con un clic
virustotal
VirusTotal: check file/URL/domain/IP against 70+ AV engines
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Menú
VirusTotal: check file/URL/domain/IP against 70+ AV engines
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Basado en la clasificación ocupacional SOC
Delegate coding and file edits to Anthropic Claude Code CLI
| name | virustotal |
| description | VirusTotal: check file/URL/domain/IP against 70+ AV engines |
| category | security |
| version | 1.0.0 |
| license | Apache-2.0 |
| origin | aiden |
| tags | security, virustotal, malware, antivirus, threat-intel, hash, url, domain, ip, incident-response |
| env_required | ["VIRUSTOTAL_API_KEY"] |
VirusTotal aggregates results from 70+ antivirus engines and threat intelligence feeds. Check file hashes, URLs, domains, and IP addresses for known malware, phishing, and suspicious activity.
Requires: VIRUSTOTAL_API_KEY — free at https://www.virustotal.com/gui/my-apikey (4 req/min on free tier).
$hash = "44d88612fea8a8f36de82e1278abb02f" # EICAR test file
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/files/$hash"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$stats = $result.data.attributes.last_analysis_stats
Write-Host "File: $($result.data.attributes.meaningful_name)"
Write-Host "Malicious: $($stats.malicious) / $($stats.malicious + $stats.undetected + $stats.harmless)"
Write-Host "Suspicious: $($stats.suspicious)"
Write-Host "First seen: $($result.data.attributes.first_submission_date)"
$targetUrl = "https://example.com"
$key = $env:VIRUSTOTAL_API_KEY
# URL id = URL-safe base64 without padding
$bytes = [System.Text.Encoding]::UTF8.GetBytes($targetUrl)
$b64 = [Convert]::ToBase64String($bytes).Replace('+','-').Replace('/','_').TrimEnd('=')
$url = "https://www.virustotal.com/api/v3/urls/$b64"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$stats = $result.data.attributes.last_analysis_stats
Write-Host "URL: $targetUrl"
Write-Host "Malicious: $($stats.malicious)"
Write-Host "Phishing: $($result.data.attributes.categories -join ', ')"
Write-Host "Reputation: $($result.data.attributes.reputation)"
$domain = "example.com"
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/domains/$domain"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$attrs = $result.data.attributes
Write-Host "Domain: $domain"
Write-Host "Reputation: $($attrs.reputation)"
Write-Host "Categories: $($attrs.categories.PSObject.Properties.Value -join ', ')"
$stats = $attrs.last_analysis_stats
Write-Host "Malicious: $($stats.malicious) engines"
$ip = "1.1.1.1"
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/ip_addresses/$ip"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$attrs = $result.data.attributes
$stats = $attrs.last_analysis_stats
Write-Host "IP: $ip"
Write-Host "AS Owner: $($attrs.as_owner)"
Write-Host "Country: $($attrs.country)"
Write-Host "Reputation: $($attrs.reputation)"
Write-Host "Malicious: $($stats.malicious) engines"
"Is hash 44d88612fea8a8f36de82e1278abb02f malware?" → Use the file hash check — malicious count > 0 means confirmed threats.
"Check if https://suspicious-login.com is phishing"
→ Use the URL check — look at malicious and phishing categories.
"I got an alert for domain evil-c2.net — is it known bad?" → Use the domain check — look at reputation score and malicious engine count.
"This IP keeps hitting our firewall — is it a known attacker?"
→ Use the IP check — reputation < 0 and high malicious count = treat as threat.
Start-Sleep -Seconds 16 between calls when checking multiple IOCsVIRUSTOTAL_API_KEY — free account at https://www.virustotal.com/gui/join-us