virustotal-search.py is a tool to query VirusTotal via its public API for file reports by providing hashes to search for.
This new version adds searching for URLs. Use option -t to select the type of search you want: file (default) or url.
Like this:
Option -e can be used to include extra information (present in the JSON reply) not included by default.
For example, a default file search does not include sha256 hashes:
But you can include it with option “-e sha256” like this:
The public API can also be used for queries for domain names and IP addresses. These queries are much simpler than file and url, and therefor, I developed a very generic program to query APIs. This will be released soon.
virustotal-search_V0_1_5.zip (https)
MD5: 2155347687726A321D1ADBB9C9B81CFD
SHA256: 4F614C9D01C694AEAA16F7D5E4DBFBCF37E8E8D01D382C1137F401612D02E110
Didier Stevens 
[…] Update: virustotal-search.py Version 0.1.5 […]
Pingback by Week 24 – 2019 – This Week In 4n6 — Sunday 16 June 2019 @ 8:36
This looks great, it’s just a shame the rate limit for the VT public API is so low – only 4/minute. And pricing for the private API is *insanely high*
Comment by GordonS — Saturday 29 June 2019 @ 15:08
hi , thanks for nice tools.
which python version used in this virustotal-search_V0_1_5.zip tool?
Comment by ikri — Sunday 25 October 2020 @ 17:24
That is Python 2. I’ve just worked on version 0.1.6, that’s Python 3. If you require Python 3, let me know, and I’ll let you test that new version.
Comment by Didier Stevens — Sunday 25 October 2020 @ 21:11
hi Didier,
yes i wanna test this tool. if you have please share.thanks
Comment by ikri — Monday 26 October 2020 @ 10:01
Hi, Could it be possible for you to share the python 3 version of virustotal-search program. It will be much helpful. Thanks
Comment by Myne — Tuesday 27 October 2020 @ 8:03
I posted it on my github
Comment by Didier Stevens — Tuesday 27 October 2020 @ 21:06