Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A Tool To Leverage Virus Total's Private API Key
Latest commit 31bc706 @Xen0ph0n Update
Failed to load latest commit information. Initial Commit Update Initial Commit


This is a simple tool to utilize the basic functionality of the Private API From Virus Total, with this tool you can eaisly scan a hash or file (script will automatically hash the file and submit the HASH to VT not the file). You can download malware based on hash, download pcaps, write the full VT Json report to file, and force a rescan of a previously uploaded file with new AV definitions. Advanced queries and bulk downloads can be accomplished via VT Provided Scripts available on the Intelligence portal. (or a bash loop if you want to bulk DL with this)

NOTE: You need your own premium VT API to use this tool. API Key Goes on Line 13!

NOTE2: If you have a free VT Public API (you do) then you can use with limited functionality (Check Hash/Path/Rescan/DownloadJson/VerboseDetections) four checks per minute are allowed.

Authors & Licence

Original Script Author: Adam Meyers

Rewritten & Modified: Chris Clark

License: Do whatever you want with it :)


Usage is as follows with an example of a basic search +  hitting all of
the switches below:

usage: [-h] [-s] [-v] [-j] [-d] [-p] [-r] HashorPath

Search and Download from VirusTotal

positional arguments:
 HashorPath      Enter the MD5 Hash or Path to File

optional arguments:
 -h, --help      show this help message and exit
 -s, --search    Search VirusTotal
 -v, --verbose   Turn on verbosity of VT reports
 -j, --jsondump  Dumps the full VT report to file (VTDLXXX.json)
 -d, --download  Download File from Virustotal (VTDLXXX.danger)
 -p, --pcap      Download Network Traffic (VTDLXXX.pcap)
 -r, --rescan    Force Rescan with Current A/V Definitions

Example Basic Scan:

xen0ph0n@pir8ship:~/tools$ python ../../VirtualBox_Share/wsusservice.dll -s

      Results for MD5:  92d37a92138659fa75f45ccb87242910

      Detected by:  30 / 43
      Sophos Detection: Troj/Briba-A
      Kaspersky Detection: Backdoor.Win32.Agent.clfe
      TrendMicro Detection: BKDR_BRIBA.A
      Scanned on: 2012-09-28 02:44:37
      First Seen: 2012-08-15 12:36:02
      Last Seen: 2012-09-28 02:44:37
      Unique Sources 3
      Submission Names:

Example Verbose Scan + Download + Pcap + Json Save + Force Rescan:

xen0ph0n@pir8ship:~/tools$ python 287f3dda64b830a5ac5a6df3266f7d08 -pdvjr

      Results for MD5:  287f3dda64b830a5ac5a6df3266f7d08

      Detected by:  38 / 46
      Sophos Detection: Troj/Hurgyu-A
      Kaspersky Detection: Trojan-Dropper.Win32.Dapato.bnnu
      TrendMicro Detection: TROJ_GEN.RCBC8HQ
      Scanned on: 2013-03-25 21:38:35
      First Seen: 2012-09-25 09:14:13
      Last Seen: 2012-09-25 09:14:13
      Unique Sources 1
      Submission Names:

       JSON Written to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.json

       Verbose VirusTotal Information Output:

       MicroWorld-eScan         True     Trojan.Generic.7705996
       nProtect                 True     Trojan/W32.Small.29184.SN
       CAT-QuickHeal            True     TrojanDropper.Dapato.bnnu
       McAfee                   True     Generic Dropper!ff3
       Malwarebytes             True     Trojan.Inject
       K7AntiVirus              True     Riskware
       TheHacker                False    None
       NANO-Antivirus           True     Trojan.Win32.Dapato.vpmxh
       F-Prot                   False    None
       Symantec                 True     Trojan.Gen.2
       Norman                   True     Suspicious_Gen4.AWDSR
       TotalDefense             False    None
       TrendMicro-HouseCall     True     TROJ_GEN.RCBC8HQ
       Avast                    True     MX97:ShellCode-I [Expl]
       eSafe                    False    None
       ClamAV                   False    None
       Kaspersky                True     Trojan-Dropper.Win32.Dapato.bnnu
       BitDefender              True     Trojan.Generic.7705996
       Agnitum                  True     Trojan.DR.Dapato!qkvVtOGNQlE
       SUPERAntiSpyware         False    None
       Emsisoft                 True     Trojan.Generic.7705996 (B)
       Comodo                   True     UnclassifiedMalware
       F-Secure                 True     Trojan:W32/Agent.DUDB
       DrWeb                    True     Trojan.DownLoader6.49674
       VIPRE                    True     Trojan.Win32.Generic!BT
       AntiVir                  True     TR/Agent.29184.170
       TrendMicro               True     TROJ_GEN.RCBC8HQ
       McAfee-GW-Edition        True     Generic Dropper!ff3
       Sophos                   True     Troj/Hurgyu-A
       Jiangmin                 True     TrojanDropper.Dapato.mfq
       Antiy-AVL                True     Trojan/Win32.Dapato.gen
       Kingsoft                 True     Win32.Troj.Dapato.(kcloud)
       Microsoft                True     VirTool:Win32/Obfuscator.ABD
       ViRobot                  True     Dropper.A.Dapato.29184.J
       AhnLab-V3                True     Trojan/Win32.Inject
       GData                    True     Trojan.Generic.7705996
       Commtouch                False    None
       ByteHero                 False    None
       VBA32                    True     Trojan-Dropper.Dapato.bnnu
       PCTools                  True     Trojan.Gen
       ESET-NOD32               True     a variant of Win32/Inject.NFV
       Rising                   True     Suspicious
       Ikarus                   True     Win32.SuspectCrc
       Fortinet                 True     W32/Inject.NFV!tr
       AVG                      True     Dropper.Generic6.APFX
       Panda                    True     Generic Trojan

       Malware Downloaded to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.danger

       PCAP Downloaded to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.pcap

       Virus Total Rescan Initiated for -- 287F3DDA64B830A5AC5A6DF3266F7D08 (Requery in 10 Mins)
Something went wrong with that request. Please try again.