URL scan reports.

Example out put in my:

Searching for url(s) report: http://www.xyz.com
[!] Status : The requested resource is not among the finished, queued or pending scans

Am i implementing this rescan incorrectly?
Thanks,
Darren.

[doomedraven]

Hello @darrenmcentee, for start you can't rescan what is not scanned, so you need check for that verbose msg, and if you got it, upload to scan, and add to pend queue or any other way prefered by you to check later for report for that url

Small explanation of commands, as i saw you use short and long command in past too

-r is short for --rescan
-ur is short for --url-report

so don't use both options

you need to do one think, rescan or get report

vt.py -r urls_for_scan.txt > GP-000-Results.txt
or
vt.py -ur urls_for_scan.txt > GP-000-Results.txt

utilities:

My suggestion is to use vt script as library and script it,
see wiki for automatization

[doomedraven]

reopen this if any extra help needed

[hakangs]

Hi,
I am requesting ~50 file scan results, but for some I am getting "The requested resource is not among the finished, queued or pending scans", but when I view VT website for those SHA-1s I can see the results.

I am using this request :

https://www.virustotal.com/vtapi/v2/file/report

What can be the problem ?

[doomedraven]

from documentation Before performing your submissions we encourage you to retrieve the latest report on the files

so i would suggest first do -fs or -rai depend on your api type, and if not found then request for scan, as basically you asking for rescan sample

if you still have issue, can you share your list of samples to test?

[hakangs]

This is code and samples :

`import json
import urllib
import urllib2

def get_detection_rate(sha1):
# initialize result dict
dr = {"detection_rate": "", "vt_link": ""}
url = "https://www.virustotal.com/vtapi/v2/file/report"
api_key_list = []
api_key_num = 0
# ask VT with every api key
while api_key_num < 4:
try:
parameters = {"resource": sha1, "apikey": api_key_list[api_key_num]}
data = urllib.urlencode(parameters)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req,timeout=3)
json_string = response.read()
parsed_json = json.loads(json_string)
if str(parsed_json["response_code"]) != "0":
# update detection rate
dr["detection_rate"] = str(parsed_json["positives"]) + '/' + str(parsed_json["total"])
# update vt link
dr["vt_link"] = parsed_json['permalink']
break
except:
api_key_num = api_key_num + 1
if not dr["detection_rate"] and not dr["vt_link"]:
print "empty for " + sha1
else:
print "found for " + sha1
return dr

sha1s = "04bd1321551036e1738dbd9064f99c63a115becf,054efef9644b63f4b3bb9c664ac92a0698aef590,06d9283eaff05a4e6d3a04d9e7294a7f07ddd351,093a87031d311e937e813422e94231260b30b7aa,10829b63a496fc5fab389c9423641d787ef0fa3f,11dc931857eac2e9ed4177fd78d1986b0668597a,1235104c5ea47bf7ca8bd60aa166d748af1ed581,1744d6522fc9abdb9ee4f2255b430285496dd749,1b9604955d398784b4386088ec4c3ce8ef0b3052,1edf77ba99c7c973d461f5b62cb6c34e1a5d7be1,27ea339dac2c8abda9810a3b45162e459af2c903,311a0fb06232f905adc01df3817ccf7dfd6db73a,31a0a77adc4aed82570e6ab5dc279f1d3e6030e3,34b8a69c15dc3aa28fccd4303fc5f59bffc10458,3e4ad8c30599fa6fbaf0e1ef6c6685e010eab878,422ea500275d8818061d32b693b4cc96ee75828b,4fb0b8dc5208e1ee390f3391eb06add6409feea5,57b8e9e712d515d829c8cef52690beef11905456,5c26315243d40db66d02e274841631de1565c13a,5d4c9a96cdc888833c7317d37bb74bb0ad991b0e,61cf877819b344761bb1c5b3622a80705bd92378,6b1d0a34e9a050815e2fcfc0111a3a711b059e20,6e5fa6caabd84ecde727611dffa8918d589c122a,7016e316e82e084c5f44590a39af8e70e772ad62,7100689ac720bea999d4e94fc80027fcf86bd3e4,7260bf8b656a9b7766b200c391e0a7d035a805d1,72c26d9f0b9e69202bfe0871113d7df7f0407c19,7931f6cea232d82e913d57cc057d9db1328ca496,7a0351452a9c2e299c4c63f8af236afde94f4d89,7a08a87dee32ba340201a5c2ec2d85a4c81aeee2,7eb3b901aeb1ec12889440f6d6690873798069ae,8033d2370169342809d43c687b77ee0e0e4b9773,80bd9904d9f39cfa8fc65179b57ab9bf58a02d3f,81e701789acf9f2a432fe2527560c59f50b156a8,843d77d0e69c0cd7af8af313264ca12c9d5eb2c8,88f0d2fccae4142349731e378ea4931d5e930fa3,89ec25b15b7e7dd2f01178eac502122da4db5963,905df7ca339f5751a310f5b0cfc513276d08aa5d,95c12b0bf57d6034245c4b2a6726255f486e7141,98deb8979be90576c0fe154a02cc862cf92c7c0d,9f5b716a84a869592c492deafc6eedf8d71fb66a,a2fead7092fd67c0e4f9a2bf644dd7860b10bdd8,b51a6d25db9f8c6dd96805938c5d4f1c22ffb8e7,bfb6c6c2fda6a6914772ed6be845eadd4a5fbb86,c659339103d99f33dbc3304cc9d41bfebbcf4337,c91e02f3065711488ee2e4af25d4e0ba5aff630a,c9ab1a84afcc2d8cb5e5b341d16b9ce7a28752b8,d550051c10ad6e3106fb74dc63c4ac5b36df5b5d,d63413668a2ca7b2ca1ae51fdc0339ac"

for sha1 in sha1s.split(","):
get_detection_rate(sha1)
`

[doomedraven]

this is not related to my script, so i can't help

[hakangs]

Sorry, thanks.