lewiswigmore / Virus.xcheck

Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.

Home Page:https://twitter.com/LewSecurity

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

██╗   ██╗██╗██████╗ ██╗   ██╗███████╗   ██╗  ██╗ ██████╗██╗  ██╗███████╗ ██████╗██╗  ██╗
██║   ██║██║██╔══██╗██║   ██║██╔════╝   ╚██╗██╔╝██╔════╝██║  ██║██╔════╝██╔════╝██║ ██╔╝
██║   ██║██║██████╔╝██║   ██║███████╗    ╚███╔╝ ██║     ███████║█████╗  ██║     █████╔╝ 
╚██╗ ██╔╝██║██╔══██╗██║   ██║╚════██║    ██╔██╗ ██║     ██╔══██║██╔══╝  ██║     ██╔═██╗ 
 ╚████╔╝ ██║██║  ██║╚██████╔╝███████║██╗██╔╝ ██╗╚██████╗██║  ██║███████╗╚██████╗██║  ██╗
  ╚═══╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚══════╝ ╚═════╝╚═╝  ╚═╝


Virus.xcheck is a Python tool that verifies the existence of file hashes in the Virus Exchange database. It supports MD5, SHA1, SHA256, and SHA512 hashes. The tool can read hashes from a CSV file or a single hash from the command line, checking each against the Virus Exchange database.


  • Reads hashes from a CSV file or a single hash from the command line.
  • Checks each hash against the Virus Exchange database.
  • Supports MD5, SHA1, SHA256, and SHA512 hashes.
  • Parallel processing for efficient handling of larger files.
  • Outputs the results in JSON or CSV format.
  • Command-line interface with multiple usage options.
  • Checks are rate limited to 15 requests per second.


  • Python 3
  • Libraries: requests, tqdm, ratelimit


Ensure Python 3 is installed on your system. Install the required libraries using pip:

pip install requests tqdm ratelimit


Getting started and usage guide:

python virusxcheck.py

Execute the script from the command line with the following format:

python virusxcheck.py -f /path/to/your/hashes.csv

To save the output in a custom-named CSV file:

python virusxcheck.py -f /path/to/hashes.csv -o /path/to/custom_output.csv

To check a single hash:

python virusxcheck.py -s "hash_value"


  • -f or --file: Path to the CSV file containing hashes.
  • -o or --output: Path to the output file (CSV or JSON format).
  • -s or --single: Single hash string to check.


The tool outputs the results in either JSON or CSV format, where each hash is mapped to its status ('Found' or 'Not Found') and the corresponding download URL if found.

You can specify the output format (JSON or CSV) using the -o option followed by the desired file extension:

  • JSON: -o output.json
  • CSV: -o output.csv

Example output (JSON):

    "123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t27": {
        "status": "Not found in VX database",
        "virustotal_url": "https://www.virustotal.com/gui/file/123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t2"        
    "199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42": {
        "status": "Found in VX database",
        "vx_url": "https://s3.us-east-1.wasabisys.com/vxugmwdb/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42",       
        "virustotal_url": "https://www.virustotal.com/gui/file/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42"


This tool is for informational purposes only. Ensure you have the right to access and check the hashes against the database and always comply with the terms of service of the website.


Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.


License:MIT License


Language:Python 100.0%