Detect It Easy
Detect It Easy Description
Detect It Easy, or abbreviated “DIE” is a program for determining types of files.
“DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.
DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and console version (“DIEC”). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:
- MSDOS executable files MS-DOS
- PE executable files Windows
- ELF executable files Linux
- MACH executable files Mac OS
- Binary all other files
Detect It Easy Help
diec [options] file
-h, --help Displays help on commandline options. --help-all Displays help including Qt specific options. -v, --version Displays version information. -d, --deepscan Deep scan. -e, --entropy Show entropy. -x, --xml Result as XML. -j, --json Result as JSON. Arguments: file The file to open.
Detect It Easy Usage Example
The following command will open the Detect It Easy GUI:
Analysis of the file /mnt/disk_d/Share/testfiles/file1 showing the results in the graphical interface:
Analysis of a file without an extension located at the path /mnt/disk_d/Share/testfiles/file1 to determine the file type:
Analysis of all files located in the current directory to determine file types:
How to install Detect It Easy
Installation on Kali Linux
sudo apt install qtbase5-dev qtscript5-dev qttools5-dev-tools git build-essential qtchooser git clone --recursive https://github.com/horsicq/DIE-engine cd DIE-engine bash -x build_dpkg.sh sudo dpkg -i release/die_*.deb
Installation on Debian, Linux Mint, Ubuntu
sudo apt update sudo apt install git qtbase5-dev qtscript5-dev qttools5-dev-tools git build-essential qtchooser git clone --recursive https://github.com/horsicq/DIE-engine cd DIE-engine bash -x build_dpkg.sh sudo dpkg -i release/die_*.deb
Installation on BlackArch
The program is pre-installed on BlackArch. To install in minimal builds run:
sudo pacman -S detect-it-easy
Installation on Windows
Go to the releases page to download the compiled program files: https://github.com/horsicq/DIE-engine/releases
Download a file like die_win64_portable_*.zip
Unzip it and go to the program folder.
Double-click the die.exe file to open the Detect It Easy GUI.
Detect It Easy Screenshots
Detect It Easy Tutorials
- How to analyze and split compound files (firmware, multi partition disk images)
- How to find out the type of a file without an extension (in Windows and Linux)
- Online service “Determining the type of a file without an extension by its content online”