Skip to content
A simple virus total client written in Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
vtclient.py

README.md

Virus Total Client

A simple python client that you can run at the command line to do a hash search.

Usage

  1. Sign up for a free VirusTotal account.
  2. Copy and paste your API key from the Settings > API Key page. Save it somewhere locally.
  3. Pass your API key and the hash to the script like so (sample MD5 hash: 7657fcb7d772448a6d8504e4b20168b8):
$ python3 vtclient.py my-api-key my-hash

The API is called and returns pretty, readable JSON. An example might look like:

$ python3 vtclient.py ha9f7h8983jfo23ijfo9jflajfl 7657fcb7d772448a6d8504e4b20168b8

This would return a blob of JSON like so:

{
  "md5": "7657fcb7d772448a6d8504e4b20168b8",
  "permalink": "https://www.virustotal.com/file/54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71/analysis/1519298675/",
  "positives": 64,
  "resource": "7657fcb7d772448a6d8504e4b20168b8",
  "response_code": 1,
  "scan_date": "2018-02-22 11:24:35",
  "scan_id": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71-1519298675",
  "scans": {
      "ALYac": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "1.1.1.5"
      },
      "AVG": {
          "detected": true,
          "result": "Win32:Kryptik-JOV [Trj]",
          "update": "20180222",
          "version": "18.1.3800.0"
      },
      "AVware": {
          "detected": true,
          "result": "Trojan.Win32.Generic!BT",
          "update": "20180222",
          "version": "1.5.0.42"
      },
      "Ad-Aware": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "3.0.3.1010"
      },
      "AhnLab-V3": {
          "detected": true,
          "result": "Trojan/Win32.Zbot.R19508",
          "update": "20180222",
          "version": "3.11.3.19504"
      },
      "Antiy-AVL": {
          "detected": true,
          "result": "Worm/Win32.Autorun.icp",
          "update": "20180222",
          "version": "3.0.0.1"
      },
      "Arcabit": {
          "detected": true,
          "result": "Trojan.Kazy.D224E",
          "update": "20180222",
          "version": "1.0.0.830"
      },
      "Avast": {
          "detected": true,
          "result": "Win32:Kryptik-JOV [Trj]",
          "update": "20180222",
          "version": "18.1.3800.0"
      },
      "Avast-Mobile": {
          "detected": false,
          "result": null,
          "update": "20180221",
          "version": "180221-04"
      },
      "Avira": {
          "detected": true,
          "result": "TR/Drop.Liks.A",
          "update": "20180222",
          "version": "8.3.3.6"
      },
      "Baidu": {
          "detected": true,
          "result": "Win32.Worm.Autorun.f",
          "update": "20180208",
          "version": "1.0.0.2"
      },
      "BitDefender": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "7.2"
      },
      "Bkav": {
          "detected": true,
          "result": "W32.ZeustrackerZS.Trojan",
          "update": "20180212",
          "version": "1.3.0.9466"
      },
      "CAT-QuickHeal": {
          "detected": true,
          "result": "Trojan.Ramnit.A",
          "update": "20180222",
          "version": "14.00"
      },
      "CMC": {
          "detected": true,
          "result": "Trojan.Win32.Lebag!O",
          "update": "20180222",
          "version": "1.1.0.977"
      },
      "ClamAV": {
          "detected": true,
          "result": "Win.Trojan.Ramnit-7847",
          "update": "20180222",
          "version": "0.99.2.0"
      },
      "Comodo": {
          "detected": true,
          "result": "TrojWare.Win32.Kryptik.KLV",
          "update": "20180222",
          "version": "28564"
      },
      "CrowdStrike": {
          "detected": true,
          "result": "malicious_confidence_100% (W)",
          "update": "20170201",
          "version": "1.0"
      },
      "Cybereason": {
          "detected": true,
          "result": "malicious.7d7724",
          "update": "20180205",
          "version": "1.2.27"
      },
      "Cylance": {
          "detected": true,
          "result": "Unsafe",
          "update": "20180222",
          "version": "2.3.1.101"
      },
      "Cyren": {
          "detected": true,
          "result": "W32/Ramnit.K.gen!Eldorado",
          "update": "20180222",
          "version": "5.4.30.7"
      },
      "DrWeb": {
          "detected": true,
          "result": "Win32.HLLW.Tazebama.235",
          "update": "20180222",
          "version": "7.0.28.2020"
      },
      "ESET-NOD32": {
          "detected": true,
          "result": "Win32/Ramnit.A",
          "update": "20180222",
          "version": "16946"
      },
      "Emsisoft": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782 (B)",
          "update": "20180222",
          "version": "4.0.2.899"
      },
      "Endgame": {
          "detected": true,
          "result": "malicious (high confidence)",
          "update": "20180216",
          "version": "1.2.1"
      },
      "F-Prot": {
          "detected": true,
          "result": "W32/Ramnit.K.gen!Eldorado",
          "update": "20180222",
          "version": "4.7.1.166"
      },
      "F-Secure": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "11.0.19100.45"
      },
      "Fortinet": {
          "detected": true,
          "result": "W32/Kryptik.KLV!tr",
          "update": "20180222",
          "version": "5.4.247.0"
      },
      "GData": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "A:25.16111B:25.11644"
      },
      "Ikarus": {
          "detected": true,
          "result": "Virus.Win32.Virtob",
          "update": "20180222",
          "version": "0.1.5.2"
      },
      "Invincea": {
          "detected": true,
          "result": "heuristic",
          "update": "20180121",
          "version": "6.3.4.26036"
      },
      "Jiangmin": {
          "detected": true,
          "result": "Trojan/Generic.dkmt",
          "update": "20180222",
          "version": "16.0.100"
      },
      "K7AntiVirus": {
          "detected": true,
          "result": "Riskware ( 0015e4f11 )",
          "update": "20180222",
          "version": "10.40.26289"
      },
      "K7GW": {
          "detected": true,
          "result": "Riskware ( 0015e4f11 )",
          "update": "20180222",
          "version": "10.40.26290"
      },
      "Kaspersky": {
          "detected": true,
          "result": "Worm.Win32.Autorun.icp",
          "update": "20180222",
          "version": "15.0.1.13"
      },
      "Kingsoft": {
          "detected": false,
          "result": null,
          "update": "20180222",
          "version": "2013.8.14.323"
      },
      "MAX": {
          "detected": true,
          "result": "malware (ai score=100)",
          "update": "20180222",
          "version": "2017.11.15.1"
      },
      "Malwarebytes": {
          "detected": true,
          "result": "Spyware.Zbot",
          "update": "20180222",
          "version": "2.1.1.1115"
      },
      "McAfee": {
          "detected": true,
          "result": "PWS-Zbot.gen.cy",
          "update": "20180221",
          "version": "6.0.6.653"
      },
      "McAfee-GW-Edition": {
          "detected": true,
          "result": "BehavesLike.Win32.PWSZbot.ch",
          "update": "20180222",
          "version": "v2015"
      },
      "MicroWorld-eScan": {
          "detected": true,
          "result": "Gen:Variant.Kazy.8782",
          "update": "20180222",
          "version": "14.0.297.0"
      },
      "Microsoft": {
          "detected": true,
          "result": "Trojan:Win32/Ramnit",
          "update": "20180222",
          "version": "1.1.14500.5"
      },
      "NANO-Antivirus": {
          "detected": true,
          "result": "Trojan.Win32.DownLoad2.csmmu",
          "update": "20180222",
          "version": "1.0.100.21498"
      },
      "Paloalto": {
          "detected": true,
          "result": "generic.ml",
          "update": "20180222",
          "version": "1.0"
      },
      "Panda": {
          "detected": true,
          "result": "Trj/Ramnit.F",
          "update": "20180221",
          "version": "4.6.4.2"
      },
      "Qihoo-360": {
          "detected": true,
          "result": "Win32/Trojan.544",
          "update": "20180222",
          "version": "1.0.0.1120"
      },
      "Rising": {
          "detected": true,
          "result": "Malware.XPACK!1.64E1 (CLASSIC)",
          "update": "20180222",
          "version": "25.0.0.1"
      },
      "SUPERAntiSpyware": {
          "detected": true,
          "result": "Trojan.Agent/Gen-FakeSecurity",
          "update": "20180221",
          "version": "5.6.0.1032"
      },
      "SentinelOne": {
          "detected": true,
          "result": "static engine - malicious",
          "update": "20180115",
          "version": "1.0.12.202"
      },
      "Sophos": {
          "detected": true,
          "result": "Troj/ZXC-G",
          "update": "20180222",
          "version": "4.98.0"
      },
      "Symantec": {
          "detected": true,
          "result": "W32.Ramnit",
          "update": "20180222",
          "version": "1.5.0.0"
      },
      "Tencent": {
          "detected": true,
          "result": "Worm.Win32.AutoRun.aaa",
          "update": "20180222",
          "version": "1.0.0.1"
      },
      "TheHacker": {
          "detected": true,
          "result": "Trojan/Lebag.agu",
          "update": "20180219",
          "version": "6.8.0.5.2426"
      },
      "TotalDefense": {
          "detected": true,
          "result": "Win32/Ramnit.B!Dropper",
          "update": "20180222",
          "version": "37.1.62.1"
      },
      "TrendMicro": {
          "detected": true,
          "result": "TSPY_ZBOT.SMHA",
          "update": "20180222",
          "version": "9.862.0.1074"
      },
      "TrendMicro-HouseCall": {
          "detected": true,
          "result": "TSPY_ZBOT.SMHA",
          "update": "20180222",
          "version": "9.950.0.1006"
      },
      "VBA32": {
          "detected": true,
          "result": "Worm.AutoRun",
          "update": "20180221",
          "version": "3.12.28.0"
      },
      "VIPRE": {
          "detected": true,
          "result": "Trojan.Win32.Generic!BT",
          "update": "20180222",
          "version": "64782"
      },
      "ViRobot": {
          "detected": true,
          "result": "Trojan.Win32.Agent.109056.CR",
          "update": "20180222",
          "version": "2014.3.20.0"
      },
      "Webroot": {
          "detected": true,
          "result": "Trojan:Win32/Eyestye.H",
          "update": "20180222",
          "version": "1.0.0.207"
      },
      "WhiteArmor": {
          "detected": false,
          "result": null,
          "update": "20180205",
          "version": null
      },
      "Yandex": {
          "detected": true,
          "result": "Trojan.Ramnit!cLbJ7UZPdfE",
          "update": "20180222",
          "version": "5.5.1.3"
      },
      "Zillya": {
          "detected": true,
          "result": "Trojan.Zbot.Win32.81569",
          "update": "20180221",
          "version": "2.0.0.3497"
      },
      "ZoneAlarm": {
          "detected": true,
          "result": "Worm.Win32.Autorun.icp",
          "update": "20180222",
          "version": "1.0"
      },
      "Zoner": {
          "detected": true,
          "result": "Win32.Ramnit.A",
          "update": "20180222",
          "version": "1.0"
      },
      "eGambit": {
          "detected": true,
          "result": "Unsafe.AI_Score_70%",
          "update": "20180222",
          "version": "v4.3.5"
      },
      "nProtect": {
          "detected": true,
          "result": "Trojan-Spy/W32.ZBot.109056.AR",
          "update": "20180222",
          "version": "2018-02-22.02"
      }
  },
  "sha1": "84c7201f7e59cb416280fd69a2e7f2e349ec8242",
  "sha256": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71",
  "total": 67,
  "verbose_msg": "Scan finished, information embedded"
}
You can’t perform that action at this time.