DetectItEasy-Python is a powerful tool designed to streamline file scanning and analysis using Python bindings.
This article guides you through the straightforward installation process via pip or Git and provides essential details for utilizing the tool effectively across different operating systems.
Whether you’re a seasoned developer or new to cybersecurity, this guide makes it easy to leverage DetectItEasy’s capabilities within your Python projects.
The easiest and recommended installation is through pip.
pip install die-pythongit clone https://github.com/elastic/die-python
cd die-pythonInstall Qt into the build. It can be easily installed using aqt as follow (here with Qt version 6.6.2):
python -m pip install aqtinstall --user -U
python -m aqt install-qt -O ./build linux desktop 6.6.2 gcc_64 # linux only
python -m aqt install-qt -O ./build windows desktop 6.6.2 win64_msvc2019_64 # windows only
python -m aqt install-qt -O ./build mac desktop 6.6.2 clang_64 # mac onlyThen you can install the package
python -m pip install . --user -Uimport die, pathlib
print(die.scan_file("c:/windows/system32/ntdll.dll", die.ScanFlags.Deepscan))
'PE64'
print(die.scan_file("../upx.exe", die.ScanFlags.RESULT_AS_JSON, str(die.database_path/'db') ))
{
"detects": [
{
"filetype": "PE64",
"parentfilepart": "Header",
"values": [
{
"info": "Console64,console",
"name": "GNU linker ld (GNU Binutils)",
"string": "Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]",
"type": "Linker",
"version": "2.28"
},
{
"info": "",
"name": "MinGW",
"string": "Compiler: MinGW",
"type": "Compiler",
"version": ""
},
{
"info": "NRV,brute",
"name": "UPX",
"string": "Packer: UPX(4.24)[NRV,brute]",
"type": "Packer",
"version": "4.24"
}
]
}
]
}
for db in die.databases():
print(db)
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\ACE
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\PackageName.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\SingleJar.3.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_APK.0.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\APK\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Archive\_init
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\archive-file
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\arj
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\Amiga loadable.1.sg
C:\Users\User\AppData\Roaming\Python\Python312\site-packages\die\db\db\Binary\archive.7z.1.sg
[...]GitButler is a git client that lets you work on multiple branches at the same…
Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system. Crafty Controller Auth'd…
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…