0

I am currently working on a script that makes use of the VirusTotal API.

My question is different from the one that was marked as duplicate, because I would like to know in which port my request goes, and since I need to use a specific URL, I cannot use nmap (it only accepts domain names).

It involves a certain level of automation, so I would like to test if there is a connection between my computer and the endpoint before submitting something to check. For example, to get the latest report on a certain URL, I would use the https://www.virustotal.com/vtapi/v2/url/report endpoint, with requests.get() method from the requests module.

Now I have come across an elegant solution for this in https://stackoverflow.com/a/40283805/12143140.

I would need to know which port number this request goes to, in order to perform the check as in the answer above. I think I would have to use something like socket.create_connection(("virustotal.com", 587)).

But I am not sure about the 587. I found it using nmap www.virustotal.com, and among others it returned

PORT     STATE     SERVICE
587/tcp   open     submission

Then I tried nmap virustotal.com -p 587 which returned

PORT       STATE        SERVICE
587/tcp    filtered     submission

(normally nmap virustotal.com without specifying a port number only returns ports 80 & 443)

I believe 587 is the correct port since it says submission. However I am extremely familiar with networks and protocols.

So, any ideas on how to find the proper port I need to "ping" (ask for a connection)? And also in my command, should I use ("virustotal.com", 587) or ("www.virustotal.com", 587)?

small_cat_destroyer
  • 357
  • 1
  • 10
  • @ivan_pozdeev thank you for pointing me to an already existing question, I had already seen it and the answers provided but that did not solve my question/problem. Should I ask a new question now, with the same content? – small_cat_destroyer Feb 03 '20 at 14:45
  • No, you should edit your question to show how it's different and how that question doesn't apply (because I don't see how). And perhaps make it more focused (you are asking two unrelated things here which is also bad). Then if enough users agree with you, it will get reopened. – ivan_pozdeev Feb 03 '20 at 14:49
  • The duplicate question answers that the port here is 443 (and explains why), and I believe this is what you wanted to know. – ivan_pozdeev Feb 03 '20 at 14:51
  • @ivan_pozdeev imo it is not immediately obvious that "the port here is 443". Just because the endpoint URL starts with `https` doesn't mean that it is indeed using the default port for https, no? – small_cat_destroyer Feb 03 '20 at 14:55
  • That's exactly what it means. – ivan_pozdeev Feb 03 '20 at 14:56
  • @ivan_pozdeev I really think that is not the case. 443 is simply the **default** https port. That does not mean that my request **necessarily** goes to that port. I need to make sure to which port it goes, that is why I posted a new question. I also edited it now, to clarify as to how that pre-existing question does not answer mine. – small_cat_destroyer Feb 03 '20 at 15:12
  • I don't know what else to say. See for yourself with a sniffer if you don't believe me. – ivan_pozdeev Feb 03 '20 at 15:18
  • I don't think it's about me believing you or not. It is about understanding what would be the best way to solve this problem. I did not see "sniffer" mentioned in any answer of the question that you pointed me to. As I mentioned I am not very experienced in this particular field, so could you please elaborate a bit more on what a sniffer is, and which one should I use? – small_cat_destroyer Feb 03 '20 at 15:29

0 Answers0