Skip to content
Branch: master
Find file History
Type Name Latest commit message Commit time
Failed to load latest commit information. first commit May 7, 2019 pagination in qradar; vt and hibp with tls_verify May 8, 2019

Corsair > Chronicle > VirusTotal

This VirusTotal API wrapper is based in the official developer guide, available at


  • API v2
  • 1 request by 15 seconds

An example on how VirusTotal structures URLs and how it's mapped in Corsair follows:
           Base URL              Endpoint Resource Suffix     Filters

Thanks to VirusTotal for providing private API access to implement this wrapper. The only endpoints I couldn't test due to lack of permissions were file/feed, url/scan, url/feed, and comments/put

Basic Usage

>>> from corsair.chronicle.virustotal import Api
>>> vt = Api('', 'my-apikey')
>>> eicar = '3395856ce81f2b7382dee72602f798b642f14140'
>>>'report', resource=eicar, allinfo='true')
>>> vt.file.create('scan', file=open('', 'rb'))
>>>'download', hash=eicar, output_file='foo.bin')
>>>'behaviour', hash=eicar)
>>>'network-traffic', hash=eicar)
>>>'clusters', date='2019-05-01')
>>> results ='search', query='eicar')
>>>'search', query='eicar', offset=results['offset'])
>>>'report', resource='', scan='1')
>>>'report', domain='')
>>>'report', ip='')
>>> c1 ='get', resource=eicar)
>>> c2 ='get', resource=eicar, before=c1['comments'][-1]['date'])
You can’t perform that action at this time.