DetectItEasy With Python – A Comprehensive Guide

DetectItEasy-Python is a powerful tool designed to streamline file scanning and analysis using Python bindings.

This article guides you through the straightforward installation process via pip or Git and provides essential details for utilizing the tool effectively across different operating systems.

Whether you’re a seasoned developer or new to cybersecurity, this guide makes it easy to leverage DetectItEasy’s capabilities within your Python projects.

Install

From PIP

The easiest and recommended installation is through pip.

pip install die-python

Using Git

git clone https://github.com/elastic/die-python
cd die-python

Install Qt into the build. It can be easily installed using aqt as follow (here with Qt version 6.6.2):

python -m pip install aqtinstall --user -U
python -m aqt install-qt -O ./build linux    desktop 6.6.2 gcc_64             # linux only
python -m aqt install-qt -O ./build windows  desktop 6.6.2 win64_msvc2019_64  # windows only
python -m aqt install-qt -O ./build mac      desktop 6.6.2 clang_64           # mac only

Then you can install the package

python -m pip install . --user -U

Quick Start

import die, pathlib

print(die.scan_file("c:/windows/system32/ntdll.dll", die.ScanFlags.Deepscan))
'PE64'

print(die.scan_file("../upx.exe", die.ScanFlags.RESULT_AS_JSON, str(die.database_path/'db') ))
{
    "detects": [
        {
            "filetype": "PE64",
            "parentfilepart": "Header",
            "values": [
                {
                    "info": "Console64,console",
                    "name": "GNU linker ld (GNU Binutils)",
                    "string": "Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]",
                    "type": "Linker",
                    "version": "2.28"
                },
                {
                    "info": "",
                    "name": "MinGW",
                    "string": "Compiler: MinGW",
                    "type": "Compiler",
                    "version": ""
                },
                {
                    "info": "NRV,brute",
                    "name": "UPX",
                    "string": "Packer: UPX(4.24)[NRV,brute]",
                    "type": "Packer",
                    "version": "4.24"
                }
            ]
        }
    ]
}

for db in die.databases():
    print(db)
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\ACE
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\PackageName.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\SingleJar.3.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_APK.0.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Archive\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\archive-file
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\arj
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\Amiga loadable.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\archive.7z.1.sg
[...]

Instahack – A Comprehensive Guide To Instagram Brute-Force Attacks On Termux

April 15, 2024

In "Cyber security"

UV : A Comprehensive Guide To The Fast, Unified Package Manager

February 19, 2025

In "software"

Thief Raccoon – A Comprehensive Guide To Simulating Phishing Attacks For Cybersecurity Education

June 10, 2024

In "Phishing"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.