DetectItEasy-Python is a powerful tool designed to streamline file scanning and analysis using Python bindings.
This article guides you through the straightforward installation process via pip or Git and provides essential details for utilizing the tool effectively across different operating systems.
Whether you’re a seasoned developer or new to cybersecurity, this guide makes it easy to leverage DetectItEasy’s capabilities within your Python projects.
The easiest and recommended installation is through pip
.
pip install die-python
git clone https://github.com/elastic/die-python
cd die-python
Install Qt into the build
. It can be easily installed using aqt
as follow (here with Qt version 6.6.2):
python -m pip install aqtinstall --user -U
python -m aqt install-qt -O ./build linux desktop 6.6.2 gcc_64 # linux only
python -m aqt install-qt -O ./build windows desktop 6.6.2 win64_msvc2019_64 # windows only
python -m aqt install-qt -O ./build mac desktop 6.6.2 clang_64 # mac only
Then you can install the package
python -m pip install . --user -U
import die, pathlib
print(die.scan_file("c:/windows/system32/ntdll.dll", die.ScanFlags.Deepscan))
'PE64'
print(die.scan_file("../upx.exe", die.ScanFlags.RESULT_AS_JSON, str(die.database_path/'db') ))
{
"detects": [
{
"filetype": "PE64",
"parentfilepart": "Header",
"values": [
{
"info": "Console64,console",
"name": "GNU linker ld (GNU Binutils)",
"string": "Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]",
"type": "Linker",
"version": "2.28"
},
{
"info": "",
"name": "MinGW",
"string": "Compiler: MinGW",
"type": "Compiler",
"version": ""
},
{
"info": "NRV,brute",
"name": "UPX",
"string": "Packer: UPX(4.24)[NRV,brute]",
"type": "Packer",
"version": "4.24"
}
]
}
]
}
for db in die.databases():
print(db)
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\ACE
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\PackageName.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\SingleJar.3.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_APK.0.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Archive\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\archive-file
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\arj
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\Amiga loadable.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\archive.7z.1.sg
[...]
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…