mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

New README

Browse source
This commit is contained in:
DosX 2024-11-03 14:36:35 +03:00
commit c881fbf9f2
4 changed files with 197 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

155
README.md
View file

@ -1,80 +1,96 @@
# 🔍 Detect It Easy (DiE)
[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=NF3FBD3KHMXDN)
[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/horsicq/DIE-engine.svg)](http://ntinfo.biz)
[![GitHub All Releases](https://img.shields.io/github/downloads/horsicq/DIE-engine/total.svg)](http://ntinfo.biz)
[![gitlocalized ](https://gitlocalize.com/repo/4736/whole_project/badge.svg)](https://github.com/horsicq/XTranslation)
[![OS Linux](https://img.shields.io/badge/os-linux-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
[![OS Windows](https://img.shields.io/badge/os-windows-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
[![OS MacOS](https://img.shields.io/badge/os-macos-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
**Detect It Easy (DiE)** is a powerful tool for file type identification, popular among **malware analysts**, **cybersecurity experts**, and **reverse engineers** worldwide. Supporting both **signature-based** and **heuristic analysis**, DIE enables efficient file inspections across a broad range of platforms, including **Windows, Linux, and MacOS**. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.
# Detect It Easy
> ### 🔗 Let's get started!
>
> - **[💎 Download release](https://github.com/horsicq/DIE-engine/releases)**
> - **[🧱 Download dev/beta](https://github.com/horsicq/Detect-It-Easy/releases/tag/Beta)**
> - **[🔩 DIE API Library (for Developers)](https://github.com/horsicq/die_library)**
> - [📋 Changelog](https://github.com/horsicq/Detect-It-Easy/blob/master/changelog.txt)
> - [💬 Contribute to Translations](https://github.com/horsicq/XTranslation)
>
> ![Screenshot](docs/1.png)
> * ### [DOWNLOAD **RELEASE**](https://github.com/horsicq/DIE-engine/releases)
> * ### [DOWNLOAD **DEV**/**BETA**](https://github.com/horsicq/Detect-It-Easy/releases/tag/Beta)
> * #### [DIE API Library (for developers)](https://github.com/horsicq/die_library)
---
- Changelog: https://github.com/horsicq/Detect-It-Easy/blob/master/changelog.txt
## 💡 Why use Detect It Easy?
You can help with translation: https://github.com/horsicq/XTranslation
Detect It Easys **flexible signature system** and **scripting capabilities** make it an essential tool for **malware analysis** and **digital forensics**. With traditional static analyzers often limited in scope and prone to false positives, DIEs customizable design enables precise integration of new detection logic, ensuring reliable results across diverse file types.
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/1.png "1")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/2.png "2")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/3.png "3")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/4.png "4")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/5.png "5")
![Screenshot](docs/2.png)
**Detect It Easy**, or abbreviated "DIE" is a program for determining types of files.
### Key Advantages:
DIE is a cross-platform application, apart from Windows version there are also
available versions for Linux and Mac OS.
- **Flexible Signature Management**: DIEs open architecture allows users to easily create, modify, and optimize signatures, making it adaptable for unique analysis needs.
- **Cross-Platform Support**: Runs seamlessly on Windows, Linux, and MacOS, offering native compatibility for a wide range of OS environments. This flexibility allows it to be deployed across multiple systems, providing a universal solution for analysts.
- **Minimal False Positives**: Combined signature and heuristic analysis ensures reliable detection accuracy, minimizing the potential for false positives in scanning.
Many programs of the kind (PEID, PE tools) allow to use third-party signatures.
Unfortunately, those signatures scan only bytes by the pre-set mask, and it is
not possible to specify additional parameters. As the result, false triggering
often occur. More complicated algorithms are usually strictly set in the program
itself. Hence, to add a new complex detect one needs to recompile the entire
project. No one, except the authors themselves, can change the algorithm of
a detect. As time passes, such programs lose relevance without the constant support.
---
**Detect It Easy** has totally open architecture of signatures. You can easily
add your own algorithms of detects or modify those that already exist. This
is achieved by using scripts. The script language is very similar to JavaScript
and any person, who understands the basics of programming, will understand easily
how it works. Possibly, someone may decide the scripts are working very slow.
Indeed, scripts run slower than compiled code, but, thanks to the good optimization
of Script Engine, this doesn't cause any special inconvenience. The possibilities
of open architecture compensate these limitations.
## 📄 Supported File Types
DIE exists in three versions. Basic version ("die"), Lite version ("diel") and
console version ("diec"). All the three use the same signatures, which are located
in the folder "db". If you open this folder, nested sub-folders will be found
("Binary", "PE" and others). The names of sub-folders correspond to the types of files.
First, DIE determines the type of file, and then sequentially loads all the signatures,
which lie in the corresponding folder. Currently the program defines the following types:
DIE currently supports an extensive range of executable and archive types, making it highly versatile for different analytical contexts:
- MSDOS executable files MS-DOS
- PE executable files Windows
- ELF executable files Linux
- MACH executable files Mac OS
- Binary all other files
- **PE** (Portable Executable format for Windows)
- **ELF** (Executable and Linkable Format for Linux)
- **APK** (Android Application Package)
- **IPA** (iOS Application Package)
- **JAR** (Java Archive)
- **ZIP** (Compressed archives and similar formats)
- **DEX** (Dalvik Executable for Android)
- **MS-DOS** (MS-DOS executable files)
- **COM** (Simple executable format, often for DOS)
- **LE/LX** (Linear Executable for OS/2)
- **MACH** (Mach-O files for MacOS)
- **NPM** (JavaScript packages)
- **Amiga** (Executable format for Amiga computers)
- **Binary** (Other unclassified files)
# Installing
Unknown formats undergo heuristic analysis, providing identification for both known and unrecognized files. DIEs compatibility with lesser-known formats like **COM** and **DEX** further underscores its versatility in digital forensics and reverse engineering.
### Using installation packages
---
- Windows: [die](https://community.chocolatey.org/packages/die) on Chocolatey (Thanks [**chtof**](https://github.com/chtof) and [**Rob Reynolds**](https://github.com/ferventcoder))
- Parrot OS: Package name **detect-it-easy** (Thanks [**Nong Hoang Tu**](https://github.com/dmknght))
- Arch Linux: Aur package [detect-it-easy-git](https://aur.archlinux.org/packages/detect-it-easy-git/) (Thanks [**Arnaud Dovi**](https://github.com/class101))
- [REMnux](https://remnux.org): (Thanks [**REMnux team**](https://twitter.com/REMnux/status/1401935989266919426))
- openSUSE: [detect-it-easy](https://build.opensuse.org/package/show/home:mnhauke/detect-it-easy) (Thanks Martin Hauke)
## 🔑 Key Features
### Build from source
- **Flexible Signature Management**: With DIE, users can define their own detection signatures or modify existing ones to refine analysis results. This flexibility, along with DIEs **open signature architecture**, makes it highly adaptable for analyzing both common and rare file types.
- **Scripted Detection**: Custom detection algorithms can be created using DIEs JavaScript-like scripting language. This capability allows advanced users to perform specialized analyses, including deep unpacking and targeted detection routines tailored for complex or encrypted file structures.
Build instructions can be found in [BUILD.md](docs/BUILD.md).
- **Cross-Platform Compatibility**: DIE is available for Windows, Linux, and MacOS, with separate GUI and command-line (CLI) versions. This cross-platform support is essential for analysts working in different environments, allowing consistent functionality across systems.
### Docker install
- **Reduced False Positives**: DIE leverages a combination of signature and heuristic scanning to ensure high detection accuracy. This reduces the likelihood of false positives, which is especially important in scenarios where detection precision is critical.
You can also run DIE with [Docker](https://www.docker.com/community-edition)! Of course, this requires that you have git and Docker installed.
---
## 📥 Installation
### 📦 Install via Package Managers
You can download the program as a portable version from the list of releases. However, if you like the option of using Package Managers, you may want to consider this item.
- **Windows**: [Chocolatey](https://community.chocolatey.org/packages/die) (Thanks to [**chtof**](https://github.com/chtof) and [**Rob Reynolds**](https://github.com/ferventcoder))
- **Linux**:
- **Parrot OS**: Package name `detect-it-easy`
- **Arch Linux**: AUR package [detect-it-easy-git](https://aur.archlinux.org/packages/detect-it-easy-git/)
- **openSUSE**: [OBS](https://build.opensuse.org/package/show/home:mnhauke/detect-it-easy)
- **REMnux**: Malware analysis distribution
> [!NOTE]
> Don't have a computer nearby, but need to scan a file? Use **Detect It Easy** bot via **Telegram** to quickly check files through our server: [**@detectiteasy_bot**](https://t.me/detectiteasy_bot)
### ⚙️ Build from Source
For those who need to build DIE from source, see the [BUILD.md](docs/BUILD.md) for detailed instructions on setting up dependencies and compiling DIE across platforms.
### 🐳 Docker Installation
Easily run DIE in a Docker container, providing a secure, isolated environment for file analysis:
```bash
git clone --recursive https://github.com/horsicq/Detect-It-Easy
@ -82,28 +98,33 @@ cd Detect-It-Easy/
docker build . -t horsicq:diec
```
# Usage
---
### detect-it-easy has 3 variants
## 🖥️ Usage
- `die` GUI version
- `diec` console version
- `diel` GUI lite version
Detect It Easy offers three distinct versions to fit different usage scenarios:
Detailed usage instructions can be found in [RUN.md](docs/RUN.md).
- **die** - Graphical interface for intuitive analysis and easy navigation.
- **diec** - Command-line version designed for batch processing and automation, ideal for integration into larger forensic or analysis workflows.
- **diel** - Lightweight GUI version for environments with limited resources, still supporting most core features.
# Telegram Bot
For detailed usage and specific examples, refer to the [RUN.md](docs/RUN.md).
* ### [@detectiteasy_bot](https://t.me/detectiteasy_bot)
### 🔎 Example Use Cases
# Thanks to all the people who already contributed!
- **Malware Analysis**: DIEs detection capabilities allow for precise identification of file types, packers, or applied protections, a crucial first step in reverse engineering and malware analysis.
- **Security Audits**: DIE can quickly determine executable file types and any potential security risks within unknown files, useful in cybersecurity assessments and vulnerability analysis.
- **Software Forensics**: Analysts can use DIE to inspect software components, identify legacy binaries, or validate compliance in software packages.
## 🏆 Special Thanks
### Thanks to all the people who already contributed!
<a href="https://github.com/horsicq/Detect-It-Easy/graphs/contributors">
<img src="https://contrib.rocks/image?repo=horsicq/Detect-It-Easy" />
<img src="https://contrib.rocks/image?repo=horsicq/Detect-It-Easy" />
</a>
## Special Thanks
And thanks to [PELock Software Protection & Reverse Engineering](https://www.pelock.com)
- [PELock Software Protection & Reverse Engineering](https://www.pelock.com)
---
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/mascots/logo.png "Mascot")
![Mascot](mascots/logo.png)

109
README_OLD.md Normal file
View file

@ -0,0 +1,109 @@
[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=NF3FBD3KHMXDN)
[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/horsicq/DIE-engine.svg)](http://ntinfo.biz)
[![GitHub All Releases](https://img.shields.io/github/downloads/horsicq/DIE-engine/total.svg)](http://ntinfo.biz)
[![gitlocalized ](https://gitlocalize.com/repo/4736/whole_project/badge.svg)](https://github.com/horsicq/XTranslation)
[![OS Linux](https://img.shields.io/badge/os-linux-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
[![OS Windows](https://img.shields.io/badge/os-windows-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
[![OS MacOS](https://img.shields.io/badge/os-macos-brightgreen)](https://github.com/horsicq/DIE-engine/releases)
# Detect It Easy
> * ### [DOWNLOAD **RELEASE**](https://github.com/horsicq/DIE-engine/releases)
> * ### [DOWNLOAD **DEV**/**BETA**](https://github.com/horsicq/Detect-It-Easy/releases/tag/Beta)
> * #### [DIE API Library (for developers)](https://github.com/horsicq/die_library)
- Changelog: https://github.com/horsicq/Detect-It-Easy/blob/master/changelog.txt
You can help with translation: https://github.com/horsicq/XTranslation
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/1.png "1")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/2.png "2")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/3.png "3")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/4.png "4")
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/docs/5.png "5")
**Detect It Easy**, or abbreviated "DIE" is a program for determining types of files.
DIE is a cross-platform application, apart from Windows version there are also
available versions for Linux and Mac OS.
Many programs of the kind (PEID, PE tools) allow to use third-party signatures.
Unfortunately, those signatures scan only bytes by the pre-set mask, and it is
not possible to specify additional parameters. As the result, false triggering
often occur. More complicated algorithms are usually strictly set in the program
itself. Hence, to add a new complex detect one needs to recompile the entire
project. No one, except the authors themselves, can change the algorithm of
a detect. As time passes, such programs lose relevance without the constant support.
**Detect It Easy** has totally open architecture of signatures. You can easily
add your own algorithms of detects or modify those that already exist. This
is achieved by using scripts. The script language is very similar to JavaScript
and any person, who understands the basics of programming, will understand easily
how it works. Possibly, someone may decide the scripts are working very slow.
Indeed, scripts run slower than compiled code, but, thanks to the good optimization
of Script Engine, this doesn't cause any special inconvenience. The possibilities
of open architecture compensate these limitations.
DIE exists in three versions. Basic version ("die"), Lite version ("diel") and
console version ("diec"). All the three use the same signatures, which are located
in the folder "db". If you open this folder, nested sub-folders will be found
("Binary", "PE" and others). The names of sub-folders correspond to the types of files.
First, DIE determines the type of file, and then sequentially loads all the signatures,
which lie in the corresponding folder. Currently the program defines the following types:
- MSDOS executable files MS-DOS
- PE executable files Windows
- ELF executable files Linux
- MACH executable files Mac OS
- Binary all other files
# Installing
### Using installation packages
- Windows: [die](https://community.chocolatey.org/packages/die) on Chocolatey (Thanks [**chtof**](https://github.com/chtof) and [**Rob Reynolds**](https://github.com/ferventcoder))
- Parrot OS: Package name **detect-it-easy** (Thanks [**Nong Hoang Tu**](https://github.com/dmknght))
- Arch Linux: Aur package [detect-it-easy-git](https://aur.archlinux.org/packages/detect-it-easy-git/) (Thanks [**Arnaud Dovi**](https://github.com/class101))
- [REMnux](https://remnux.org): (Thanks [**REMnux team**](https://twitter.com/REMnux/status/1401935989266919426))
- openSUSE: [detect-it-easy](https://build.opensuse.org/package/show/home:mnhauke/detect-it-easy) (Thanks Martin Hauke)
### Build from source
Build instructions can be found in [BUILD.md](docs/BUILD.md).
### Docker install
You can also run DIE with [Docker](https://www.docker.com/community-edition)! Of course, this requires that you have git and Docker installed.
```bash
git clone --recursive https://github.com/horsicq/Detect-It-Easy
cd Detect-It-Easy/
docker build . -t horsicq:diec
```
# Usage
### detect-it-easy has 3 variants
- `die` GUI version
- `diec` console version
- `diel` GUI lite version
Detailed usage instructions can be found in [RUN.md](docs/RUN.md).
# Telegram Bot
* ### [@detectiteasy_bot](https://t.me/detectiteasy_bot)
# Thanks to all the people who already contributed!
<a href="https://github.com/horsicq/Detect-It-Easy/graphs/contributors">
<img src="https://contrib.rocks/image?repo=horsicq/Detect-It-Easy" />
</a>
## Special Thanks
- [PELock Software Protection & Reverse Engineering](https://www.pelock.com)
![alt text](https://github.com/horsicq/Detect-It-Easy/blob/master/mascots/logo.png "Mascot")

BIN
docs/1.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 287 KiB

Before After
Before After

BIN
docs/2.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 242 KiB

Before After
Before After