Tools for VirusTotal
Switch branches/tags
Nothing to show
Clone or download

CIRCL VirusTotal tools


A set of tools to interact with the services from VirusTotal.


All the tools require an API key which you can get from for free for the public API. It also exists a private API. See VirusTotal for more information. The number of requests is usually limited to 20 per 5 minutes. Higher intervalls are possible upon request.


A configuration file at ~/.vt-tools.conf is mandatory.
It contains the following:

public = True
private = True
public_requests = 20	# default
private_requests = 300	# default

An example configuration file is included.

Description of the tools:

    • send one or multiple hashes (MD5/SHA1) to VirusTotal and get a human readable list of detections back and some statistics. The --dump option returns the list in a computer readable format.
    • Example: md5 test/* | cut -d"=" -f2 |
    • same as (just a symlink) but uses the private API of VirusTotal (which gives much more information)
    • send one or more files to VirusTotal. Returns a unique ID to requests the report later. Scan might need some time. Instead of getting the report, using after uploading does work, too.
    • Example: ls test/* |


All files except those listed below are licensed under the GNU General Public License v3
(C) 2011, CIRCL, Smile GIE
(C) Sascha Rommelfangen

Exception: is a contribution from
This file is licensed under PSF License, which is compatible with the GPL