This is a simple tool to utilize the basic functionality of the Private API From Virus Total, with this tool you can eaisly scan a hash or file (script will automatically hash the file and submit the HASH to VT not the file). You can download malware based on hash, download pcaps, write the full VT Json report to file, and force a rescan of a previously uploaded file with new AV definitions. Advanced queries and bulk downloads can be accomplished via VT Provided Scripts available on the Intelligence portal. (or a bash loop if you want to bulk DL with this)
NOTE: You need your own premium VT API to use this tool. API Key Goes on Line 13!
NOTE2: If you have a free VT Public API (you do) then you can use VTlite.py with limited functionality (Check Hash/Path/Rescan/DownloadJson/VerboseDetections) four checks per minute are allowed.
Original Script Author: Adam Meyers
Rewritten & Modified: Chris Clark
License: Do whatever you want with it :)
Usage is as follows with an example of a basic search + hitting all of the switches below: usage: vt.py [-h] [-s] [-v] [-j] [-d] [-p] [-r] HashorPath Search and Download from VirusTotal positional arguments: HashorPath Enter the MD5 Hash or Path to File optional arguments: -h, --help show this help message and exit -s, --search Search VirusTotal -v, --verbose Turn on verbosity of VT reports -j, --jsondump Dumps the full VT report to file (VTDLXXX.json) -d, --download Download File from Virustotal (VTDLXXX.danger) -p, --pcap Download Network Traffic (VTDLXXX.pcap) -r, --rescan Force Rescan with Current A/V Definitions Example Basic Scan: xen0ph0n@pir8ship:~/tools$ python vt.py ../../VirtualBox_Share/wsusservice.dll -s Results for MD5: 92d37a92138659fa75f45ccb87242910 Detected by: 30 / 43 Sophos Detection: Troj/Briba-A Kaspersky Detection: Backdoor.Win32.Agent.clfe TrendMicro Detection: BKDR_BRIBA.A Scanned on: 2012-09-28 02:44:37 First Seen: 2012-08-15 12:36:02 Last Seen: 2012-09-28 02:44:37 Unique Sources 3 Submission Names: 92d37a92138659fa75f45ccb87242910 wsusservice.dll_ wsusservice2.dll_ file-4567337_ Example Verbose Scan + Download + Pcap + Json Save + Force Rescan: xen0ph0n@pir8ship:~/tools$ python vt.py 287f3dda64b830a5ac5a6df3266f7d08 -pdvjr Results for MD5: 287f3dda64b830a5ac5a6df3266f7d08 Detected by: 38 / 46 Sophos Detection: Troj/Hurgyu-A Kaspersky Detection: Trojan-Dropper.Win32.Dapato.bnnu TrendMicro Detection: TROJ_GEN.RCBC8HQ Scanned on: 2013-03-25 21:38:35 First Seen: 2012-09-25 09:14:13 Last Seen: 2012-09-25 09:14:13 Unique Sources 1 Submission Names: 7DkduxxH JSON Written to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.json Verbose VirusTotal Information Output: MicroWorld-eScan True Trojan.Generic.7705996 nProtect True Trojan/W32.Small.29184.SN CAT-QuickHeal True TrojanDropper.Dapato.bnnu McAfee True Generic Dropper!ff3 Malwarebytes True Trojan.Inject K7AntiVirus True Riskware TheHacker False None NANO-Antivirus True Trojan.Win32.Dapato.vpmxh F-Prot False None Symantec True Trojan.Gen.2 Norman True Suspicious_Gen4.AWDSR TotalDefense False None TrendMicro-HouseCall True TROJ_GEN.RCBC8HQ Avast True MX97:ShellCode-I [Expl] eSafe False None ClamAV False None Kaspersky True Trojan-Dropper.Win32.Dapato.bnnu BitDefender True Trojan.Generic.7705996 Agnitum True Trojan.DR.Dapato!qkvVtOGNQlE SUPERAntiSpyware False None Emsisoft True Trojan.Generic.7705996 (B) Comodo True UnclassifiedMalware F-Secure True Trojan:W32/Agent.DUDB DrWeb True Trojan.DownLoader6.49674 VIPRE True Trojan.Win32.Generic!BT AntiVir True TR/Agent.29184.170 TrendMicro True TROJ_GEN.RCBC8HQ McAfee-GW-Edition True Generic Dropper!ff3 Sophos True Troj/Hurgyu-A Jiangmin True TrojanDropper.Dapato.mfq Antiy-AVL True Trojan/Win32.Dapato.gen Kingsoft True Win32.Troj.Dapato.(kcloud) Microsoft True VirTool:Win32/Obfuscator.ABD ViRobot True Dropper.A.Dapato.29184.J AhnLab-V3 True Trojan/Win32.Inject GData True Trojan.Generic.7705996 Commtouch False None ByteHero False None VBA32 True Trojan-Dropper.Dapato.bnnu PCTools True Trojan.Gen ESET-NOD32 True a variant of Win32/Inject.NFV Rising True Suspicious Ikarus True Win32.SuspectCrc Fortinet True W32/Inject.NFV!tr AVG True Dropper.Generic6.APFX Panda True Generic Trojan Malware Downloaded to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.danger PCAP Downloaded to File -- VTDL287F3DDA64B830A5AC5A6DF3266F7D08.pcap Virus Total Rescan Initiated for -- 287F3DDA64B830A5AC5A6DF3266F7D08 (Requery in 10 Mins)