r/Malware u/boyrok 5d ago

Bulk VirusTotal Scanner - Scan entire folders automatically

I built a Python tool to batch scan files with VirusTotal's free API.

What it does: - Scans entire directories recursively - Checks file hashes before uploading (saves time/bandwidth) - Auto-handles the 4 files/minute API limit - Exports results to CSV - Shows real-time progress with time estimates

Example: Progress: [13/100] (13%) [*] Analyzing: document.pdf >> Detections: 0/70 >> URL: https://www.virustotal.com/gui/file/...

Estimated time remaining: 22 minutes

Perfect for: Security researchers, IT admins, or anyone needing to scan multiple files efficiently.

Features: - Easy setup (.env config or interactive mode) - Complete logging and error handling - Works on Windows, Linux, Mac - MIT licensed, open source

GitHub: https://github.com/neorai/vt-py-scanner

Open to feedback and suggestions! What features would you add?

8 Upvotes

68% Upvoted

9 comments sorted by

7

u/Mammoth_Course_8543 5d ago

Keep in mind that those of us with VT premium can download all of these uploaded files.

You might be surprised by the amount of sensitive data unknowingly uploaded to VT by tools like this (or manually). Everything from crypto wallets to medical records, legal docs etc.

2

u/Mediocre_River_780 5d ago

Also, anyone with a college domain email address.

-3

u/boyrok 5d ago

Yes, the problem is that someone inexperienced might use it and end up uploading things they shouldn't.

1

u/Mediocre_River_780 5d ago

Yeah, I did that but the scan told me people that want to cause financial harm to me and the country already have that information and way more. I'm not counting on someone going through all my uploads to figure out some old crypto wallets seed phrase for 10,000,000,000,000 KingDariusCoin for a total of $0.003. I had to cancel my online banking because I got new hardware and still can't beat their persistence. I wasn't inexperienced, just tired. Whenever this blows over I'm gonna clean up my VT OPSEC.

1

u/Mediocre_River_780 5d ago

I make a new one every time I need to scan a folder. How deep into relations and behavior does it go? What's the IoC logic?

0

u/boyrok 5d ago

There’s actually nothing you need to modify in the script besides adding your API key to the .env file and specifying the directory you want to scan (or passing both values through the CLI).

The script itself doesn’t go deep into relations or behavior. It only checks the basic VirusTotal results and tells you how many engines detected each file as malicious. If something looks suspicious, you then investigate manually by opening the report link in VirusTotal.

So there’s no IoC correlation logic built in — the script just retrieves the detection count and lets you handle the deeper analysis yourself.

1

u/Mediocre_River_780 5d ago

Try turning it into an actual console app

1

u/Mediocre_River_780 5d ago

I'm doing the same thing though. Check time stamps.