check.py is a python script that takes IP OR Domain OR URL OR Hash, submit it to virustotal.com for analysis using their API and returns the result as either Malicious or Clean. A single detection qualifies for being marked as malicious.
1- Get your 'API key' by registering at https://www.virustotal.com/
2- Install requests
pip install requests3- Download check.py script using the following command:
git clone https://github.com/malwarejuice/Check/It takes three command-line arguments after script name as follows:
1- Your API key
2- Type the word 'url' if you are going to check a url,
or type the word 'hash' if you are going to check a hash,
or type the word 'domain' if you are going to check a domain,
or type the word 'ip-address' if you are going to check an ip-address
3- The url / hash / domain / ip you want to check
So for example, a correct usage will look like:
python check.py [your_api_key] url https://www.google.com
or
python check.py [your_api_key] ip-address 255:255:255:255
or
python check.py [your_api_key] hash 61D071CE81241301DB7F7231AEDE729EEBA335D438494CE80D7D28E67A49B005
or
python check.py [your_api_key] domain googler.cloudThe ouput will be either:
1- Clean
2- Malicious
3- The item you searched for was not present in VirusTotal's dataset.
4- Connection error.
5- Usage message for input errors.
6- Forbidden. You don't have enough privileges to make the request.
If the key is wrong.
7- Bad request. This can be caused by missing arguments or arguments with wrong values.
8- Request rate limit exceeded, Please wait!
The Public API is limited to 4 requests per minute.
9- Responce code error!
10- The requested item is still queued for analysis.