Detect It Easy vs Ghidra
GitHub Stats
About Detect It Easy
Detect It Easy (DiE) is a program for determining types of files. It identifies the compiler, linker, packer, or protector used to build a binary, supporting PE, ELF, Mach-O, and other executable formats. DiE uses a signature-based detection system with user-editable JavaScript signatures, making it highly extensible. Beyond basic identification, it provides entropy analysis to detect packed or encrypted sections, a hex viewer for raw binary inspection, and string extraction. For malware analysts, DiE is typically the first tool used when triaging a new sample - knowing whether a binary is packed with UPX, compiled with Visual Studio, or protected with Themida immediately informs the analysis approach. It's lightweight, fast, and available as both a GUI application and command-line tool.
About Ghidra
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. It includes a full-featured suite of high-end software analysis tools for analyzing compiled code across a variety of platforms. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide range of processor instruction sets and executable formats, and users can extend it through plugins and scripts written in Java or Python.
Platform Support
Tags
Shared
Detect It Easy only
Ghidra only