Didier Stevens

Wednesday 12 June 2019

Update: virustotal-search.py Version 0.1.5

Filed under: Malware,My Software,Update — Didier Stevens @ 0:00

virustotal-search.py is a tool to query VirusTotal via its public API for file reports by providing hashes to search for.

This new version adds searching for URLs. Use option -t to select the type of search you want: file (default) or url.

Like this:

Option -e can be used to include extra information (present in the JSON reply) not included by default.

For example, a default file search does not include sha256 hashes:

But you can include it with option “-e sha256” like this:

The public API can also be used for queries for domain names and IP addresses. These queries are much simpler than file and url, and therefor, I developed a very generic program to query APIs. This will be released soon.

virustotal-search_V0_1_5.zip (https)
MD5: 2155347687726A321D1ADBB9C9B81CFD
SHA256: 4F614C9D01C694AEAA16F7D5E4DBFBCF37E8E8D01D382C1137F401612D02E110


  1. […] Update: virustotal-search.py Version 0.1.5 […]

    Pingback by Week 24 – 2019 – This Week In 4n6 — Sunday 16 June 2019 @ 8:36

  2. This looks great, it’s just a shame the rate limit for the VT public API is so low – only 4/minute. And pricing for the private API is *insanely high* :/

    Comment by GordonS — Saturday 29 June 2019 @ 15:08

  3. hi , thanks for nice tools.
    which python version used in this virustotal-search_V0_1_5.zip tool?

    Comment by ikri — Sunday 25 October 2020 @ 17:24

  4. That is Python 2. I’ve just worked on version 0.1.6, that’s Python 3. If you require Python 3, let me know, and I’ll let you test that new version.

    Comment by Didier Stevens — Sunday 25 October 2020 @ 21:11

  5. hi Didier,
    yes i wanna test this tool. if you have please share.thanks

    Comment by ikri — Monday 26 October 2020 @ 10:01

  6. Hi, Could it be possible for you to share the python 3 version of virustotal-search program. It will be much helpful. Thanks

    Comment by Myne — Tuesday 27 October 2020 @ 8:03

  7. I posted it on my github

    Comment by Didier Stevens — Tuesday 27 October 2020 @ 21:06

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.