Skip to content
Python 3 package for the Virus Total API 2.0
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Python 3 implementation of the Virustotal Private API. In its current form it only implements a subset of the API and is incomplete.

This module borrows code from, the virustotal2 module. It uses the same rate limiting logic as virustotal2. Additionally it unifies the output of the API to json format and adds support for bulk queries.

##How To Use

import pyvt

api = pyvt.API('~/.virustotal.key')
# Retrieve list of ips
api.retrieve(['', ''])

# Retrieve list of urls
# Retrieve domain


pip3 install pyvt --pre


api = pyvt.API('~/.virustotal.key')                                # The default way of using the 
api = pyvt.API('', api_key=<VT API KEY>, limit_per_min=<number>)   # Providing other parameters

You can pass limit_per_min, which is the number of queries you can perform per minute. 3000 is the default. You can also alternatively provide your api_key as a string parameter.


Use the method retrieve() to get an existing report from VirusTotal. This method's first argument can be:

  • a single or list of MD5, SHA1 or SHA256 of files
  • a single or list of URLs
  • a single or list IP addresses
  • a single or list of domain names

retrieve() will attempt to auto-detect what you're giving it. If you want to be explicit, you can use the thing_type parameter with the values:

  • ip
  • domain
  • hash
  • file
  • base64
  • url

These values are provided as constants that you can use instead in the 'API_Constans' class which you can import as follows ::

from pyvt import API_Constansts

You can use thee scan() method to scan specific URLs. The scan method currently only supports URLs and will through an exception if anything other than a url is given to it.

Here is an example usage of the scan method that blocks until all scan results are available.

response, fail = api.scan(['',
                           ''], blocking=True)

Here is another usage example of the scan method that is none blocking.

response, fail = api.scan(['',

With the non-blocking call you will need to use the 'retrieve' method to get the results of the scan at a later stage. Note that the 'scan' method will return a Tuple where the second element is the urls for which the Virustotal API returned a Failure status response code and the method will not attempt to submit again.


Virustotal Private API

You can’t perform that action at this time.