| Title: | R Client for the 'VirusTotal' API |
| Version: | 0.6.0 |
| Description: | Provides a comprehensive R interface to the 'VirusTotal' API v3.0 https://docs.virustotal.com/, a Google service that analyzes files and URLs for viruses, worms, trojans and other malware. Features include file/URL scanning, domain categorization, passive DNS information, IP reputation analysis, IoC relationships, sandbox analysis, and comment/voting systems. Implements rate limiting, error handling, and response validation for robust security analysis workflows. |
| URL: | https://github.com/themains/virustotal, https://themains.github.io/virustotal/ |
| BugReports: | https://github.com/themains/virustotal/issues |
| Depends: | R (≥ 4.0.0) |
| License: | MIT + file LICENSE |
| VignetteBuilder: | knitr |
| Encoding: | UTF-8 |
| Language: | en-US |
| Imports: | httr (≥ 1.4.0), dplyr (≥ 1.0.0), base64enc (≥ 0.1-3), jsonlite (≥ 1.7.0), checkmate (≥ 2.0.0), rlang (≥ 1.0.0) |
| Suggests: | knitr (≥ 1.30), rmarkdown (≥ 2.0), testthat (≥ 3.0.0), lintr (≥ 3.0.0), httptest (≥ 4.0.0), covr, pkgdown, spelling |
| RoxygenNote: | 7.3.3 |
| Config/testthat/edition: | 3 |
| Config/Needs/website: | pkgdown |
| NeedsCompilation: | no |
| Packaged: | 2026-04-12 16:22:25 UTC; soodoku |
| Author: | Gaurav Sood [aut, cre] |
| Maintainer: | Gaurav Sood <gsood07@gmail.com> |
| Repository: | CRAN |
| Date/Publication: | 2026-04-13 07:30:02 UTC |
virustotal: Access Virustotal API
Description
Access virustotal API. See https://www.virustotal.com/. Details about API calls: https://docs.virustotal.com/reference.
You will need credentials to use this application. If you haven't already, get the API Key at https://www.virustotal.com/.
Author(s)
Gaurav Sood
See Also
Useful links:
Report bugs at https://github.com/themains/virustotal/issues
Clean up temporary files and directories
Description
Safely removes temporary files and directories created during VirusTotal operations.
Usage
cleanup_temp_files(paths)
Arguments
paths |
Character vector of file/directory paths to clean up |
Value
Logical indicating success
See Also
Other utilities:
create_safe_temp_dir(),
format_file_size(),
is_safe_environment(),
utilities,
validate_vt_response(),
virustotal_info(),
virustotal_version()
Create a safe temporary directory for file operations
Description
Creates a temporary directory with restricted permissions for secure file operations during malware analysis.
Usage
create_safe_temp_dir()
Value
Path to the temporary directory
See Also
Other utilities:
cleanup_temp_files(),
format_file_size(),
is_safe_environment(),
utilities,
validate_vt_response(),
virustotal_info(),
virustotal_version()
Get Domain Report
Description
Retrieves comprehensive analysis report for a given domain, including WHOIS information, DNS resolutions, detected URLs, and threat intelligence data.
Usage
domain_report(domain = NULL, ...)
Arguments
domain |
Domain name (character string). Required. |
... |
Additional arguments passed to |
Value
A virustotal_domain_report object containing domain analysis
results including WHOIS data, DNS resolutions, detected URLs, categories,
and threat intelligence
References
https://docs.virustotal.com/reference/domains
See Also
set_key for setting the API key
Examples
## Not run:
# Set API key first
set_key('your_api_key_here')
# Get domain reports
report1 <- domain_report("google.com")
report2 <- domain_report("https://www.example.com/path")
print(report1)
summary(report1)
## End(Not run)
Download a file from VirusTotal
Description
Download a file from VirusTotal
Usage
download_file(hash = NULL, output_path = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
output_path |
Local path to save the downloaded file. Optional. |
... |
Additional arguments passed to |
Value
Raw file content or saves file to specified path
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
download_file(hash='99017f6eebbac24f351415dd410d522d',
output_path='/tmp/downloaded_file')
## End(Not run)
Get File Scan Report
Description
Retrieves detailed analysis results for a file from VirusTotal using the v3 API.
Usage
file_report(hash, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) or analysis ID |
... |
Additional arguments passed to |
Value
A virustotal_file_report object containing file analysis results
including antivirus scans, file metadata, and threat detection information
References
https://docs.virustotal.com/reference/files
See Also
set_key for setting the API key, scan_file for submitting files
Examples
## Not run:
# Set API key first
set_key('your_api_key_here')
# Get file report using hash
report <- file_report(hash = '99017f6eebbac24f351415dd410d522d')
print(report)
summary(report)
# Work with the rich nested structure returned by v3 API
print(report$data$attributes$last_analysis_stats)
## End(Not run)
Convert file size to human readable format
Description
Convert file size to human readable format
Usage
format_file_size(size_bytes)
Arguments
size_bytes |
File size in bytes |
Value
Character string with human-readable size
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
is_safe_environment(),
utilities,
validate_vt_response(),
virustotal_info(),
virustotal_version()
Get Analysis Results
Description
Retrieves the results of a file or URL analysis by its analysis ID.
Usage
get_analysis(id = NULL, ...)
Arguments
id |
Analysis ID (character string). Required. |
... |
Additional arguments passed to |
Value
list containing analysis results including status and detection stats
References
https://docs.virustotal.com/reference/analysis
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_analysis(id='NjY0MjRlOTFjMDIyYTkyNWM0NjU2NWQzYWNlMzFmZmI6MTI4NTk')
## End(Not run)
Get Behaviour EVTX File
Description
Retrieves the EVTX (Windows Event Log) file from a sandbox analysis.
Usage
get_behaviour_evtx(sandbox_id = NULL, output_path = NULL, ...)
Arguments
sandbox_id |
Sandbox report ID (character string). Required. |
output_path |
Local path to save the EVTX file. Optional. |
... |
Additional arguments passed to httr::GET. |
Value
Raw EVTX content or saves to file if output_path specified
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_behaviour_report for JSON report
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
evtx <- get_behaviour_evtx(sandbox_id='hash_sandboxname')
get_behaviour_evtx(sandbox_id='hash_sandboxname',
output_path='/tmp/events.evtx')
## End(Not run)
Get Behaviour HTML Report
Description
Retrieves a detailed HTML report from a sandbox analysis.
Usage
get_behaviour_html(sandbox_id = NULL, output_path = NULL, ...)
Arguments
sandbox_id |
Sandbox report ID (character string). Required. |
output_path |
Local path to save the HTML file. Optional. |
... |
Additional arguments passed to httr::GET. |
Value
Raw HTML content or saves to file if output_path specified
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_behaviour_report for JSON report
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
html <- get_behaviour_html(sandbox_id='hash_sandboxname')
get_behaviour_html(sandbox_id='hash_sandboxname',
output_path='/tmp/report.html')
## End(Not run)
Get Behaviour Memory Dump
Description
Retrieves the memory dump file from a sandbox analysis.
Usage
get_behaviour_memdump(sandbox_id = NULL, output_path = NULL, ...)
Arguments
sandbox_id |
Sandbox report ID (character string). Required. |
output_path |
Local path to save the memory dump file. Optional. |
... |
Additional arguments passed to httr::GET. |
Value
Raw memory dump content or saves to file if output_path specified
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_behaviour_report for JSON report
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
memdump <- get_behaviour_memdump(sandbox_id='hash_sandboxname')
get_behaviour_memdump(sandbox_id='hash_sandboxname',
output_path='/tmp/memory.dmp')
## End(Not run)
Get Behaviour PCAP File
Description
Retrieves the PCAP (network capture) file from a sandbox analysis.
Usage
get_behaviour_pcap(sandbox_id = NULL, output_path = NULL, ...)
Arguments
sandbox_id |
Sandbox report ID (character string). Required. |
output_path |
Local path to save the PCAP file. Optional. |
... |
Additional arguments passed to httr::GET. |
Value
Raw PCAP content or saves to file if output_path specified
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_behaviour_report for JSON report
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
pcap <- get_behaviour_pcap(sandbox_id='hash_sandboxname')
get_behaviour_pcap(sandbox_id='hash_sandboxname',
output_path='/tmp/capture.pcap')
## End(Not run)
Get Behaviour Report
Description
Retrieves a specific behaviour report from a sandbox analysis.
Usage
get_behaviour_report(sandbox_id = NULL, ...)
Arguments
sandbox_id |
Sandbox report ID (character string). Required. |
... |
Additional arguments passed to |
Value
list containing detailed behaviour report from the sandbox
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_file_behaviours for listing all behaviour reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_behaviour_report(sandbox_id='hash_sandboxname')
## End(Not run)
Retrieve comments for an Internet domain
Description
Retrieve comments for an Internet domain
Usage
get_domain_comments(domain = NULL, limit = NULL, cursor = NULL, ...)
Arguments
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
list containing domain comment data including comment text, authors, dates, and any associated metadata from the VirusTotal v3.0 API
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_domain_comments("http://www.google.com")
get_domain_comments("http://www.goodsfwrfw.com") # Domain not found
## End(Not run)
Retrieve information about an Internet domain
Description
Retrieve information about an Internet domain
Usage
get_domain_info(domain = NULL, limit = NULL, cursor = NULL, ...)
Arguments
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_domain_info("http://www.google.com")
get_domain_info("http://www.goodsfwrfw.com") # Domain not found
## End(Not run)
Retrieve related objects to an Internet domain
Description
Retrieve related objects to an Internet domain
Usage
get_domain_relationship(
domain = NULL,
relationship = "subdomains",
limit = NULL,
cursor = NULL,
...
)
Arguments
domain |
domain name. String. Required. |
relationship |
relationship name. String. Required. Default is |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_domain_relationship("https://www.google.com")
get_domain_relationship("https://www.goodsfwrfw.com") # Domain not found
## End(Not run)
Retrieve votes for an Internet domain
Description
Retrieve votes for an Internet domain
Usage
get_domain_votes(domain = NULL, limit = NULL, cursor = NULL, ...)
Arguments
domain |
domain name. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_domain_votes("http://www.google.com")
get_domain_votes("http://www.goodsfwrfw.com") # Domain not found
## End(Not run)
Get File Behaviour MITRE ATT&CK Trees
Description
Retrieves MITRE ATT&CK techniques observed in file behaviour reports.
Usage
get_file_behaviour_mitre_trees(hash = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256). Required. |
... |
Additional arguments passed to |
Value
list containing MITRE ATT&CK technique mappings
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_file_behaviour_summary for behaviour summary
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_behaviour_mitre_trees(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Get File Behaviour Summary
Description
Retrieves a summary of all behaviour reports for a file.
Usage
get_file_behaviour_summary(hash = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256). Required. |
... |
Additional arguments passed to |
Value
list containing behaviour summary from all sandboxes
References
https://docs.virustotal.com/reference/file-all-behaviours-summary
See Also
set_key for setting the API key,
get_file_behaviours for full behaviour reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_behaviour_summary(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Get File Behaviours
Description
Retrieves all behaviour reports for a file from various sandboxes.
Usage
get_file_behaviours(hash = NULL, limit = NULL, cursor = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256). Required. |
limit |
Number of reports to retrieve. Integer. Optional. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing behaviour reports from various sandboxes
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
get_file_behaviour_summary for summary,
get_behaviour_report for individual sandbox reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_behaviours(hash='99017f6eebbac24f351415dd410d522d')
get_file_behaviours(hash='99017f6eebbac24f351415dd410d522d', limit=5)
## End(Not run)
Retrieve comments for a file
Description
Retrieve comments for a file
Usage
get_file_comments(hash = NULL, limit = NULL, cursor = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
limit |
Number of comments to retrieve. Integer. Optional. Default is 10. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing file comments
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_comments(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Get download URL for a file
Description
Get download URL for a file
Usage
get_file_download_url(hash = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
... |
Additional arguments passed to |
Value
list containing download URL and metadata
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_download_url(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Retrieve relationships for a file
Description
Retrieve relationships for a file
Usage
get_file_relationships(
hash = NULL,
relationship = NULL,
limit = NULL,
cursor = NULL,
...
)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
relationship |
Type of relationship: "behaviours", "bundled_files", "compression_parents", "contacted_domains", "contacted_ips", "contacted_urls", "dropped_files", "execution_parents", "itw_domains", "itw_ips", "itw_urls", "overlay_parents", "pcap_parents", "pe_resource_parents", "similar_files", "submissions" |
limit |
Number of relationships to retrieve. Integer. Optional. Default is 10. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing file relationships
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_relationships(hash='99017f6eebbac24f351415dd410d522d',
relationship='contacted_domains')
## End(Not run)
Get file upload URL for large files
Description
Get a special URL for uploading files larger than 32MB to VirusTotal for analysis.
Usage
get_file_upload_url(...)
Arguments
... |
Additional arguments passed to |
Value
list containing upload URL and other metadata
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key, scan_file for regular file uploads
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_upload_url()
## End(Not run)
Retrieve votes for a file
Description
Retrieve votes for a file
Usage
get_file_votes(hash = NULL, limit = NULL, cursor = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
limit |
Number of votes to retrieve. Integer. Optional. Default is 10. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing file votes
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_file_votes(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Retrieve comments for an IP address
Description
Retrieve comments for an IP address
Usage
get_ip_comments(ip = NULL, limit = NULL, cursor = NULL, ...)
Arguments
ip |
IP Address. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_ip_comments("64.233.160.0")
## End(Not run)
Retrieve information about an IP address
Description
Retrieves report on a given IP address.
Usage
get_ip_info(ip = NULL, limit = NULL, cursor = NULL, ...)
Arguments
ip |
IP address. Required. |
limit |
Number of entries. Optional. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_ip_info("64.233.160.0")
## End(Not run)
Retrieve votes for an IP address
Description
Retrieve votes for an IP address
Usage
get_ip_votes(ip = NULL, limit = NULL, cursor = NULL, ...)
Arguments
ip |
IP address. String. Required. |
limit |
Number of entries. Integer. Optional. Default is 10. |
cursor |
String. Optional. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_ip_votes("64.233.160.0")
## End(Not run)
Get current rate limit status
Description
Get current rate limit status
Usage
get_rate_limit_status()
Value
List with current status information
See Also
Other rate limiting:
rate-limiting,
rate_limit(),
reset_rate_limit()
Retrieve comments for a URL
Description
Retrieve comments for a URL
Usage
get_url_comments(url_id = NULL, limit = NULL, cursor = NULL, ...)
Arguments
url_id |
URL or URL ID from VirusTotal |
limit |
Number of comments to retrieve. Optional. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing URL comments
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_url_comments(url_id='http://www.google.com')
## End(Not run)
Retrieve relationships for a URL
Description
Retrieve relationships for a URL
Usage
get_url_relationships(
url_id = NULL,
relationship = NULL,
limit = NULL,
cursor = NULL,
...
)
Arguments
url_id |
URL or URL ID from VirusTotal |
relationship |
Type of relationship. See VirusTotal docs for options. |
limit |
Number of relationships to retrieve. Optional. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing URL relationships
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_url_relationships(url_id='http://www.google.com',
relationship='communicating_files')
## End(Not run)
Retrieve votes for a URL
Description
Retrieve votes for a URL
Usage
get_url_votes(url_id = NULL, limit = NULL, cursor = NULL, ...)
Arguments
url_id |
URL or URL ID from VirusTotal |
limit |
Number of votes to retrieve. Integer. Optional. Default is 10. |
cursor |
String for pagination. Optional. |
... |
Additional arguments passed to |
Value
list containing URL votes
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
get_url_votes(url_id='http://www.google.com')
## End(Not run)
Initialize rate limiting state
Description
Initialize rate limiting state
Usage
init_rate_limit()
Get IP Address Report
Description
Retrieves comprehensive analysis report for an IP address, including geolocation, ASN information, DNS resolutions, and detected URLs.
Usage
ip_report(ip = NULL, ...)
Arguments
ip |
a valid IPv4 or IPv6 address. Required. |
... |
Additional arguments passed to |
Value
list containing IP analysis results including geolocation, ASN information, DNS resolutions, detected URLs, and threat intelligence
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
ip_report(ip="8.8.8.8")
ip_report(ip="2001:4860:4860::8888")
## End(Not run)
Check if API key is properly configured
Description
Verifies that the API key is set and appears to be valid format.
Usage
is_api_key_configured()
Value
Logical indicating if API key is configured
See Also
Other security:
sanitize_domain(),
sanitize_file_path(),
sanitize_hash(),
sanitize_ip(),
sanitize_url(),
security-utilities
Check if rate limiting is properly initialized
Description
Check if rate limiting is properly initialized
Usage
is_rate_limit_initialized()
Check if running in a safe environment
Description
Verifies that the package is running in an appropriate environment for security analysis work.
Usage
is_safe_environment()
Value
Logical indicating if environment is considered safe
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
format_file_size(),
utilities,
validate_vt_response(),
virustotal_info(),
virustotal_version()
Add a comment to an Internet domain
Description
Add a comment to an Internet domain
Usage
post_domain_comments(domain = NULL, comment = NULL, ...)
Arguments
domain |
domain name. Required. |
comment |
comment text. Required. Words starting with # become tags. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_domain_comments(domain = "https://google.com", comment = "Great!")
## End(Not run)
Add a vote for a hostname or domain
Description
Add a vote for a hostname or domain
Usage
post_domain_votes(domain = NULL, vote = NULL, ...)
Arguments
domain |
domain name. Required. |
vote |
vote. Required. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_domain_votes("http://google.com", vote = "malicious")
## End(Not run)
Add a comment to a file
Description
Add a comment to a file
Usage
post_file_comments(hash = NULL, comment = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
comment |
Comment text to add |
... |
Additional arguments passed to |
Value
list containing response data
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_file_comments(hash='99017f6eebbac24f351415dd410d522d',
comment='This file appears to be suspicious')
## End(Not run)
Add a vote to a file
Description
Add a vote to a file
Usage
post_file_votes(hash = NULL, verdict = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) |
verdict |
Vote verdict: "harmless" or "malicious" |
... |
Additional arguments passed to |
Value
list containing response data
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_file_votes(hash='99017f6eebbac24f351415dd410d522d', verdict='malicious')
## End(Not run)
Add a comment to an IP address
Description
Add a comment to an IP address
Usage
post_ip_comments(ip = NULL, comment = NULL, ...)
Arguments
ip |
IP address. Required. |
comment |
Comment. Required. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_ip_comments(ip = "64.233.160.0", comment = "test")
## End(Not run)
Add a vote for an IP address
Description
Add a vote for an IP address
Usage
post_ip_votes(ip = NULL, vote = NULL, ...)
Arguments
ip |
IP address. Required. |
vote |
vote. Required. |
... |
Additional arguments passed to |
Value
named list
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_ip_votes(ip = "64.233.160.0", vote = "malicious")
## End(Not run)
Add a comment to a URL
Description
Add a comment to a URL
Usage
post_url_comments(url_id = NULL, comment = NULL, ...)
Arguments
url_id |
URL or URL ID from VirusTotal |
comment |
Comment text to add |
... |
Additional arguments passed to |
Value
list containing response data
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_url_comments(url_id='http://www.google.com',
comment='This URL appears suspicious')
## End(Not run)
Add a vote to a URL
Description
Add a vote to a URL
Usage
post_url_votes(url_id = NULL, verdict = NULL, ...)
Arguments
url_id |
URL or URL ID from VirusTotal |
verdict |
Vote verdict: "harmless" or "malicious" |
... |
Additional arguments passed to |
Value
list containing response data
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
post_url_votes(url_id='http://www.google.com', verdict='harmless')
## End(Not run)
Print method for domain reports
Description
Print method for domain reports
Usage
## S3 method for class 'virustotal_domain_report'
print(x, ...)
Arguments
x |
A virustotal_domain_report object |
... |
Additional arguments (unused) |
Print method for VirusTotal errors
Description
Print method for VirusTotal errors
Usage
## S3 method for class 'virustotal_error'
print(x, ...)
Arguments
x |
A virustotal_error object |
... |
Additional arguments (unused) |
Print method for file reports
Description
Print method for file reports
Usage
## S3 method for class 'virustotal_file_report'
print(x, ...)
Arguments
x |
A virustotal_file_report object |
... |
Additional arguments (unused) |
Print method for VirusTotal responses
Description
Print method for VirusTotal responses
Usage
## S3 method for class 'virustotal_response'
print(x, ...)
Arguments
x |
A virustotal_response object |
... |
Additional arguments (unused) |
Rate Limiting for VirusTotal API
Description
Modern rate limiting implementation that properly manages API request limits. VirusTotal public API allows 4 requests per minute.
See Also
Other rate limiting:
get_rate_limit_status(),
rate_limit(),
reset_rate_limit()
Modern rate limiting implementation
Description
Uses a sliding window approach to track requests and enforce limits. This replaces the old environment variable-based approach.
Usage
rate_limit(force_wait = FALSE)
Arguments
force_wait |
Logical. If TRUE, will wait even if under limit |
Value
Invisible TRUE
See Also
Other rate limiting:
get_rate_limit_status(),
rate-limiting,
reset_rate_limit()
Request rescan of a domain
Description
Request a new analysis of a domain already in VirusTotal's database.
Returns an analysis ID for use with domain_report.
Usage
rescan_domain(domain = NULL, ...)
Arguments
domain |
Domain name to rescan. Required. |
... |
Additional arguments passed to |
Value
list containing analysis details and ID
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
domain_report for getting reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
# Request rescan of a domain
rescan_domain("google.com")
## End(Not run)
Request rescan of a file
Description
Request a new analysis of a file already present in VirusTotal's database.
Returns an analysis ID for use with file_report.
Usage
rescan_file(hash = NULL, ...)
Arguments
hash |
File hash (MD5, SHA1, or SHA256) or file ID. Required. |
... |
Additional arguments passed to |
Value
list containing analysis details and ID
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
rescan_file(hash='99017f6eebbac24f351415dd410d522d')
## End(Not run)
Request rescan of an IP address
Description
Request a new analysis of an IP address already in VirusTotal's database.
Returns an analysis ID for use with ip_report.
Usage
rescan_ip(ip = NULL, ...)
Arguments
ip |
IP address to rescan (IPv4 or IPv6). Required. |
... |
Additional arguments passed to |
Value
list containing analysis details and ID
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
ip_report for getting reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
# Request rescan of an IPv4 address
rescan_ip("8.8.8.8")
# Request rescan of an IPv6 address
rescan_ip("2001:4860:4860::8888")
## End(Not run)
Request rescan of a URL
Description
Request a new analysis of a URL already present in VirusTotal's database.
Returns an analysis ID for use with url_report.
Usage
rescan_url(url_id = NULL, ...)
Arguments
url_id |
URL or URL ID (base64 encoded URL without padding). Required. |
... |
Additional arguments passed to |
Value
list containing analysis details and ID
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
url_report for getting reports
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
# Request rescan using URL
rescan_url("http://www.google.com")
# Request rescan using URL ID
rescan_url("687474703a2f2f7777772e676f6f676c652e636f6d2f")
## End(Not run)
Reset rate limiting state
Description
Clears all rate limiting history. Useful for testing.
Usage
reset_rate_limit()
See Also
Other rate limiting:
get_rate_limit_status(),
rate-limiting,
rate_limit()
Sanitize domain input
Description
Validates and sanitizes domain names to prevent injection attacks while allowing legitimate domain analysis.
Usage
sanitize_domain(domain)
Arguments
domain |
Character string representing a domain name |
Value
Sanitized domain or throws error if invalid
See Also
Other security:
is_api_key_configured(),
sanitize_file_path(),
sanitize_hash(),
sanitize_ip(),
sanitize_url(),
security-utilities
Sanitize file path input
Description
Validates and sanitizes file paths to prevent directory traversal attacks and ensure safe file operations.
Usage
sanitize_file_path(file_path, allow_relative = FALSE)
Arguments
file_path |
Character string representing a file path |
allow_relative |
Logical. Allow relative paths. Default: FALSE. |
Value
Sanitized file path or throws error if invalid
See Also
Other security:
is_api_key_configured(),
sanitize_domain(),
sanitize_hash(),
sanitize_ip(),
sanitize_url(),
security-utilities
Sanitize hash input
Description
Validates hash inputs to ensure they conform to expected formats (MD5, SHA1, SHA256) and contain only valid hexadecimal characters.
Usage
sanitize_hash(hash)
Arguments
hash |
Character string representing a file hash |
Value
Sanitized hash or throws error if invalid
See Also
Other security:
is_api_key_configured(),
sanitize_domain(),
sanitize_file_path(),
sanitize_ip(),
sanitize_url(),
security-utilities
Sanitize IP address input
Description
Validates IP addresses (IPv4 and IPv6) and checks for private ranges that shouldn't be submitted to VirusTotal.
Usage
sanitize_ip(ip)
Arguments
ip |
Character string representing an IP address |
Value
Sanitized IP address or throws error if invalid
See Also
Other security:
is_api_key_configured(),
sanitize_domain(),
sanitize_file_path(),
sanitize_hash(),
sanitize_url(),
security-utilities
Sanitize URL input
Description
Validates and sanitizes URLs to prevent malicious inputs while preserving legitimate URLs for analysis.
Usage
sanitize_url(url)
Arguments
url |
Character string representing a URL |
Value
Sanitized URL or throws error if invalid
See Also
Other security:
is_api_key_configured(),
sanitize_domain(),
sanitize_file_path(),
sanitize_hash(),
sanitize_ip(),
security-utilities
Submit a file for scanning
Description
Uploads a file to VirusTotal for malware analysis using the v3 API.
Usage
scan_file(file_path, ...)
Arguments
file_path |
Required; Path to the file to be scanned |
... |
Additional arguments passed to |
Value
A virustotal_file_scan object with analysis ID and links
References
https://docs.virustotal.com/reference/files-scan
See Also
set_key for setting the API key,
file_report for retrieving scan results
Examples
## Not run:
# Set API key first
set_key('your_api_key_here')
# Scan a file
result <- scan_file(file_path = 'suspicious_file.exe')
print(result)
## End(Not run)
Submit URL for scanning
Description
Submit a URL for analysis. Returns analysis details including an ID that
can be used to retrieve the report using url_report
Usage
scan_url(url = NULL, ...)
Arguments
url |
URL to scan; string; required |
... |
Additional arguments passed to |
Value
list containing analysis details and ID
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
scan_url("http://www.google.com")
## End(Not run)
Security Utilities for VirusTotal Package
Description
Security functions for input sanitization and validation to prevent common security issues when working with potentially malicious inputs.
See Also
Other security:
is_api_key_configured(),
sanitize_domain(),
sanitize_file_path(),
sanitize_hash(),
sanitize_ip(),
sanitize_url()
Set VirusTotal API Key
Description
Stores your VirusTotal API key in an environment variable for use by other package functions. Get your API key from https://www.virustotal.com/.
Usage
set_key(api_key = NULL)
Arguments
api_key |
VirusTotal API key (character string). Required. |
Value
Invisibly returns TRUE on success
References
https://docs.virustotal.com/reference
Examples
## Not run:
# Set your API key
set_key('your_64_character_api_key_here')
# Verify it's set
Sys.getenv("VirustotalToken")
## End(Not run)
Summary method for VirusTotal responses
Description
Summary method for VirusTotal responses
Usage
## S3 method for class 'virustotal_response'
summary(object, ...)
Arguments
object |
A virustotal_response object |
... |
Additional arguments (unused) |
Get URL Report
Description
Retrieve a scan report for a given URL or URL ID from VirusTotal.
Usage
url_report(url_id = NULL, ...)
Arguments
url_id |
URL or URL ID from VirusTotal. String. Required. |
... |
Additional arguments passed to |
Value
list containing URL analysis results including scan details, detection information, and metadata
References
https://docs.virustotal.com/reference
See Also
set_key for setting the API key,
scan_url for submitting URLs
Examples
## Not run:
# Before calling the function, set the API key using set_key('api_key_here')
# Get report using URL
url_report("http://www.google.com")
# Get report using URL ID (base64 encoded URL without padding)
url_report("687474703a2f2f7777772e676f6f676c652e636f6d2f")
## End(Not run)
Utility Functions for VirusTotal Package
Description
Helper functions and utilities for the VirusTotal package.
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
format_file_size(),
is_safe_environment(),
validate_vt_response(),
virustotal_info(),
virustotal_version()
Simple input validation
Description
Basic input validation and sanitization for VirusTotal API calls. Replaces over-engineered security functions with simpler checks.
Usage
validate_input(input)
Arguments
input |
Character string to validate |
Value
Cleaned input string
Validate VirusTotal response structure
Description
Checks if a response from VirusTotal API has the expected structure.
Usage
validate_vt_response(response)
Arguments
response |
Response object from VirusTotal API |
Value
Logical indicating if response structure is valid
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
format_file_size(),
is_safe_environment(),
utilities,
virustotal_info(),
virustotal_version()
S3 Classes for VirusTotal Responses
Description
S3 classes to provide structured responses and better user experience when working with VirusTotal API results.
See Also
Other response classes:
virustotal_domain_report(),
virustotal_file_report(),
virustotal_file_scan(),
virustotal_ip_report(),
virustotal_url_scan()
VirusTotal API Error Classes
Description
Custom error classes for structured error handling in the virustotal package.
See Also
Other error handling:
virustotal_auth_error(),
virustotal_check(),
virustotal_error(),
virustotal_rate_limit_error(),
virustotal_validation_error()
Base POST AND GET functions. Not exported.
Description
GET for the Current V3 API
Usage
virustotal_GET(path, query = list(), key = Sys.getenv("VirustotalToken"), ...)
Arguments
path |
path to the specific API service url |
query |
query list |
key |
A character string containing Virustotal API Key.
Default: |
... |
Additional arguments passed to |
Value
list
POST for the Current V3 API
Description
POST for the Current V3 API
Usage
virustotal_POST(
path,
body = NULL,
query = list(),
key = Sys.getenv("VirustotalToken"),
...
)
Arguments
path |
path to the specific API service url |
body |
request body (file upload or JSON data) |
query |
query list |
key |
A character string containing Virustotal API Key.
Default: |
... |
Additional arguments passed to |
Value
list
Create an authentication error
Description
Create an authentication error
Usage
virustotal_auth_error(
message = "Invalid or missing API key",
call = sys.call(-1)
)
Arguments
message |
Error message |
call |
The calling function (automatically detected) |
Value
An error object of class virustotal_auth_error
See Also
Other error handling:
virustotal-errors,
virustotal_check(),
virustotal_error(),
virustotal_rate_limit_error(),
virustotal_validation_error()
Request Response Verification
Description
Enhanced error checking with structured error classes
Usage
virustotal_check(req)
Arguments
req |
HTTP response object from httr |
Value
Invisible NULL on success, throws structured errors on failure
See Also
Other error handling:
virustotal-errors,
virustotal_auth_error(),
virustotal_error(),
virustotal_rate_limit_error(),
virustotal_validation_error()
Create a VirusTotal domain report
Description
Create a VirusTotal domain report
Usage
virustotal_domain_report(data)
Arguments
data |
Raw API response data |
Value
Object of class virustotal_domain_report
See Also
Other response classes:
virustotal-classes,
virustotal_file_report(),
virustotal_file_scan(),
virustotal_ip_report(),
virustotal_url_scan()
Create a VirusTotal API error
Description
Create a VirusTotal API error
Usage
virustotal_error(
message,
status_code = NULL,
response = NULL,
call = sys.call(-1)
)
Arguments
message |
Error message |
status_code |
HTTP status code |
response |
Full HTTP response object |
call |
The calling function (automatically detected) |
Value
An error object of class virustotal_error
See Also
Other error handling:
virustotal-errors,
virustotal_auth_error(),
virustotal_check(),
virustotal_rate_limit_error(),
virustotal_validation_error()
Create a VirusTotal file report
Description
Create a VirusTotal file report
Usage
virustotal_file_report(data)
Arguments
data |
Raw API response data |
Value
Object of class virustotal_file_report
See Also
Other response classes:
virustotal-classes,
virustotal_domain_report(),
virustotal_file_scan(),
virustotal_ip_report(),
virustotal_url_scan()
Create a VirusTotal file scan result
Description
Create a VirusTotal file scan result
Usage
virustotal_file_scan(data)
Arguments
data |
Raw API response data |
Value
Object of class virustotal_file_scan
See Also
Other response classes:
virustotal-classes,
virustotal_domain_report(),
virustotal_file_report(),
virustotal_ip_report(),
virustotal_url_scan()
Print package information and configuration status
Description
Print package information and configuration status
Usage
virustotal_info()
Value
Invisible NULL
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
format_file_size(),
is_safe_environment(),
utilities,
validate_vt_response(),
virustotal_version()
Create a VirusTotal IP report
Description
Create a VirusTotal IP report
Usage
virustotal_ip_report(data)
Arguments
data |
Raw API response data |
Value
Object of class virustotal_ip_report
See Also
Other response classes:
virustotal-classes,
virustotal_domain_report(),
virustotal_file_report(),
virustotal_file_scan(),
virustotal_url_scan()
Create a rate limit error
Description
Create a rate limit error
Usage
virustotal_rate_limit_error(
message = "Rate limit exceeded",
retry_after = 60,
call = sys.call(-1)
)
Arguments
message |
Error message |
retry_after |
Number of seconds to wait before retry |
call |
The calling function (automatically detected) |
Value
An error object of class virustotal_rate_limit_error
See Also
Other error handling:
virustotal-errors,
virustotal_auth_error(),
virustotal_check(),
virustotal_error(),
virustotal_validation_error()
Create a VirusTotal URL scan result
Description
Create a VirusTotal URL scan result
Usage
virustotal_url_scan(data)
Arguments
data |
Raw API response data |
Value
Object of class virustotal_url_scan
See Also
Other response classes:
virustotal-classes,
virustotal_domain_report(),
virustotal_file_report(),
virustotal_file_scan(),
virustotal_ip_report()
Create a validation error
Description
Create a validation error
Usage
virustotal_validation_error(
message,
parameter = NULL,
value = NULL,
call = sys.call(-1)
)
Arguments
message |
Error message |
parameter |
The parameter that failed validation |
value |
The invalid value |
call |
The calling function (automatically detected) |
Value
An error object of class virustotal_validation_error
See Also
Other error handling:
virustotal-errors,
virustotal_auth_error(),
virustotal_check(),
virustotal_error(),
virustotal_rate_limit_error()
Get package version information
Description
Get package version information
Usage
virustotal_version()
Value
Character string with package version
See Also
Other utilities:
cleanup_temp_files(),
create_safe_temp_dir(),
format_file_size(),
is_safe_environment(),
utilities,
validate_vt_response(),
virustotal_info()