gawen / Virustotal
💊 VirusTotal Public API 2.0 client for Python 2.x
Stars: ✭ 141
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Virustotal
VirusTotalScanner
Scan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!
Stars: ✭ 18 (-87.23%)
Mutual labels: virustotal
Virustotal
A simple command-line script to interact with the virustotal-api
Stars: ✭ 50 (-64.54%)
Mutual labels: virustotal
Vendor-Threat-Triage-Lookup
Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-87.94%)
Mutual labels: virustotal
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (+141.84%)
Mutual labels: virustotal
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+788.65%)
Mutual labels: virustotal
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+82.27%)
Mutual labels: virustotal
Virustotal Tools
Submits multiple domains to VirusTotal API
Stars: ✭ 29 (-79.43%)
Mutual labels: virustotal
mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (-0.71%)
Mutual labels: virustotal
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-78.01%)
Mutual labels: virustotal
Virustotaluploader
C# Open-Source Winforms application for uploading files to VirusTotal
Stars: ✭ 387 (+174.47%)
Mutual labels: virustotal
Vt Go
The official Go client library for VirusTotal API
Stars: ✭ 53 (-62.41%)
Mutual labels: virustotal
ghaction-virustotal
GitHub Action to upload and scan files with VirusTotal
Stars: ✭ 105 (-25.53%)
Mutual labels: virustotal
Malsub
A Python RESTful API framework for online malware analysis and threat intelligence services.
Stars: ✭ 308 (+118.44%)
Mutual labels: virustotal
Malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla, Malware Bazaar, ThreatFox and it is able to scan Android devices against VT and HA.
Stars: ✭ 1,276 (+804.96%)
Mutual labels: virustotal
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-51.06%)
Mutual labels: virustotal
virustotal
virustotal is a Python module to use the Virustotal public API, a free service that analyzes files from malwares.
Prerequisites
You need to get an API key to use the VirusTotal Public API 2.0. To do so, just sign-up on the service, go to your profile and click on API Key.
How to use
Install
Install virustotal using setuptools' related softwares.
pip install virustotal
easy_install virustotal
or clone this repos
git clone git://github.com/Gawen/virustotal.git
cd virustotal
python setup.py install
Import
Import the virustotal module
import virustotal
Instantiate the handler's class.
v = virustotal.VirusTotal(YOUR_API_KEY)
Get a report
Use the method get(). Its first parameter can be :
- A hash (MD5, SHA1, SHA256)
- A scan-id (VirusTotal's scan UID)
- A file object (file, socket, StringIO)
- A file path or URL
For example,
# Filepath
report = v.get("/foo/bar")
# EICAR (see Links section)
report = v.get(StringIO.StringIO("X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"))
# EICAR's MD5 (see Links section)
report = v.get("44D88612FEA8A8F36DE82E1278ABB02F")
Scan a file
Use the method scan(). Its first parameter can be :
- A file object (file, socket, StringIO)
- A file path or URL
For example,
# Filepath
report = v.scan("/foo/bar")
# EICAR (see Links section)
report = v.scan(StringIO.StringIO("X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"))
You can set its parameter reanalyze to force VirusTotal to re-scan the file.
# Force to re-scan EICAR (see Links section)
report = v.scan(StringIO.StringIO("X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"), reanalyze = True)
Report object
A report (instance of Report) is returned by the method get() and scan().
During a scan, the final report is not returned immediatly because VirusTotal needs time to send you the results. You can know if a report is done using the parameter done.
if report.done:
# Read the report
You can wait for the report to be done using the join() method.
# Wait for the report to be ready
report.join()
assert report.done == True
Then, you can use the report to get the results:
print "Report"
print "- Resource's UID:", report.id
print "- Scan's UID:", report.scan_id
print "- Permalink:", report.permalink
print "- Resource's SHA1:", report.sha1
print "- Resource's SHA256:", report.sha256
print "- Resource's MD5:", report.md5
print "- Resource's status:", report.status
print "- Antivirus' total:", report.total
print "- Antivirus's positives:", report.positives
for antivirus, malware in report:
if malware is not None:
print
print "Antivirus:", antivirus[0]
print "Antivirus' version:", antivirus[1]
print "Antivirus' update:", antivirus[2]
print "Malware:", malware
Use as a client CLI
You can use virustotal.py as a CLI program to get report or scan files in VirusTotal.
usage: python virustotal.py (get|scan) [resource]
resource can be:
- A hash (MD5, SHA1, SHA256)
- A scan-id (VirusTotal's scan UID)
- A file path or URL
To ask VirusTotal to get the EICAR file report (see Links section).
python virustotal.py get 44D88612FEA8A8F36DE82E1278ABB02F
Or test if this repository is virus-free ;-)
python virustotal.py scan *
Links
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].