一键导入
virustotal
VirusTotal: check file/URL/domain/IP against 70+ AV engines
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
VirusTotal: check file/URL/domain/IP against 70+ AV engines
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Search and download arXiv papers (no API key needed)
Delegate coding and file edits to Anthropic Claude Code CLI
Read/write Windows clipboard text, HTML, images, history (PowerShell)
Running scripts and code on Windows
Delegate coding tasks to OpenAI Codex CLI
Windows Defender: scans, threat history, signatures (PowerShell)
| name | virustotal |
| description | VirusTotal: check file/URL/domain/IP against 70+ AV engines |
| category | security |
| version | 1.0.0 |
| license | Apache-2.0 |
| origin | aiden |
| tags | security, virustotal, malware, antivirus, threat-intel, hash, url, domain, ip, incident-response |
| env_required | ["VIRUSTOTAL_API_KEY"] |
VirusTotal aggregates results from 70+ antivirus engines and threat intelligence feeds. Check file hashes, URLs, domains, and IP addresses for known malware, phishing, and suspicious activity.
Requires: VIRUSTOTAL_API_KEY — free at https://www.virustotal.com/gui/my-apikey (4 req/min on free tier).
$hash = "44d88612fea8a8f36de82e1278abb02f" # EICAR test file
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/files/$hash"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$stats = $result.data.attributes.last_analysis_stats
Write-Host "File: $($result.data.attributes.meaningful_name)"
Write-Host "Malicious: $($stats.malicious) / $($stats.malicious + $stats.undetected + $stats.harmless)"
Write-Host "Suspicious: $($stats.suspicious)"
Write-Host "First seen: $($result.data.attributes.first_submission_date)"
$targetUrl = "https://example.com"
$key = $env:VIRUSTOTAL_API_KEY
# URL id = URL-safe base64 without padding
$bytes = [System.Text.Encoding]::UTF8.GetBytes($targetUrl)
$b64 = [Convert]::ToBase64String($bytes).Replace('+','-').Replace('/','_').TrimEnd('=')
$url = "https://www.virustotal.com/api/v3/urls/$b64"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$stats = $result.data.attributes.last_analysis_stats
Write-Host "URL: $targetUrl"
Write-Host "Malicious: $($stats.malicious)"
Write-Host "Phishing: $($result.data.attributes.categories -join ', ')"
Write-Host "Reputation: $($result.data.attributes.reputation)"
$domain = "example.com"
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/domains/$domain"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$attrs = $result.data.attributes
Write-Host "Domain: $domain"
Write-Host "Reputation: $($attrs.reputation)"
Write-Host "Categories: $($attrs.categories.PSObject.Properties.Value -join ', ')"
$stats = $attrs.last_analysis_stats
Write-Host "Malicious: $($stats.malicious) engines"
$ip = "1.1.1.1"
$key = $env:VIRUSTOTAL_API_KEY
$url = "https://www.virustotal.com/api/v3/ip_addresses/$ip"
$result = Invoke-RestMethod -Uri $url -Headers @{ "x-apikey" = $key }
$attrs = $result.data.attributes
$stats = $attrs.last_analysis_stats
Write-Host "IP: $ip"
Write-Host "AS Owner: $($attrs.as_owner)"
Write-Host "Country: $($attrs.country)"
Write-Host "Reputation: $($attrs.reputation)"
Write-Host "Malicious: $($stats.malicious) engines"
"Is hash 44d88612fea8a8f36de82e1278abb02f malware?" → Use the file hash check — malicious count > 0 means confirmed threats.
"Check if https://suspicious-login.com is phishing"
→ Use the URL check — look at malicious and phishing categories.
"I got an alert for domain evil-c2.net — is it known bad?" → Use the domain check — look at reputation score and malicious engine count.
"This IP keeps hitting our firewall — is it a known attacker?"
→ Use the IP check — reputation < 0 and high malicious count = treat as threat.
Start-Sleep -Seconds 16 between calls when checking multiple IOCsVIRUSTOTAL_API_KEY — free account at https://www.virustotal.com/gui/join-us