VirusTotal Sidekick by hejay

VirusTotal Sidekick puts a "Check file with VirusTotal" item in your right-click menu for every link on the web. The point is to save you time on a workflow you already do by hand: download the file, switch to virustotal.com, find the upload form, drop the file in, wait. With VirusTotal Sidekick it's two clicks, and most checks finish before a manual upload would even start, because known files are recognised by their hash without ever leaving your machine.

How it works

Right-click a link and pick Check file with VirusTotal. A confirmation page shows you exactly which URL is about to be fetched, and nothing happens until you click Check. The extension then downloads the file, hashes it locally with SHA-256, and queries VirusTotal by hash. If the file is already known, you go straight to the analysis report. If it isn't, you can choose to upload the file for fresh analysis. The original URL is never sent in either case.

Privacy by default

VirusTotal Sidekick is designed to leak as little as possible:

• Only the file's SHA-256 hash is sent to VirusTotal during the lookup step.
• The original URL is never submitted. URLs can carry one-time tokens, presigned signatures, and session secrets that would otherwise become publicly visible on VirusTotal's community search.
• The filename sent with an upload is a fixed generic name (sample.bin). Path segments from the original URL, which can themselves contain object IDs or user identifiers, are never included.
• File contents are uploaded only when you explicitly click Upload File for Analysis.
• File downloads use credentials-omit mode, so your authenticated cookies aren't sent with the request.
• Recent lookup results are cached locally for 24 hours, so re-checking a file you've already seen is instant and costs no API quota.

Permissions

VirusTotal Sidekick installs with no broad host permissions. The first time you check a link from a given host, Firefox asks whether to grant access to that host. Subsequent files from the same host check without prompting. You build a per-host allow-list of the places you actually download from, and the extension never has standing access to sites you haven't intentionally granted.

Network safety

The extension refuses to fetch URLs pointing at the local network or reserved address ranges, including localhost, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, link-local addresses (including cloud metadata endpoints), CGNAT, and IPv6 equivalents. Both the link you click and the final destination after any redirects are checked against this blocklist. Cookies are not sent with file downloads.

What you'll need

• A free VirusTotal Community API key. Sign up at virustotal.com to get one.
• Paste the key into the extension's options on first install.

The public API allows 4 requests per minute and 500 per day, which is generous for personal use.

Limits

The public API caps uploads at 32 MB. Larger files can still be hash-checked, but not uploaded for fresh analysis.