CIRCL VirusTotal tools
A set of tools to interact with the services from VirusTotal.
All the tools require an API key which you can get from http://www.virustotal.com/ for free for the public API. It also exists a private API. See VirusTotal for more information. The number of requests is usually limited to 20 per 5 minutes. Higher intervalls are possible upon request.
A configuration file at ~/.vt-tools.conf is mandatory.
It contains the following:
[Global] public = True private = True public_key = YOURPUBLICAPIKEY private_key = YOURPRIVATEAPIKEY public_requests = 20 # default private_requests = 300 # default
An example configuration file is included.
Description of the tools:
- send one or multiple hashes (MD5/SHA1) to VirusTotal and get a human readable list of detections back and some statistics. The --dump option returns the list in a computer readable format.
- Example: md5 test/* | cut -d"=" -f2 | vthash.py
- same as vthash.py (just a symlink) but uses the private API of VirusTotal (which gives much more information)
- send one or more files to VirusTotal. Returns a unique ID to requests the report later. Scan might need some time. Instead of getting the report, using vthash.py after uploading does work, too.
- Example: ls test/* | vtupload.py
All files except those listed below are licensed under the
GNU General Public License v3
(C) 2011, CIRCL, Smile GIE
(C) Sascha Rommelfangen
Exception: postfile.py is a contribution from http://code.activestate.com/recipes/146306/
This file is licensed under PSF License, which is compatible with the GPL