{"id":18735465,"url":"https://github.com/virustotal/vt-ida-plugin","last_synced_at":"2026-02-04T11:22:22.629Z","repository":{"id":45069666,"uuid":"201485283","full_name":"VirusTotal/vt-ida-plugin","owner":"VirusTotal","description":"Official VirusTotal plugin for IDA Pro","archived":false,"fork":false,"pushed_at":"2025-08-28T14:38:25.000Z","size":2986,"stargazers_count":162,"open_issues_count":2,"forks_count":24,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-08-28T21:46:42.920Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VirusTotal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-09T14:41:08.000Z","updated_at":"2025-08-28T14:56:04.000Z","dependencies_parsed_at":"2023-11-27T16:47:37.026Z","dependency_job_id":"3f514f89-612d-4032-a448-6a333a63157d","html_url":"https://github.com/VirusTotal/vt-ida-plugin","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/VirusTotal/vt-ida-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fvt-ida-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fvt-ida-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fvt-ida-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fvt-ida-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VirusTotal","download_url":"https://codeload.github.com/VirusTotal/vt-ida-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fvt-ida-plugin/sbom","scorecard":{"id":148427,"data":{"date":"2025-08-11","repo":{"name":"github.com/VirusTotal/vt-ida-plugin","commit":"5600f0fbe0778f288917dbe6b240ec9d33aeaf0a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.10 not signed: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/43125221","Warn: release artifact v0.9 not signed: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/24473231","Warn: release artifact v0.8 not signed: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/24126850","Warn: release artifact v0.10 does not have provenance: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/43125221","Warn: release artifact v0.9 does not have provenance: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/24473231","Warn: release artifact v0.8 does not have provenance: https://api.github.com/repos/VirusTotal/vt-ida-plugin/releases/24126850"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T09:56:42.190Z","repository_id":45069666,"created_at":"2025-08-16T09:56:42.190Z","updated_at":"2025-08-16T09:56:42.190Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275047950,"owners_count":25396337,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T15:17:11.075Z","updated_at":"2026-02-04T11:22:22.622Z","avatar_url":"https://github.com/VirusTotal.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VirusTotal Plugin for IDA Pro\n\nThis is the official VirusTotal plugin for Hex-Rays IDA Pro. It seamlessly integrates VirusTotal's powerful analysis capabilities directly into your reverse engineering workflow.\n\nThe plugin offers two core functionalities:\n1.  **Code Similarity Search**: Perform advanced searches for code, bytes, and strings across VirusTotal's massive dataset directly from IDA's disassembly and strings views.\n\n![Code Similarity Visualization](images/function.gif)\n\n2.  **Code Insight Notebook**: Leverage VirusTotal's Code Insight to get summaries and descriptions of functions. Keep track of your findings in a persistent, shareable notebook within the IDA sidebar.\n\n![Code Insight Notebook Visualization](images/main_window_menu.png)\n\n## Features\n\n### Code Insight Notebook\n\nThe Code Insight Notebook is a powerful feature that lives in its own dockable panel (`View -\u003e Open subviews -\u003e VirusTotal`).\n\n- **Code Insight Analysis**: Request an AI-generated summary and detailed description for any function (disassembled or decompiled).\n- **Persistent Workspace**: All analyses are saved in a \"notebook\" that can be loaded again across IDA sessions.\n- **Edit and Refine**: You can edit the AI-generated analysis to correct it or add your own insights.\n- **Automatic Commenting**: Automatically populate IDA's function comments with the analysis summary for all functions in your notebook.\n- **Import/Export**: Share your analysis with colleagues by exporting the notebook to a JSON file, or import one to get up to speed on a shared binary.\n\n### Code Similarity Search (Right-Click Context Menu)\n\nFrom the **Disassembly View**:\n\n- **Search for bytes**: Performs a raw byte search in VirusTotal for the selected sequence.\n- **Search for similar code**: Searches for functionally similar code by wildcarding memory addresses and offsets.\n- **Search for similar code (strict)**: A more aggressive version of the above that also wildcards all immediate values (constants).\n- **Search for similar functions**: Automatically detects the boundaries of the current function and searches for similar functions, so you don't have to select it manually.\n\nFrom the **Strings View**:\n\n- **Search for string**: Searches for the selected string(s) in VirusTotal.\n\n## Requirements\n\n- **IDA Pro**: Tested with versions 8 or newer. Please note that IDA Pro v9.2+ requires PySide6.\n- **Python**: Use Python Version 3.x with the requests module. Version 3.9 and later are recommended.\n- **VirusTotal API Key**: A valid VirusTotal API key is **required** for using Code Insight. VTGrep searches rely on an active VirusTotal Enterprise session in your web browser.\n\n## Installation\n\n1.  Install the `requests` module for Python:\n    ```bash\n    $ pip install requests\n    ```\n2.  Copy the entire `plugins/virustotal` directory into your IDA Pro plugins folder.\n\n| OS      | Default Plugin Path             |\n| ------- | ------------------------------- |\n| Linux   | `/opt/ida-pro-X.X/plugins`      |\n| macOS   | `~/.idapro/plugins`             |\n| Windows | `%ProgramFiles%\\IDA Pro X.X\\plugins`|\n\n3.  Start IDA Pro.\n\n## Configuration\n\n### First-Time Run\n\nOn the first run, the plugin will ask for your consent to automatically upload samples to VirusTotal. This choice is saved in a configuration file.\n\n- **OK**: Agree to the terms and enable automatic uploads for files not found on VirusTotal.\n- **No**: Disable automatic uploads.\n- **Cancel**: Disable the plugin for the current session.\n\n### API Key\n\nTo use the **Code Insight** features, you must add your VirusTotal API key to the configuration file:\n\n1.  Locate the configuration file: `[USER_IDA_DIR]/plugins/virustotal/config.py`\n2.  Open the file and add your key:\n    ```ini\n    API_KEY = 'YOUR_VT_API_KEY_HERE'\n    ```\n\nThe plugin creates a `virustotal.conf` file in your user IDA directory (e.g., `%APPDATA%\\Hex-Rays\\IDA Pro` on Windows or `~/.idapro` on macOS/Linux) to store your preferences.\n\n## Usage\n\n### Code Insight Notebook\n\n1.  Open the panel via `View -\u003e Open subviews -\u003e VirusTotal`.\n2.  In the IDA Disassembly or Decompiler view, place your cursor inside a function.\n3.  Right-click and select `VirusTotal -\u003e Ask Code Insight` or just click on the `Ask CI` button in the `Code Insight Notebook` panel.\n4.  The analysis will appear in the VirusTotal panel. You can now:\n    - Edit the summary or description.\n    - Click **Accept** to save the analysis (including your edits) to the notebook.\n    - Click **Discard** to remove the analysis.\n    - Click **Autocomment** to add all saved analyses as comments to their respective functions in IDA.\n\n### Code Similarity Search\n\n1.  In the Disassembly or Strings view, select a piece of code or a string.\n2.  Right-click and choose the desired search option under the `VirusTotal` menu.\n3.  A new tab will open in your default web browser with the VTGrep search results.\n\n### Usage examples\n\nIn this VirusTotal blog post, we use practical examples to demonstrate how to get the most out of the tool:\n\nhttps://blog.virustotal.com/2025/08/integrating-code-insight-into-reverse.html\n\n## Supported Architectures\n\nThe \"Search for similar code\" features are fully supported on the following processor architectures:\n- **Intel x86/x64** (metapc)\n- **ARM**\n\nWhile other architectures may work, they have not been officially tested. Raw byte and string searches work on all architectures.\n\nCheck IDA Pro's output window for any message that may need your attention.\n\n## Changelog\n\n- v1.08 : Added support for configuration via the IDA Pro plugin manager (kevimuoz).\n- v1.07 : Improved error handling, now CodeInsight works with other CPU architectures identified by IDA Pro.\n- v1.06 : Updated plugin metadata to support HCLI Plugin Manager ecosystem.\n- v1.05 : Fixes crash when Code Insight returns an invalid response.\n- v1.04 : Fixes issue that left IDA hanging while a query was being performed.\n- v1.03 : BUG fixed (wrongly showing an invalid api key msg).\n- v1.02 : Added support for IDA Pro 9.2\n- v1.00 : Added Code Insight panel.\n- v0.11 : Added support for IDA Pro 8.x\n- v0.10 : Initial release.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirustotal%2Fvt-ida-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvirustotal%2Fvt-ida-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirustotal%2Fvt-ida-plugin/lists"}