? Detect It Easy (DiE)
Detect It Easy (DiE) is a powerful tool for file type identification, popular among malware analysts, cybersecurity experts, and reverse engineers worldwide. Supporting both signature-based and heuristic analysis, DiE enables efficient file inspections across a broad range of platforms, including Windows, Linux, and MacOS. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.
Getting Started
- ? Download release
- ? Download dev/beta
- DIE API Library (for Developers)
- ? Changelog
- Contribute to Translations
Why Use Detect It Easy?
Detect It Easy’s flexible signature system and scripting capabilities make it an essential tool for malware analysis and digital forensics. With traditional static analyzers often limited in scope and prone to false positives, DiE’s customizable design enables precise integration of new detection logic, ensuring reliable results across diverse file types.
Key Advantages:
- Flexible Signature Management: Easily create, modify, and optimize signatures.
- Cross-Platform Support: Runs on Windows, Linux, and MacOS.
- Minimal False Positives: Combined signature and heuristic analysis ensures high detection accuracy.
? Supported File Types
Detect It Easy supports a wide range of executable and archive types, including:
- PE (Portable Executable format for Windows)
- ELF (Executable and Linkable Format for Linux)
- APK (Android Application Package)
- IPA (iOS Application Package)
- JAR (Java Archive)
- ZIP (Compressed archives)
- DEX (Dalvik Executable for Android)
- MS-DOS (MS-DOS executable files)
- COM (Simple executable format for DOS)
- LE/LX (Linear Executable for OS/2)
- MACH (Mach-O files for MacOS)
- NPM (JavaScript packages)
- Amiga (Executable format for Amiga computers)
- Binary (Other unclassified files)
Unknown formats undergo heuristic analysis, providing identification for both known and unrecognized files.
? Key Features
- Flexible Signature Management: Define or modify detection signatures.
- Scripted Detection: Use a JavaScript-like scripting language for custom detection algorithms.
- Cross-Platform Compatibility: Available for Windows, Linux, and MacOS.
- Reduced False Positives: Combines signature and heuristic scanning for accuracy.
? Installation
? Install via Package Managers
- Windows: Chocolatey
- Linux:
- Parrot OS: Package name
detect-it-easy
- Arch Linux: AUR package detect-it-easy-git
- openSUSE: OBS
- REMnux: Malware analysis distribution
NOTE: Use Detect It Easy bot via Telegram to quickly check files: @detectiteasy_bot
Build from Source
See the BUILD.md for detailed instructions.
? Docker Installation
Run DiE in a Docker container:
git clone --recursive https://github.com/horsicq/Detect-It-Easy
cd Detect-It-Easy/
docker build . -t horsicq:diec
Usage
Detect It Easy offers three versions:
- die - Graphical interface.
- diec - Command-line version for batch processing.
- diel - Lightweight GUI version.
For detailed usage, refer to the RUN.md.
? Example Use Cases
- Malware Analysis: Identify file types, packers, or protections.
- Security Audits: Determine executable file types and potential security risks.
- Software Forensics: Inspect software components and validate compliance.
? Special Thanks
Thanks to all contributors!
Thanks to PELock Software Protection & Reverse Engineering