vt-kvd 0.5.0

A VirusTotal GUI client

vt-kvd

• About
• Installing
  • vt-kvd itself
    • From PyPI
    • From sources
  • Dependencies
    • libmagic
• Configuration
• Running
  • User agent
  • Scanning directories
• Platforms
• 3rd-party
  • Requirements
  • Resources

About

A VirusTotal GUI client.

The application functionality is rather basic at the moment:

• getting files hashes and fetching existing reports from VirusTotal
  • displaying results in a table
  • openning a link to the full report
• uploading files for scanning isn't implemented

Installing

vt-kvd itself

From PyPI

$ pip install vt-kvd

From sources

$ cd /path/to/repository/
$ pip install ./

or:

$ cd /path/to/repository/
$ python -m build
$ pip install ./dist/vt_kvd-0.5.0-py3-none-any.whl

Dependencies

libmagic

All the dependencies are automatically installed with pip. But python-magic Python module expects libmagic to be present in the system. So if you will be scanning directories instead of individual files, then you will need to install this library using your system package manager:

• Mac OS (Homebrew): brew install libmagic
• GNU/Linux (APT): sudo apt install libmagic1
• Windows: the easiest will be to use alternative package instead of python-magic, because that one bundles required libmagic binary (and actually you can probably use that package on non-Windows platforms too):

  $ pip uninstall python-magic
  $ pip install python-magic-bin
  

Configuration

Config file ~/.config/vt-kvd/config.toml:

[API]
key = "YOUR-VIRUSTOTAL-API-KEY"

If the main config file is missing, it will try to fallback to vt-cli's config at ~/.vt.toml:

apikey="YOUR-VIRUSTOTAL-API-KEY"

Running

$ vt-kvd --help

User agent

The application uses platform module to compose the agent string which is sent to VirusTotal API on every request. The full value can look like this:

vt-kvd/0.5.0 macOS-12.6.1-x86_64-i386-64bit

It is not (yet?) configurable, but you should probably be aware of its existence anyway.

Scanning directories

It is possible to check not a single file but a directory. In that case in order to skip the files that are of no interest the application will scan the directory for suitable files by guessing their types based on magic numbers. This is not an absolutely reliable way, so it is recommended that you check the files of interest individually by explicitly providing their full paths one by one.

Another thing to consider is that VirusTotal API has a quota for standard free public accounts, and you can quickly exceed that quota by scanning directories instead of individual files.

Scanning directories is disabled by default. If you would like to enable it, launch the application with --enable-dir-scan. That will also require you to have libmagic binary installed in the system.

Platforms

Tested on:

• Mac OS:
  • 12.6.1, Intel
• Windows:
  • 10 21H1
  • 11 21H2
• GNU/Linux:
  • Ubuntu 22.04

3rd-party

Requirements

• Python 3.8 or later
• Dear PyGui - application window and UI controls
• pandas - processing results
• for detecting executables and libraries, either of these two:
  • python-magic (with libmagic to be installed separately from your system package manager)
    • installed by default
  • python-magic-bin (with bundled libmagic)
    • needs to be manually installed instead of the other one (which needs to be uninstalled)
• vt-py - VirusTotal API library

Resources

• JetBrains Mono font