{"id":15044564,"url":"https://github.com/elastic/die-python","last_synced_at":"2025-04-05T15:03:02.933Z","repository":{"id":226507297,"uuid":"758270419","full_name":"elastic/die-python","owner":"elastic","description":"Native Python3 bindings for @horsicq's Detect-It-Easy","archived":false,"fork":false,"pushed_at":"2025-03-14T00:56:20.000Z","size":73,"stargazers_count":62,"open_issues_count":2,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-29T14:04:30.767Z","etag":null,"topics":["detect-it-easy","malware","malware-analysis","malware-research","python","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elastic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-16T00:33:44.000Z","updated_at":"2025-03-26T06:26:36.000Z","dependencies_parsed_at":"2024-03-08T00:23:14.279Z","dependency_job_id":"f78a6700-74fa-47b6-8b0b-4894526604d9","html_url":"https://github.com/elastic/die-python","commit_stats":{"total_commits":28,"total_committers":3,"mean_commits":9.333333333333334,"dds":0.3928571428571429,"last_synced_commit":"235d68b97c03b0b1cc5e315e3146db277b0a9857"},"previous_names":["calladoum-elastic/die-python","elastic/die-python"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastic%2Fdie-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastic%2Fdie-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastic%2Fdie-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastic%2Fdie-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elastic","download_url":"https://codeload.github.com/elastic/die-python/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247353729,"owners_count":20925329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detect-it-easy","malware","malware-analysis","malware-research","python","python3"],"created_at":"2024-09-24T20:50:43.920Z","updated_at":"2025-04-05T15:03:02.915Z","avatar_url":"https://github.com/elastic.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DetectItEasy-Python\n\n[![Python 3.8+](https://img.shields.io/pypi/v/die-python.svg)](https://pypi.org/project/die-python/)\n[![Downloads](https://static.pepy.tech/badge/die-python)](https://pepy.tech/project/die-python)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![Licence Apache2](https://img.shields.io/badge/License-Apache_2-blue)](https://github.com/elastic/die-python/blob/main/LICENSE)\n[![Build](https://github.com/elastic/die-python/actions/workflows/build.yml/badge.svg)](https://github.com/elastic/die-python/actions/workflows/build.yml)\n\nNative Python 3.8+ bindings for [@horsicq](https://github.com/horsicq/)'s [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy)\n\n\n## Install\n\n### From PIP\n\nThe easiest and recommended installation is through `pip`.\n\n```console\npip install die-python\n```\n\n### Using Git\n\n```console\ngit clone https://github.com/elastic/die-python\ncd die-python\n```\n\nInstall Qt into the `build`. It can be easily installed using [`aqt`](https://github.com/miurahr/aqtinstall) as follow (here with Qt version 6.7.3):\n\n```console\npython -m pip install aqtinstall --user -U\npython -m aqt install-qt -O ./build linux desktop 6.7.3 linux_gcc_64               # linux x64 only\npython -m aqt install-qt -O ./build linux_arm64 desktop 6.7.3 linux_gcc_arm64      # linux arm64 only\npython -m aqt install-qt -O ./build windows desktop 6.7.3 win64_msvc2019_64        # windows x64 only\npython -m aqt install-qt -O ./build mac desktop 6.7.3 clang_64                     # mac only\n```\n\nThen you can install the package\n\n```console\npython -m pip install . --user -U\n```\n\n\n## Quick start\n\n```python\nimport die, pathlib\n\nprint(die.scan_file(\"c:/windows/system32/ntdll.dll\", die.ScanFlags.DEEP_SCAN))\n'PE64'\n\nprint(die.scan_file(\"../upx.exe\", die.ScanFlags.RESULT_AS_JSON, str(die.database_path/'db') ))\n{\n    \"detects\": [\n        {\n            \"filetype\": \"PE64\",\n            \"parentfilepart\": \"Header\",\n            \"values\": [\n                {\n                    \"info\": \"Console64,console\",\n                    \"name\": \"GNU linker ld (GNU Binutils)\",\n                    \"string\": \"Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]\",\n                    \"type\": \"Linker\",\n                    \"version\": \"2.28\"\n                },\n                {\n                    \"info\": \"\",\n                    \"name\": \"MinGW\",\n                    \"string\": \"Compiler: MinGW\",\n                    \"type\": \"Compiler\",\n                    \"version\": \"\"\n                },\n                {\n                    \"info\": \"NRV,brute\",\n                    \"name\": \"UPX\",\n                    \"string\": \"Packer: UPX(4.24)[NRV,brute]\",\n                    \"type\": \"Packer\",\n                    \"version\": \"4.24\"\n                }\n            ]\n        }\n    ]\n}\n\nfor db in die.databases():\n    print(db)\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\ACE\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\APK\\PackageName.1.sg\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\APK\\SingleJar.3.sg\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\APK\\_APK.0.sg\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\APK\\_init\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\Archive\\_init\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\archive-file\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\arj\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\Binary\\Amiga loadable.1.sg\nC:\\Users\\User\\AppData\\Roaming\\Python\\Python312\\site-packages\\die\\db\\db\\Binary\\archive.7z.1.sg\n[...]\n```\n\n## Licenses\n\nReleased under Apache 2.0 License and integrates the following repositories:\n\n - [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy): MIT license\n - [die_library](https://github.com/horsicq/die_library): MIT license\n - [qt](https://github.com/qt/qt): LGPL license\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felastic%2Fdie-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felastic%2Fdie-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felastic%2Fdie-python/lists"}