Git Product home page Git Product logo

lewiswigmore / virus.xcheck Goto Github PK

View Code? Open in Web Editor NEW
42.0 2.0 3.0 22 KB

Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.

Home Page: https://twitter.com/LewSecurity

License: MIT License

Python 100.00%
cyber-security cybersecurity infosec malware malware-analysis python python3 vx vx-underground

virus.xcheck's Introduction

██╗   ██╗██╗██████╗ ██╗   ██╗███████╗   ██╗  ██╗ ██████╗██╗  ██╗███████╗ ██████╗██╗  ██╗
██║   ██║██║██╔══██╗██║   ██║██╔════╝   ╚██╗██╔╝██╔════╝██║  ██║██╔════╝██╔════╝██║ ██╔╝
██║   ██║██║██████╔╝██║   ██║███████╗    ╚███╔╝ ██║     ███████║█████╗  ██║     █████╔╝ 
╚██╗ ██╔╝██║██╔══██╗██║   ██║╚════██║    ██╔██╗ ██║     ██╔══██║██╔══╝  ██║     ██╔═██╗ 
 ╚████╔╝ ██║██║  ██║╚██████╔╝███████║██╗██╔╝ ██╗╚██████╗██║  ██║███████╗╚██████╗██║  ██╗
  ╚═══╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚══════╝ ╚═════╝╚═╝  ╚═╝

Overview

Virus.xcheck is a Python tool that verifies the existence of file hashes in the Virus Exchange database. It supports MD5, SHA1, SHA256, and SHA512 hashes. The tool can read hashes from a CSV file or a single hash from the command line, checking each against the Virus Exchange database.

Features

  • Reads hashes from a CSV file or a single hash from the command line.
  • Checks each hash against the Virus Exchange database.
  • Supports MD5, SHA1, SHA256, and SHA512 hashes.
  • Parallel processing for efficient handling of larger files.
  • Outputs the results in JSON or CSV format.
  • Command-line interface with multiple usage options.
  • Checks are rate limited to 15 requests per second.

Requirements

  • Python 3
  • Libraries: requests, tqdm, ratelimit

Installation

Ensure Python 3 is installed on your system. Install the required libraries using pip:

pip install requests tqdm ratelimit

Usage

Getting started and usage guide:

python virusxcheck.py

Execute the script from the command line with the following format:

python virusxcheck.py -f /path/to/your/hashes.csv

To save the output in a custom-named CSV file:

python virusxcheck.py -f /path/to/hashes.csv -o /path/to/custom_output.csv

To check a single hash:

python virusxcheck.py -s "hash_value"

Arguments

  • -f or --file: Path to the CSV file containing hashes.
  • -o or --output: Path to the output file (CSV or JSON format).
  • -s or --single: Single hash string to check.

Output

The tool outputs the results in either JSON or CSV format, where each hash is mapped to its status ('Found' or 'Not Found') and the corresponding download URL if found.

You can specify the output format (JSON or CSV) using the -o option followed by the desired file extension:

  • JSON: -o output.json
  • CSV: -o output.csv

Example output (JSON):

{
    "123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t27": {
        "status": "Not found in VX database",
        "virustotal_url": "https://www.virustotal.com/gui/file/123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t2"        
    },
    "199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42": {
        "status": "Found in VX database",
        "vx_url": "https://s3.us-east-1.wasabisys.com/vxugmwdb/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42",       
        "virustotal_url": "https://www.virustotal.com/gui/file/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42"
    }
}

Disclaimer

This tool is for informational purposes only. Ensure you have the right to access and check the hashes against the database and always comply with the terms of service of the website.

virus.xcheck's People

Contributors

lewiswigmore avatar

Stargazers

The Final Hop avatar Naveen Wijesinghe avatar Warren Baker avatar Sparky⚡ avatar Egor Achkasov avatar avatar avatar hirak0 avatar Anthony avatar Tom Harrison avatar Theodoros Symeonidis avatar Y avatar RodrigoM avatar Jonathan Gallimore avatar avatar 0x08 avatar Carlo Denaro avatar Clement avatar avatar Antonio avatar Max avatar El Mostafa Idrassi avatar mrpnkt avatar avatar ik5 avatar Nate Subra avatar avatar avatar avatar avatar Lino avatar Javier Izquierdo Vera avatar avatar Matúš Hubinský avatar Douglas Allerton-Puplette avatar Aaron Samala avatar Tu Anh Dao avatar Ubaidullah Shuaib avatar yuriXO avatar oldkingcone avatar avatar avatar

Watchers

avatar avatar

Forkers

gmh5225 rafiq0007 marx-wrld

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.