Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
██╗ ██╗██╗██████╗ ██╗ ██╗███████╗ ██╗ ██╗ ██████╗██╗ ██╗███████╗ ██████╗██╗ ██╗
██║ ██║██║██╔══██╗██║ ██║██╔════╝ ╚██╗██╔╝██╔════╝██║ ██║██╔════╝██╔════╝██║ ██╔╝
██║ ██║██║██████╔╝██║ ██║███████╗ ╚███╔╝ ██║ ███████║█████╗ ██║ █████╔╝
╚██╗ ██╔╝██║██╔══██╗██║ ██║╚════██║ ██╔██╗ ██║ ██╔══██║██╔══╝ ██║ ██╔═██╗
╚████╔╝ ██║██║ ██║╚██████╔╝███████║██╗██╔╝ ██╗╚██████╗██║ ██║███████╗╚██████╗██║ ██╗
╚═══╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═════╝╚═╝ ╚═╝
Virus.xcheck is a Python tool that verifies the existence of file hashes in the Virus Exchange database. It supports MD5, SHA1, SHA256, and SHA512 hashes. The tool can read hashes from a CSV file or a single hash from the command line, checking each against the Virus Exchange database.
requests
, tqdm
, ratelimit
Ensure Python 3 is installed on your system. Install the required libraries using pip:
pip install requests tqdm ratelimit
Getting started and usage guide:
python virusxcheck.py
Execute the script from the command line with the following format:
python virusxcheck.py -f /path/to/your/hashes.csv
To save the output in a custom-named CSV file:
python virusxcheck.py -f /path/to/hashes.csv -o /path/to/custom_output.csv
To check a single hash:
python virusxcheck.py -s "hash_value"
-f
or --file
: Path to the CSV file containing hashes.-o
or --output
: Path to the output file (CSV or JSON format).-s
or --single
: Single hash string to check.The tool outputs the results in either JSON or CSV format, where each hash is mapped to its status ('Found' or 'Not Found') and the corresponding download URL if found.
You can specify the output format (JSON or CSV) using the -o option followed by the desired file extension:
-o output.json
-o output.csv
Example output (JSON):
{
"123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t27": {
"status": "Not found in VX database",
"virustotal_url": "https://www.virustotal.com/gui/file/123ab456c7891011d1213e14f1g516h1718i1jk9202mn12223o2p42qe5s26t2"
},
"199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42": {
"status": "Found in VX database",
"vx_url": "https://s3.us-east-1.wasabisys.com/vxugmwdb/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42",
"virustotal_url": "https://www.virustotal.com/gui/file/199ab829c3280509d9842e31f9g024h6254i2jk19l4mn44603o3p25qe1s74t42"
}
}
This tool is for informational purposes only. Ensure you have the right to access and check the hashes against the database and always comply with the terms of service of the website.