The module that implements the service API functions www.virustotal.com (3 versions). For a detailed description of the API, see: https://developers.virustotal.com/v3.0/reference.

The following VirusTotal API functions are implemented:

For files:

• /files
• /files/upload_url
• /files/{id}
• /files/{id}/analyse
• /files/{id}/comments
• /files/{id}/comments
• /files/{id}/votes
• /files/{id}/votes
• /files/{id}/{relationship}
• /file_behaviours/{sandbox_id}/pcap
• /files/{id}/download_url (Added in version 1.2.0, requires a private key to access API functions)
• /files/{id}/download (Added in version 1.2.0, requires a private key to access API functions)

For URLs:

• /urls
• /urls/{id}
• /urls/{id}/analyse
• /urls/{id}/comments
• /urls/{id}/comments
• /urls/{id}/votes
• /urls/{id}/votes
• /urls/{id}/network_location

For domains:

• /domains/{domain}
• /domains/{domain}/comments
• /domains/{domain}/comments
• /domains/{domain}/{relationship}
• /domains/{domain}/votes
• /domains/{domain}/votes

For IP-addresses:

• /domains/{domain}
• /domains/{domain}/comments
• /domains/{domain}/comments
• /domains/{domain}/{relationship}
• /domains/{domain}/votes
• /domains/{domain}/votes

File and URL analysis:

• /analyses/{id}

pip install vtapi3

Code

import json
from vtapi3 import VirusTotalAPIFiles, VirusTotalAPIError
   ...
vt_files = VirusTotalAPIFiles('<API key>')
try:
    result = vt_files.upload('<file path>')
except VirusTotalAPIError as err:
    print(err, err.err_code)
else:
    if vt_files.get_last_http_error() == vt_files.HTTP_OK:
        result = json.loads(result)
        result = json.dumps(result, sort_keys=False, indent=4)
        print(result)
    else:
        print('HTTP Error [' + str(vt_files.get_last_http_error()) +']')
    ...

Output

{
  "data": {
    "type": "analysis",
    "id": "NjY0MjRlOTFjMDIyYTkyNWM0NjU2NWQzYWNlMzFmZmI6MTQ3NTA0ODI3Nw=="
  }
}

Before using the package from the command line, you must create an environment variable VT_API_KEY in which to place the value of the access key to the VirusTotal API functions.

python -m vtapi3  [-h] [-fid] [-fsr] [-far] [-hr] [-uid] [-usr] [-uar] [-ipr]
                  [-dr]
                  resource

Positional arguments

• resource - Object that you want to analyse in VirusTotal (file, URL, IP address or domain).

Optional arguments

• -h, --help - Show help message and exit.
• -fid, --file-id - Getting the identifier of the file for further analysis.
• -fsr, --file-scan-report - Getting a report on the results of scanning a file.
• -far, --file-analyse-report - Getting a report on the results of file analysis (enabled by default).
• -hr, --hash-report - Getting a report on the results of analyzing a file by its hash (SHA256, SHA1 or MD5).
• -uid, --url-id - Getting the identifier of the URL for further analysis.
• -usr, --url-scan-report - Getting a report on the results of scanning a URL.
• -uar, --url-analyse-report - Getting a report on the results of URL analysis.
• -ipr, --ip-report - Getting a report on the results of IP address analysis.
• -dr, --domain-report - Getting a report on the results of domain analysis.

MIT Copyright (c) 2020 Evgeny Drobotun

Documentation for using this package: https://virustotalapi3.readthedocs.io