Back
VirusTotal

VirusTotal

Rest · 10 capabilities

Documentation

TLDR

The VirusTotal API allows developers to programmatically upload files and URLs for scanning and retrieve detailed analysis reports. You can get reports for files by hash, scan new URLs, and fetch analysis results for domains and IP addresses. This enables integration of malware detection and threat intelligence into security applications and workflows.

Capabilities

File AnalysisScan and retrieve reports for files, including uploading, rescanning, downloading, and managing comments and votes. Supports: file uploads, large file uploads, file reports, rescans, downloads, comments, votes, related objects, Sigma rules, YARA rulesets.
Url AnalysisScan and retrieve reports for URLs, including rescanning, managing comments, and votes. Supports: URL scans, URL reports, rescans, comments, votes, related objects.
Domain AnalysisRetrieve and rescan domain reports, manage comments, and votes. Supports: domain reports, rescans, comments, votes, related objects, DNS resolution.
Ip Address AnalysisRetrieve and rescan IP address reports, manage comments, and votes. Supports: IP address reports, rescans, comments, votes, related objects.
File Behavior AnalysisAnalyze the behavior of files in a sandbox environment, including summaries of MITRE ATT&CK techniques and detailed reports. Supports: behavior report summaries, MITRE ATT&CK techniques, detailed behavior reports (HTML, EVTX, PCAP, memdump), related objects.
Threat Intelligence SearchSearch for files, URLs, domains, IPs, and comments, including advanced corpus searches and content snippets. Supports: general search, advanced corpus search, file content search snippets, VirusTotal metadata.
Collections ManagementCreate, manage, and export collections of indicators of compromise (IOCs). Supports: creating, getting, updating, deleting collections, comments, adding/deleting items, listing collections, exporting IOCs, exporting aggregations, searching IOCs within collections.
Yara Rules & HuntingManage YARA rules, monitor for new threats with IoC streams, and perform Livehunt and Retrohunt operations. Supports: crowdsourced YARA rules, IoC stream, Livehunt rulesets (create, manage, notifications), Retrohunt jobs (create, manage, matches).
Vt GraphsCreate and manage visual graphs of threat intelligence, including permissions and comments. Supports: searching, creating, getting, updating, deleting graphs, comments, managing viewers and editors.
Private ScanningUpload and analyze files privately, managing private analyses and behavior reports. Supports: private file uploads, listing private files, private file reports, rescans, deletions, private analyses, private file behavior reports.