Check For Safe Links With Nodejs and VirusTotal

In this tutorial, you will learn to check for the safety of links with Node.js and VirusTotal.

VirusTotal is used to analyze suspicious files and URLs to detect types of malware. VirusTotal provides an API to automate this process. The free tier is limited to 500 requests per day and a rate of 4 requests per minute as mentioned on their website.

Getting Started With The VirusTotal API

Your pre-requisites should include:

  • Node.js, which can be downloaded from here
  • An account with VirusTotal for the API key
  • An IDE

After ensuring you have installed Node.js by using the command node -vwhich should return the version number of the installed Node.

Create the package.json file by using the command npm init

Install the node-virustotal package by using the following simple command npm i node-virustotal

After signing up you will automatically get an activation email that will contain the link to where your private API key is located. The URL will look something like https://www.virustotal.com/gui/user/<your username>/apikey.

The JavaScript File: Safe Links With Nodejs and VirusTotal

In the directory where the node module was installed create a file called index.js or name it anything of your choice. To load the node-virustotal module we will write our first line of code:

const nvt = require("node-virustotal");

Before you make the request to VirusTotal you need your API key ready and enter it in the following line of code:

const request = nvt.makeAPI().setKey('<API KEY>');

The <API KEY> has to be replaced by the API key provided by VirusTotal but remember: Your API key should be handled in the same way passwords are handled.

Next after setting your API key you need to look up the domain using the API:

request.domainLookup("google.com", function (err, res) {
});

The google.com domain can be replaced by any link of your choice. This uses the node-virustotal API to look up the domain.

Next, inside this, we will keep an if condition so as to check for errors and handle them like this:

if (err) {
        console.log('Virustotal API did not work because:');
        console.log(err);
        return;
    }

After error handling, we will now parse the JSON which is given as the output:

var road = JSON.parse(res);

After parsing we will now check if the output given by the JSON data indicates the link is clean or not:

if (road.data.attributes.last_analysis_results.Kaspersky.result != "clean") {
    console.log("It is not clean");
}
else{
    console.log("The link is safe");
}

In the above code, we are parsing the JSON data and accessing its objects. We get the result from Kaspersky as provided by the API and check if the link is clean.

Final Output

const nvt = require('node-virustotal');
const request = nvt.makeAPI().setKey('<API KEY>');
request.domainLookup("google.com", function (err, res) {
    if (err) {
        console.log('Virustotal API did not work because:');
        console.log(err);
        return;
    }
    var road = JSON.parse(res);
    if (road.data.attributes.last_analysis_results.Kaspersky.result != "clean") {
        console.log("It is not clean");
    }
    else{
        console.log("The link is safe");
    }
});

Final thoughts –

    • Since VirusTotal provides only 4 API calls per minute so it is advisable to cache the results so as to avoid excess usage. The cache will improve speed too.
    • Apart from domain lookups, it provides file uploads too using the API to scan files, and more about this can be found in the documentation.

You can also read,

How to fetch data from public API using JavaScript?

How To Add Elements In JSON Array Using JavaScript

Leave a Reply

Your email address will not be published. Required fields are marked *