CIRCL VirusTotal tools
Description
A set of tools to interact with the services from VirusTotal.
Requirements
All the tools require an API key which you can get from http://www.virustotal.com/ for free for the public API. It also exists a private API. See VirusTotal for more information. The number of requests is usually limited to 20 per 5 minutes. Higher intervalls are possible upon request.
Configuration
A configuration file at ~/.vt-tools.conf is mandatory.
It contains the following:
[Global]
public = True
private = True
public_key = YOURPUBLICAPIKEY
private_key = YOURPRIVATEAPIKEY
public_requests = 20 # default
private_requests = 300 # default
An example configuration file is included.
Description of the tools:
- vthash.py
- send one or multiple hashes (MD5/SHA1) to VirusTotal and get a human readable list of detections back and some statistics. The --dump option returns the list in a computer readable format.
- Example: md5 test/* | cut -d"=" -f2 | vthash.py
- vthash-pro.py
- same as vthash.py (just a symlink) but uses the private API of VirusTotal (which gives much more information)
- vtupload.py
- send one or more files to VirusTotal. Returns a unique ID to requests the report later. Scan might need some time. Instead of getting the report, using vthash.py after uploading does work, too.
- Example: ls test/* | vtupload.py
Licenses
All files except those listed below are licensed under the
GNU General Public License v3
(C) 2011, CIRCL, Smile GIE
(C) Sascha Rommelfangen
http://www.circl.lu
https://github.com/CIRCL/vt-tools
Exception: postfile.py is a contribution from http://code.activestate.com/recipes/146306/
This file is licensed under PSF License, which is compatible with the GPL