- Users can register for an account using their email, password, and full name.
- After registration, an email confirmation is sent to the user's email address using SMTP.
- Users must confirm their email before logging in.
- Secure login with JWT-based authentication.
- Passwords are securely hashed and never stored in plain text.
- Authenticated users can access all features of the app.
- The app uses SMTP to send confirmation emails to new users.
- You must configure SMTP credentials (host, port, username, password, and sender email) in your environment variables for this feature to work.
- Example SMTP providers: Gmail, Outlook, SendGrid, etc.
For any questions, feedback, or support, please contact:
Email: vtotalchecker@gmail.com
A modern, full-stack web application for checking the security status of domains, IP addresses, and file hashes using the VirusTotal API v3, Vectara RAG, and Anthropic Claude LLM. Built with FastAPI, Python, HTML, CSS, and JavaScript. Now includes AI-powered enrichment, RAG search, and color-coded UI for enhanced security insights.
- Features
- Tech Stack
- Installation
- Usage
- API Endpoints
- Validation & Security
- User Guidance
- Screenshots
- Contributing
- License
- Select Type: Choose whether you want to check a Domain, IP Address, or File Hash from the dropdown menu.
- Enter Value: Input the domain name (e.g., example.com), IP address, or file hash (MD5, SHA1, or SHA256).
- For IP research, you can enter either a plain IPv4 address (e.g., "192.0.2.1") or an IPv4 address with CIDR notation (e.g., "192.0.2.0/24").
- Check Security: Click the "Check Security" button to analyze the input using VirusTotal, Vectara, and Claude LLM.
- View Results:
- See the overall status (Malicious, Suspicious, Harmless, Undetected) with color-coded badges.
- Review detection statistics and a progress bar for a quick overview.
- Filter vendor results by threat category using the provided buttons.
- View an AI-enriched summary generated by Claude LLM, with key security terms highlighted in color.
- See relevant RAG (Retrieval-Augmented Generation) snippets from Vectara for deeper context.
- Click the link to view the full VirusTotal report for more details.
- Download the JSON or plain text report for your records.
- Vectara RAG Search: Use the Vectara RAG search box to ask questions or search across uploaded reports for additional intelligence.
- API Quota: If available, your remaining VirusTotal API quota is displayed at the bottom of the results.
Note: No user data is stored or logged. For best security, always use your own API keys and deploy over HTTPS.
- Check domains, IP addresses, and file hashes for security status (malicious, suspicious, harmless, undetected)
- AI-powered summary using Anthropic Claude LLM, with color-coded highlights for key security terms
- Retrieval-Augmented Generation (RAG) search using Vectara: see relevant snippets and search across uploaded reports
- Upload VirusTotal reports to Vectara for future RAG/search
- Detailed vendor analysis with filtering by threat category
- Detection statistics with colored badges and progress bars
- Last analysis date and direct link to full VirusTotal report
- Downloadable JSON and plain text reports for each lookup
- User-friendly, modern UI with Bootstrap and custom styles
- API usage quota display (if available)
- Robust error handling and user feedback for all enrichment features
- Backend: FastAPI (Python 3.9+), Pydantic, httpx, Anthropic SDK
- Frontend: HTML, CSS, Vanilla JS, Bootstrap
- API Integration: VirusTotal API v3, Vectara API, Anthropic Claude LLM
- Validation: Pydantic models and custom validators
- Deployment: GitHub, Heroku (or any cloud platform)
- Clone the repository:
git clone https://github.com/Sandhya80/hello_world_fastapi.git
cd hello_world_fastapi- Install dependencies:
pip install -r requirements.txt-
Set up environment variables:
- Create a
.envfile in the project root:
- Create a
VT_API_KEY=your_virustotal_api_key_here
VECTARA_API_KEY=your_vectara_api_key_here
VECTARA_CUSTOMER_ID=your_vectara_customer_id # (numeric, e.g. 1234)
VECTARA_CORPUS_ID=your_vectara_corpus_id # (numeric, e.g. 4)
ANTHROPIC_API_KEY=your_anthropic_api_key_here- Run the application:
uvicorn main:app --reload- Open your browser and visit:
- http://localhost:8000/ for the local web interface
- http://localhost:8000/docs for local API docs (Swagger UI)
- https://virustotal-security-checker-1ba82364afaa.herokuapp.com/ for the deployed web app on Heroku
-
Build the Docker image:
docker build -t virustotal-security-checker . -
Run the container:
docker run -d -p 8000:8000 --env-file .env virustotal-security-checker
-
Access the app:
- Open http://localhost:8000/ in your browser.
Note: You may need to create a Dockerfile if not present. Example:
FROM python:3.10-slim
WORKDIR /app
COPY . .
RUN pip install --no-cache-dir -r requirements.txt
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]-
Install Azure CLI and login:
az login
-
Create a resource group and App Service plan:
az group create --name myResourceGroup --location eastus az appservice plan create --name myPlan --resource-group myResourceGroup --sku B1 --is-linux
-
Create the Web App:
az webapp create --resource-group myResourceGroup --plan myPlan --name <your-app-name> --runtime "PYTHON|3.10"
-
Deploy your code:
az webapp deploy --resource-group myResourceGroup --name <your-app-name> --src-path .
-
Set environment variables:
az webapp config appsettings set --resource-group myResourceGroup --name <your-app-name> --settings @.env
-
Browse to your app:
- Visit
https://<your-app-name>.azurewebsites.net/
- Visit
Note: For production, consider using Azure Container Apps or Azure Web App for Containers for Docker-based deployment.
- Claude LLM Test:
python test/test_claude.py— Standalone test for Anthropic Claude API integration.
- Vectara Upload/Search Test:
python test/test_vectara.py— Standalone test for Vectara upload and search integration.
| Method | Endpoint | Description |
|---|---|---|
| GET | / | Home page (web UI) |
| GET | /research_domain | Check domain security status |
| GET | /research_ip | Check IP address reputation |
| GET | /research_hash | Check file hash against VirusTotal |
| POST | /vectara/upload_report | Upload a text report to Vectara corpus |
| POST | /vectara/search | Search the Vectara corpus for relevant docs |
| GET | /download_report_text | Download VirusTotal report as plain text |
| POST | /items/{item_id} | (Demo) Create a new item |
| GET | /items/{item_id} | (Demo) Get item by ID |
| PUT | /items/{item_id} | (Demo) Update item |
| DELETE | /items/{item_id} | (Demo) Delete item |
- All user inputs are validated using Pydantic models and regex patterns.
- API keys are stored in a
.envfile (never committed to version control). - No user data is stored or logged.
- HTTPS is recommended for deployment.
- Claude LLM summaries and Vectara RAG results are shown in the UI with color-coded highlights for key security terms (malicious, suspicious, harmless, etc.).
- All enrichment features (VirusTotal, Vectara, Claude) are robustly error-handled and provide user feedback.
- The UI includes a security-themed GIF next to the title for a modern look (see
static/images/CyberSecurity.gif). - All features are designed to work together without breaking existing functionality.
Contributions are welcome! Please open issues or submit pull requests for improvements.
This project is licensed under the MIT License.
See the LICENSE file for details.