Detect It Easy
MIT๐งฌ Reverse Engineering ยท C++/Qt
Detect It Easy (DiE) is a program for determining types of files. It identifies the compiler, linker, packer, or protector used to build a binary, supporting PE, ELF, Mach-O, and other executable formats. DiE uses a signature-based detection system with user-editable JavaScript signatures, making it highly extensible. Beyond basic identification, it provides entropy analysis to detect packed or encrypted sections, a hex viewer for raw binary inspection, and string extraction. For malware analysts, DiE is typically the first tool used when triaging a new sample - knowing whether a binary is packed with UPX, compiled with Visual Studio, or protected with Themida immediately informs the analysis approach. It's lightweight, fast, and available as both a GUI application and command-line tool.
Installation
brew (macOS)
$ brew install detect-it-easyChocolatey
$ choco install detect-it-easyfrom source
$ git clone https://github.com/horsicq/Detect-It-Easy.git && cd Detect-It-Easy && qmake && makeUse Cases
- Triaging unknown binaries to identify compilers, packers, and protectors
- Detecting UPX, Themida, VMProtect, and other packers on malware samples
- Entropy analysis to identify encrypted or compressed sections in executables
- Quick identification of binary format and architecture before deeper analysis
- Extending detection capabilities with custom JavaScript signatures
Tags
Details
- Category
- ๐งฌ Reverse Engineering
- Language
- C++/Qt
- Repository
- horsicq/Detect-It-Easy
- License
- MIT
- Platforms
- ๐ชwindows๐งlinux๐macos
Links
Alternatives & Comparisons
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Compare Detect It Easy vs GhidraRadare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare Detect It Easy vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare Detect It Easy vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare Detect It Easy vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare Detect It Easy vs ILSpyx64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Compare Detect It Easy vs x64dbgangr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Compare Detect It Easy vs angrRetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Compare Detect It Easy vs RetDecRizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Compare Detect It Easy vs RizinMore in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
angr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
RetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Rizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.