virustotal-search.py is a tool to query VirusTotal via its public API for file reports by providing hashes to search for.
This new version adds searching for URLs. Use option -t to select the type of search you want: file (default) or url.
Like this:
Option -e can be used to include extra information (present in the JSON reply) not included by default.
For example, a default file search does not include sha256 hashes:
But you can include it with option “-e sha256” like this:
The public API can also be used for queries for domain names and IP addresses. These queries are much simpler than file and url, and therefor, I developed a very generic program to query APIs. This will be released soon.
virustotal-search_V0_1_5.zip (https)
MD5: 2155347687726A321D1ADBB9C9B81CFD
SHA256: 4F614C9D01C694AEAA16F7D5E4DBFBCF37E8E8D01D382C1137F401612D02E110
Didier Stevens 