A simple VirusTotal API implementation in Python
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



vta.py is a simple Python implementation of the VirusTotal public API https://www.virustotal.com/en/documentation/public-api/

I use it to sort my malware samples, so it's lacking a lot of functionalities the full VT API supports. For the time being vta.py can only be used to scan files/urls and get back the results of said scans.

It can be used both as a library in a Python program or as a standalone CLI application. It needs requests(1) to work. If you have ansicolors(2) installed, results are colored depending if a url/file is malicious or not.

Usage as a CLI app

Scanning a url:

python vtwrapper.py -u erethon.com

or use '' for weird urls

python vtwrapper.py -u 'erethon.com/weird-url-!chars' 

Scanning a file:

python vtwrapper.py -f virus.exe

Getting the results for a URL or file that was previously scanned:

python vtwrapper.py -r erethon.com

for a file use:

python vtwrapper.py -F virus.exe

Usage as a library

from vta import vtapi

vt = vtapi()
print vt.results("url", "erethon.com")

This will print the json response from the server. If you want to 'beautify' it use:

vt.print_scam_results(vt.results("url", "erethon.com"))

The rest of the fuctions are documented here:

vt.sendfile(filename) -- Submits a file to be scanned
vt.results("file","HashOfFile") -- Returns the results of a previously scanned file (you need to use its md5/sha1/sha256 hash)
vt.results("url", "ScannedURL") -- Returns the results of a previously scanned url
vt.scanurl("URL") -- Submits URL to be scanned