Skip to content
API access to
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information. API

API access to Python command line file uploader (support for password protected zip uploads), and command line report search. will decode various document streams and find known exploits or active content, and will find xor+rol obfuscated embedded executables (which can be helpful to still detect badness when dealing with unknown potential zeroday or newly obfuscated exploits).

Find reports by sha256:

Try sha256 .json

Submissions for more recent samples are stored in sha256 -events.json

Search reports by any hash:


Query Params:

query: Any md5, sha1, sha256, sha512 or sample ID

key: API key - random data to md5

A successful result will be a redirect to the static json url. Please try to load the SHA256 repo URL instead of call DB intensive searches.

A not found report will return json 'result' = 0.


redirects to:

Upload file for analysis:


Query Params:

file[]: File content

key: API key - random data to md5 - json output returned for any random key, otherwise html if ommited.

unzip: Password to unzip encrypted archive containing the sample (optional).

QUICKSAND_BRUTE: 1 - Brute force 1 byte keys with ROL 1-7. (Normally 1 byte keys+ROL are automatically found by cryptanalysis).

QUICKSAND_LOOKAHEAD: 1 Try XOR lookahead algo - xorla.

QUICKSAND_RERUN: 1 rerun sample even if it already exists.

Poll for reports:


This special query returns the next report starting at sample ID 1 through the current sample. Result = 0 on no more reports.

Query Params:

query: next

key: API key - random data to md5 - used as a placeholder

A successful result will be a redirect to the static json url of the next report and save the report ID associated to your md5 key.

No more reports will return json 'result' = 0.


File uploads limited to approximately 12mb.

You can’t perform that action at this time.