Detect It Easy (DiE) is a powerful tool for file type identification, popular among malware analysts, cybersecurity experts, and reverse engineers worldwide. Supporting both signature-based and heuristic analysis, DiE enables efficient file inspections across a broad range of platforms, including Windows, Linux, and MacOS. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.
- π Download release
- π§ͺ Download dev/beta
- π DIE API Library (for Developers)
- π Changelog
- π¬ Contribute to Translations
Detect It Easyβs flexible signature system and scripting capabilities make it an essential tool for malware analysis and digital forensics. With traditional static analyzers often limited in scope and prone to false positives, DiEβs customizable design enables precise integration of new detection logic, ensuring reliable results across diverse file types.
- Flexible Signature Management: Easily create, modify, and optimize signatures.
- Cross-Platform Support: Runs on Windows, Linux, and MacOS.
- Minimal False Positives: Combined signature and heuristic analysis ensures high detection accuracy.
Detect It Easy supports a wide range of executable and archive types, including:
- PE (Portable Executable format for Windows)
- ELF (Executable and Linkable Format for Linux)
- APK (Android Application Package)
- IPA (iOS Application Package)
- JAR (Java Archive)
- ZIP (Compressed archives)
- DEX (Dalvik Executable for Android)
- MS-DOS (MS-DOS executable files)
- COM (Simple executable format for DOS)
- LE/LX (Linear Executable for OS/2)
- MACH (Mach-O files for MacOS)
- NPM (JavaScript packages)
- Amiga (Executable format for Amiga computers)
- Binary (Other unclassified files)
Unknown formats undergo heuristic analysis, providing identification for both known and unrecognized files.
- Flexible Signature Management: Define or modify detection signatures.
- Scripted Detection: Use a JavaScript-like scripting language for custom detection algorithms.
- Cross-Platform Compatibility: Available for Windows, Linux, and MacOS.
- Reduced False Positives: Combines signature and heuristic scanning for accuracy.
- Windows: Chocolatey
- Linux:
- Parrot OS: Package name
detect-it-easy
- Arch Linux: AUR package detect-it-easy-git
- openSUSE: OBS
- REMnux: Malware analysis distribution
- Parrot OS: Package name
Note
Use Detect It Easy bot via Telegram to quickly check files: @detectiteasy_bot
See the BUILD.md for detailed instructions.
Run DiE in a Docker container:
git clone --recursive https://github.com/horsicq/Detect-It-Easy
cd Detect-It-Easy/
docker build . -t horsicq:diec
Detect It Easy offers three versions:
- die - Graphical interface.
- diec - Command-line version for batch processing.
- diel - Lightweight GUI version.
For detailed usage, refer to the RUN.md.
- Malware Analysis: Identify file types, packers, or protections.
- Security Audits: Determine executable file types and potential security risks.
- Software Forensics: Inspect software components and validate compliance.
Thanks to all contributors!