Skip to content

merces/entropy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

CMakeSettings.json

CMakeSettings.json

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

entropy.cpp

entropy.cpp

 
 

Repository files navigation

entropy

entropy is a simple command-line tool to calculate the entropy of files.

Why

The entropy of a file tells us how random the file is. The closer to 8.00, the more random the file is.

As compression and encryption algorithms' output usually consists of high entropy data, one can say any file with entropy greater than 7.0 is likely compressed, encrypted, or packed (in case of executables).

I needed a fast way to calculate the entropy for a bunch of files at once in Windows, so I ended up coding this tool, which can also be used in Linux, macOS, and likely other operating systems.

Download

Windows releases are available here. In order to run them, you need the latest Microsoft Visual C++ Redistributable installed.

To run it in other operating systems, check the Building section.

Usage

Calculating the entropy of a single file:

./entropy /bin/ls
5.85 /bin/ls

Shell expansion is supported too:

PS C:\> .\entropy.exe C:\Users\User\Downloads\*
7.92 C:\Users\User\Downloads\1.jpeg
8.00 C:\Users\User\Downloads\setup.exe
7.58 C:\Users\User\Downloads\nov.pptx
4.66 C:\Users\User\Downloads\data.bin
7.99 C:\Users\User\Downloads\pic.png
4.07 C:\Users\User\Downloads\budget.xls

From the above output one could say /bin/ls is not packed, 1.jpeg uses compression, setup.exe is compressed, nov.pptx is compressed (yup, these modern MS Office files are all ZIP files indeed), data.bin is not compressed, etc. Is that garuanteed? No, it's just math. 🤓

Building

Linux/macOS

Clone the repo:

git clone https://github.com/merces/entropy.git
cd entropy

If you have CMake installed, build with the following commands:

mkdir build
cd build
cmake ..
make

Or if you don't, just use g++:

g++ -std=c++20 -o entropy entropy.cpp

Windows

If you use a recent Visual Studio version, you can clone this repository and open the CMakeLists.txt here with File -> Open -> CMake.... Then, select a configuration that suits your needs and build.

Similar Work

I am aware of the following tools that achieve similar results:

Name Comments
DensityScout Uses a different algorithm the author called density.
Detect It Easy Shows a nice graph. Do many other great things. CLI version included.
entropy From Fluffy Suite. Fast. Supports one file at time.
Ent Different algorithm, one file at a time. Windows only. Creates a graph.
ent Gives more information. Process one file at a time.
rahash2 From radare2 framework. rahash2 -a entropy does the job.
rz-hash From Rizin framework. rz-hash -a entropy does the job.

About

CLI program to calculate file entropy

Topics

cryptography compression malware-analysis forensic-analysis

Resources

Readme

License

GPL-2.0 license
Activity

Stars

62 stars

Watchers

5 watching

Forks

8 forks
Report repository

Releases 2

entropy v1.1 Latest
Jul 28, 2023
+ 1 release

Contributors 2

Languages