A Python script that analyzes a list of file hashes by retrieving their detection scores, names, extensions, and distributors from VirusTotal.
A Python script that gets score, name, extension and distributors of a file hashes list.
This tool is designed for security analysts and threat intelligence professionals who need to quickly assess multiple file hashes against VirusTotal's database to determine their maliciousness and related metadata. It automates querying VirusTotal's API to provide consolidated results, helping users prioritize and investigate suspicious files efficiently.
Users should be aware of VirusTotal's API request limits: 500 requests per day and 4 requests per minute for free accounts. The script automatically handles rate limiting by delaying requests when using a free API key. For higher volume needs, obtaining a premium API key is recommended. Ensure the input hash list is correctly formatted with one hash per line to avoid errors.
Create a VirusTotal API key by signing in at https://developers.virustotal.com/
Install the required Python library with: pip install requestsRun virustotal_hash_analyzer.py
Launches the script to start the hash analysis process
Enter the path to the .txt file containing the list of file hashes
Specifies the input file with hashes to be analyzed
Enter the minimum percentage of positive scans (or leave default to include all)
Filters results based on the minimum detection ratio
Enter your VirusTotal API_KEY (or place it in the first line of your_key.txt)
Provides the required API key for accessing VirusTotal services
Enter 'yes' if using a Premium API key, otherwise 'false' (or place in second line of your_key.txt)
Indicates whether the API key is premium to adjust request pacing