explaingit

horsicq/detect-it-easy

10,732JavaScriptAudience · developerComplexity · 2/5Setup · easy

TLDR

A desktop file-type identifier that uses signature matching and heuristic analysis to reveal what software made or packed any executable, archive, or unknown file, used widely by malware analysts and security researchers.

Mindmap

mindmap
  root((repo))
    What It Does
      Identifies file types
      Signature detection
      Heuristic analysis
      Custom script rules
    Supported Formats
      Windows executables
      Android and iOS apps
      Linux and Mac binaries
      ZIP archives
    How To Use
      Graphical interface
      Command line batch
      Docker container
      Telegram bot
    Who Uses It
      Malware analysts
      Security researchers
      Reverse engineers
    Installation
      Package managers
      Microsoft Store
      Build from source
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Identify what packer, compiler, or protector was used on a suspicious Windows executable before reverse-engineering it

USE CASE 2

Analyze malware samples across many file formats including Android APKs, iOS apps, and Linux binaries

USE CASE 3

Write custom detection scripts in the built-in JavaScript-like language to add support for new or unknown file formats

USE CASE 4

Batch-scan a directory of binary files from the command line to classify each one automatically

Tech stack

JavaScriptC++Qt

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

Detect It Easy (DiE) is a desktop tool for figuring out what kind of file you are looking at. When you have an executable, an archive, or an unfamiliar file and want to know what software made it or what format it uses, DiE can identify it. It is used mainly by people who analyze malware, do security research, or reverse-engineer software. The tool works by combining two approaches: signature-based detection, where it matches files against a library of known patterns, and heuristic analysis, which looks for structural clues when no matching signature exists. You can also write your own detection rules using a JavaScript-like scripting language built into the tool, which makes it possible to add detection for new file types without rebuilding the whole program. Detect It Easy handles a wide variety of file formats: Windows executables, Linux binaries, Android app packages, iOS apps, Java archives, compressed ZIP files, Mac binaries, and many others. Unknown file formats still get analyzed through heuristics rather than simply failing. The tool runs on Windows, Linux, and macOS, and has a graphical interface, a command-line version for batch processing, and a lightweight scanner-only build. Installation is available through package managers on most platforms, including Chocolatey and the Microsoft Store on Windows, and several Linux distribution repositories. It can also be built from source or run inside a Docker container. There is even a Telegram bot that lets you check a file without installing anything locally. The project is open source and community-maintained, with contributions welcome for new signatures, bug reports, and translations into other languages.

Copy-paste prompts

Prompt 1
I have a suspicious Windows executable and want to know what compiler or packer was used to create it. How do I use Detect-It-Easy to identify it and interpret the results?
Prompt 2
How do I write a custom detection script in Detect-It-Easy's built-in scripting language to recognize a file format that isn't in the default signature library?
Prompt 3
I need to scan a directory of binary files and output what each one is. Show me how to use the Detect-It-Easy command-line interface for batch processing.
Prompt 4
I'm analyzing an Android APK and want to identify what frameworks or protections it uses. Walk me through using DiE to analyze it.
Open on GitHub → Explain another repo

← horsicq on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.