Home

Awesome

StegCracker

Build Status PyPI version codecov pulls

Steganography brute-force utility to uncover hidden data inside files. <br> Looking for the Docker repository? You can find it here

Deprecation

Stop wasting time and CPU, use stegseek instead! Not convinced? Look at these benchmarks (stolen with love):

passwordLineStegseek v0.4Stegcracker 2.0.9Stegbrute v0.1.1 (-t 8)
"cassandra"1 0000.9s3.1s0.7s
"kupal"10 0000.9s14.4s7.1s
"sagar"100 0000.9s2m23.0s1m21.9s
"budakid1"1 000 0000.9s[p] 23m50.0s13m45.7s
"␣␣␣␣␣␣␣1"14 344 3831.9s[p] 5h41m52.5s[p] 3h17m38.0s

While I've enjoyed building this tool it is and always will built on bad foundations. StegCracker started out as a dirty hack for a problem which didn't have any good or easy to use solutions, it's biggest limiting factor however is that it relies on just spamming thousand of subprocess calls per second which (despite being optimized slightly with multiple threads) is just horrible for performance.

So, as a result, after three years of managing the project I've decided to pass on the torch and officially retire the project. Thanks for the support and thank you @RickdeJager for building a better version :tada:

Usage

Using stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If you don't specify the wordlist, the tool will try to use the built-in rockyou.txt wordlist which ships with Kali Linux. If you are running a different distribution, you can download the rockyou wordlist here.

$ stegcracker <file> [<wordlist>]

Or using Docker:

$ docker run -v $(pwd)/data/:/data -it paradoxis/stegcracker example.jpg

Requirements

The program requires the steghide binary, and Python 3.6 or higher to be installed. If python 3.6 is not installed, check out this guide on how to do so. Steghide can be installed by using the following command (Kali Linux):

$ sudo apt-get install steghide -y

Installation

To install StegCracker, run the following command:

$ pip3 install stegcracker

Or pull the latest docker image:

$ docker pull paradoxis/stegcracker

Updating

To update StegCracker, simply pass -U to the installation command:

$ pip3 install stegcracker -U --force-reinstall

Example

demo

FAQ / Troubleshooting

License

Copyright 2020 - Luke Paris (Paradoxis)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.