Virus Total API Python Script

: Virus Total API Python Script :

Scripts! Ok, now that we have your attention. Quite a few months ago we worked on building a foremost script where you could carve all the files out of memory and then query Virus Total for each hash. We wanted to pull the Virus Total subset out of the script and expand on it a bit. Nanospl0it and I finally found some time to work on this and below is what we’ve got so far.

Script Location



Video Tutorial

In order to Access your Virus Total API key, all you need to do is login to Virus Total from their website and click on your profile. There will be a “My API Key” option from the menu that appears. For more instructions, check out

Now that we have all our requirements out of the way, let’s check out the help menu.


A few of the options above are required to properly run the script. Below is the breakdown of the options.

Although not required, you probably want to use either –i or –H. Without these options you aren’t using anything to query VT with.

So let’s run a query!


Keep in mind that I have removed my API key after -k. Please make sure you have yours in place. The output will print to both the console as well as dump a summary to the output file specified.






What’s a malicious output look like!?


In this instance, we stored the hash into a text file and performed the look up.


Above we have used an MD5 as well as a SHA1 for our queries. The following hashes are searchable in Virus Total.

That’s all folks! If you have any questions or feature requests, please let me know at or leave a comment. We do have a few ideas of what we would like to add such as being able to write and store your api key in a file so you don’t have to keep it on hand for each query.

 Post details 

 Comments (10) 

  1. freddie says:

    Is there a way to make the options a permanent value? I want to automate the script as much as possible, basically I want to add the hashes into a permanent input.txt file, double click the script and get the output on a permanent output.txt file. Also can this script be configured to query urls?

  2. jojo says:

    I get the following error. Any ideas?
    Traceback (most recent call last):
    File “”, line 116, in
    File “”, line 80, in main
    VT_Request(args.key, line.rstrip(), args.output)
    File “”, line 89, in VT_Request
    json_response = url.json()
    File “/Library/Python/2.7/site-packages/requests-2.10.0-py2.7.egg/requests/”, line 812, in json
    return complexjson.loads(self.text, **kwargs)
    File “/Library/Python/2.7/site-packages/simplejson/”, line 516, in loads
    return _default_decoder.decode(s)
    File “/Library/Python/2.7/site-packages/simplejson/”, line 370, in decode
    obj, end = self.raw_decode(s)
    File “/Library/Python/2.7/site-packages/simplejson/”, line 400, in raw_decode
    return self.scan_once(s, idx=_w(s, idx).end())
    simplejson.scanner.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

    • We were running into a similar bug a few weeks ago but it seems to have cleared up without any modification to the script. Spent some time today throwing the same hash sets at the script and it’s no longer having issues with the json output. We will keep an eye on this. Thanks for chatting with us via e-mail.

  3. wmac says:

    Hey guys, great work on putting this together; I’ve yet to find a script that does this specific function.

    I am running into a bit of an issue myself, and I believe it’s because I’m a total python noob. Would you be able to offer any advice on the below?

    Traceback (most recent call last):
    File “”, line 116, in
    File “”, line 80, in main
    VT_Request(args.key, line.rstrip(), args.output)
    File “”, line 88, in VT_Request
    url = requests.get(‘’, params
    File “C:\Python27\lib\site-packages\requests-2.11.0-py2.7.egg\requests\”
    , line 70, in get
    return request(‘get’, url, params=params, **kwargs)
    File “C:\Python27\lib\site-packages\requests-2.11.0-py2.7.egg\requests\”
    , line 56, in request
    return session.request(method=method, url=url, **kwargs)
    File “C:\Python27\lib\site-packages\requests-2.11.0-py2.7.egg\requests\session”, line 471, in request
    resp = self.send(prep, **send_kwargs)
    File “C:\Python27\lib\site-packages\requests-2.11.0-py2.7.egg\requests\session”, line 581, in send
    r = adapter.send(request, **kwargs)
    File “C:\Python27\lib\site-packages\requests-2.11.0-py2.7.egg\requests\adapter”, line 491, in send
    raise SSLError(e, request=request)
    requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verif
    y failed (_ssl.c:590)

  4. WMAC says:

    Hey Destruct_Icon,

    Sorry for the delay in replaying back. I was able to get it running just fine – the proxy was the problem, thanks for checking back (and double thanks for putting this handy script together)!

 Leave a comment 

Your email address will not be published. Required fields are marked *



 © 2018 -