{"id":13571217,"url":"https://github.com/horsicq/Detect-It-Easy","last_synced_at":"2025-04-04T07:33:21.224Z","repository":{"id":17583546,"uuid":"20387062","full_name":"horsicq/Detect-It-Easy","owner":"horsicq","description":"Program for determining types of files for Windows, Linux and MacOS.","archived":false,"fork":false,"pushed_at":"2024-11-04T12:12:25.000Z","size":14343,"stargazers_count":7521,"open_issues_count":25,"forks_count":729,"subscribers_count":174,"default_branch":"master","last_synced_at":"2024-11-04T12:32:40.226Z","etag":null,"topics":["binary-analysis","debugger","detect","detector","disassembler","elf","entropy","hacktoberfest","hacktoberfest2023","mach-o","macho","malware-analysis","malware-research","packer","pentest","program-analysis","reverse-engineering","scanner","static-analysis","unpacker"],"latest_commit_sha":null,"homepage":"http://ntinfo.biz","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/horsicq.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.txt","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"horsicq"}},"created_at":"2014-06-01T21:37:32.000Z","updated_at":"2024-11-04T12:30:17.000Z","dependencies_parsed_at":"2023-01-14T13:00:41.711Z","dependency_job_id":"4d943fab-8ef7-466f-957f-f206ca227d4a","html_url":"https://github.com/horsicq/Detect-It-Easy","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/horsicq%2FDetect-It-Easy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/horsicq%2FDetect-It-Easy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/horsicq%2FDetect-It-Easy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/horsicq%2FDetect-It-Easy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/horsicq","download_url":"https://codeload.github.com/horsicq/Detect-It-Easy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223111323,"owners_count":17089289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","debugger","detect","detector","disassembler","elf","entropy","hacktoberfest","hacktoberfest2023","mach-o","macho","malware-analysis","malware-research","packer","pentest","program-analysis","reverse-engineering","scanner","static-analysis","unpacker"],"created_at":"2024-08-01T14:00:59.923Z","updated_at":"2024-11-05T03:32:27.962Z","avatar_url":"https://github.com/horsicq.png","language":"JavaScript","funding_links":["https://github.com/sponsors/horsicq","https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=NF3FBD3KHMXDN"],"categories":["Reverse Engineering","Detection and Classification","JavaScript","File detectors","JavaScript (485)","Malware Reversing","static-analysis","Blue Team","Tools","Static Analysis Tools"],"sub_categories":["Reverse Engineering Tools","Other Resources","Static Analysis","Malware Analysis","Penetration Testing Report Templates","Windows","Satellite"],"readme":"# 🔍 Detect It Easy (DiE)\n\n[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=NF3FBD3KHMXDN)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/horsicq/DIE-engine.svg)](http://ntinfo.biz)\n[![GitHub All Releases](https://img.shields.io/github/downloads/horsicq/DIE-engine/total.svg)](http://ntinfo.biz)\n[![gitlocalized ](https://gitlocalize.com/repo/4736/whole_project/badge.svg)](https://github.com/horsicq/XTranslation)\n\n**Detect It Easy (DiE)** is a powerful tool for file type identification, popular among **malware analysts**, **cybersecurity experts**, and **reverse engineers** worldwide. Supporting both **signature-based** and **heuristic analysis**, DIE enables efficient file inspections across a broad range of platforms, including **Windows, Linux, and MacOS**. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.\n\n\u003e ### 🔗 Let's get started!\n\u003e \n\u003e - **[💎 Download release](https://github.com/horsicq/DIE-engine/releases)**\n\u003e - **[🧱 Download dev/beta](https://github.com/horsicq/Detect-It-Easy/releases/tag/Beta)**\n\u003e - **[🔩 DIE API Library (for Developers)](https://github.com/horsicq/die_library)**\n\u003e - [📋 Changelog](https://github.com/horsicq/Detect-It-Easy/blob/master/changelog.txt)\n\u003e - [💬 Contribute to Translations](https://github.com/horsicq/XTranslation)\n\u003e\n\u003e ![Screenshot](docs/1.png)\n\n---\n\n## 💡 Why use Detect It Easy?\n\nDetect It Easy’s **flexible signature system** and **scripting capabilities** make it an essential tool for **malware analysis** and **digital forensics**. With traditional static analyzers often limited in scope and prone to false positives, DIE’s customizable design enables precise integration of new detection logic, ensuring reliable results across diverse file types.\n\n![Screenshot](docs/2.png)\n\n### Key Advantages:\n\n- **Flexible Signature Management**: DIE’s open architecture allows users to easily create, modify, and optimize signatures, making it adaptable for unique analysis needs.\n- **Cross-Platform Support**: Runs seamlessly on Windows, Linux, and MacOS, offering native compatibility for a wide range of OS environments. This flexibility allows it to be deployed across multiple systems, providing a universal solution for analysts.\n- **Minimal False Positives**: Combined signature and heuristic analysis ensures reliable detection accuracy, minimizing the potential for false positives in scanning.\n\n---\n\n## 📄 Supported File Types\n\nDIE currently supports an extensive range of executable and archive types, making it highly versatile for different analytical contexts:\n\n- **PE** (Portable Executable format for Windows)\n- **ELF** (Executable and Linkable Format for Linux)\n- **APK** (Android Application Package)\n- **IPA** (iOS Application Package)\n- **JAR** (Java Archive)\n- **ZIP** (Compressed archives and similar formats)\n- **DEX** (Dalvik Executable for Android)\n- **MS-DOS** (MS-DOS executable files)\n- **COM** (Simple executable format, often for DOS)\n- **LE/LX** (Linear Executable for OS/2)\n- **MACH** (Mach-O files for MacOS)\n- **NPM** (JavaScript packages)\n- **Amiga** (Executable format for Amiga computers)\n- **Binary** (Other unclassified files)\n\nUnknown formats undergo heuristic analysis, providing identification for both known and unrecognized files. DIE’s compatibility with lesser-known formats like **COM** and **DEX** further underscores its versatility in digital forensics and reverse engineering.\n\n---\n\n## 🔑 Key Features\n\n- **Flexible Signature Management**: With DIE, users can define their own detection signatures or modify existing ones to refine analysis results. This flexibility, along with DIE’s **open signature architecture**, makes it highly adaptable for analyzing both common and rare file types.\n  \n- **Scripted Detection**: Custom detection algorithms can be created using DIE’s JavaScript-like scripting language. This capability allows advanced users to perform specialized analyses, including deep unpacking and targeted detection routines tailored for complex or encrypted file structures.\n\n- **Cross-Platform Compatibility**: DIE is available for Windows, Linux, and MacOS, with separate GUI and command-line (CLI) versions. This cross-platform support is essential for analysts working in different environments, allowing consistent functionality across systems.\n\n- **Reduced False Positives**: DIE leverages a combination of signature and heuristic scanning to ensure high detection accuracy. This reduces the likelihood of false positives, which is especially important in scenarios where detection precision is critical.\n\n---\n\n## 📥 Installation\n\n### 📦 Install via Package Managers\n\nYou can download the program as a portable version from the list of releases. However, if you like the option of using Package Managers, you may want to consider this item.\n\n- **Windows**: [Chocolatey](https://community.chocolatey.org/packages/die) (Thanks to [**chtof**](https://github.com/chtof) and [**Rob Reynolds**](https://github.com/ferventcoder))\n- **Linux**: \n  - **Parrot OS**: Package name `detect-it-easy`\n  - **Arch Linux**: AUR package [detect-it-easy-git](https://aur.archlinux.org/packages/detect-it-easy-git/)\n  - **openSUSE**: [OBS](https://build.opensuse.org/package/show/home:mnhauke/detect-it-easy)\n  - **REMnux**: Malware analysis distribution\n\n\u003e [!NOTE]  \n\u003e Don't have a computer nearby, but need to scan a file? Use **Detect It Easy** bot via **Telegram** to quickly check files through our server: [**@detectiteasy_bot**](https://t.me/detectiteasy_bot)\n\n### ⚙️ Build from Source\n\nFor those who need to build DIE from source, see the [BUILD.md](docs/BUILD.md) for detailed instructions on setting up dependencies and compiling DIE across platforms.\n\n### 🐳 Docker Installation\n\nEasily run DIE in a Docker container, providing a secure, isolated environment for file analysis:\n\n```bash\ngit clone --recursive https://github.com/horsicq/Detect-It-Easy\ncd Detect-It-Easy/\ndocker build . -t horsicq:diec\n```\n\n---\n\n## 🖥️ Usage\n\nDetect It Easy offers three distinct versions to fit different usage scenarios:\n\n- **die** - Graphical interface for intuitive analysis and easy navigation.\n- **diec** - Command-line version designed for batch processing and automation, ideal for integration into larger forensic or analysis workflows.\n- **diel** - Lightweight GUI version for environments with limited resources, still supporting most core features.\n\nFor detailed usage and specific examples, refer to the [RUN.md](docs/RUN.md).\n\n### 🔎 Example Use Cases\n\n- **Malware Analysis**: DIE’s detection capabilities allow for precise identification of file types, packers, or applied protections, a crucial first step in reverse engineering and malware analysis.\n- **Security Audits**: DIE can quickly determine executable file types and any potential security risks within unknown files, useful in cybersecurity assessments and vulnerability analysis.\n- **Software Forensics**: Analysts can use DIE to inspect software components, identify legacy binaries, or validate compliance in software packages.\n\n## 🏆 Special Thanks\n\n### Thanks to all the people who already contributed!\n\u003ca href=\"https://github.com/horsicq/Detect-It-Easy/graphs/contributors\"\u003e\n    \u003cimg src=\"https://contrib.rocks/image?repo=horsicq/Detect-It-Easy\" /\u003e\n\u003c/a\u003e\n\nAnd thanks to [PELock Software Protection \u0026 Reverse Engineering](https://www.pelock.com)\n\n---\n\n![Mascot](mascots/logo.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhorsicq%2FDetect-It-Easy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhorsicq%2FDetect-It-Easy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhorsicq%2FDetect-It-Easy/lists"}