• Stars
    star
    491
  • Rank 89,636 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created about 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Steganography brute-force utility to uncover hidden data inside files

StegCracker

Build Status PyPI version codecov pulls

Steganography brute-force utility to uncover hidden data inside files.
Looking for the Docker repository? You can find it here

Deprecation

Stop wasting time and CPU, use stegseek instead! Not convinced? Look at these benchmarks (stolen with love):

password Line Stegseek v0.4 Stegcracker 2.0.9 Stegbrute v0.1.1 (-t 8)
"cassandra" 1 000 0.9s 3.1s 0.7s
"kupal" 10 000 0.9s 14.4s 7.1s
"sagar" 100 000 0.9s 2m23.0s 1m21.9s
"budakid1" 1 000 000 0.9s [p] 23m50.0s 13m45.7s
"␣␣␣␣␣␣␣1" 14 344 383 1.9s [p] 5h41m52.5s [p] 3h17m38.0s

While I've enjoyed building this tool it is and always will built on bad foundations. StegCracker started out as a dirty hack for a problem which didn't have any good or easy to use solutions, it's biggest limiting factor however is that it relies on just spamming thousand of subprocess calls per second which (despite being optimized slightly with multiple threads) is just horrible for performance.

So, as a result, after three years of managing the project I've decided to pass on the torch and officially retire the project. Thanks for the support and thank you @RickdeJager for building a better version 🎉

Usage

Using stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If you don't specify the wordlist, the tool will try to use the built-in rockyou.txt wordlist which ships with Kali Linux. If you are running a different distribution, you can download the rockyou wordlist here.

$ stegcracker <file> [<wordlist>]

Or using Docker:

$ docker run -v $(pwd)/data/:/data -it paradoxis/stegcracker example.jpg

Requirements

The program requires the steghide binary, and Python 3.6 or higher to be installed. If python 3.6 is not installed, check out this guide on how to do so. Steghide can be installed by using the following command (Kali Linux):

$ sudo apt-get install steghide -y

Installation

To install StegCracker, run the following command:

$ pip3 install stegcracker

Or pull the latest docker image:

$ docker pull paradoxis/stegcracker

Updating

To update StegCracker, simply pass -U to the installation command:

$ pip3 install stegcracker -U --force-reinstall

Example

demo

FAQ / Troubleshooting

  • I can't install the tool with pip3, but python 3.6+ is installed

    • Your pip binary might be using a different version of Python. Try installing it directly through Python like so (replace "X" with your minor version, eg: python3.6): python3.X -m pip install -U stegcracker
  • I installed the tool, but when I run stegcracker it just returns 'command not found'

    • Chances are your Python's bin directory is not in your PATH envrionment variable. As a dirty fix you could add the following to your ~/.bashrc file: alias stegcracker='python3 -m stegcracker'
  • I'm using StegCracker 1.X, how do I upgrade?

    • If you're upgrading StegCracker from the original 1.X release, please remove the existing version first using: sudo rm --force $(which stegcracker)
  • I want to run an older version of StegCracker, how do I obtain a copy?

    • While I recommended using the latest and greatest version, you might want to install an older version of StegCracker. You can do this by checking out the releases page. (Note: all issues or pull requests regarding this version will be be ignored).
  • Can I run this tool on other Linux distro's?

    • As long as you have a valid version of Python 3.6 and steghide in your path it should work. Please note that the tool has officially been tested on Kali Linux, all other platforms might be unstable. If you find a bug on another distro, please submit an issue and I'll see what I can do (but do fill in the template as well).
  • Can I run StegCracker on Windows?

    • As far as I know there aren't any official steghide releases for Windows, so as far as I'm aware: no

License

Copyright 2020 - Luke Paris (Paradoxis)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

More Repositories

1

Flask-Unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Python
289
star
2

PHP-Backdoor

Your interpreter isn’t safe anymore  —  The PHP module backdoor
C
215
star
3

Gordon

Ever wanted to get yelled at by Chef Ramsay whenever you inevitably fuck up your script or make a typo on the command line? Well now you can.
Shell
69
star
4

Windows-Sound-Manager

Control your volume mixer on windows with Python 3
Python
51
star
5

OSRS-Font-Parser

Make your website relive your nerdy childhood
HTML
31
star
6

Flask-Unsign-Wordlist

The following package is the standalone wordlist-only component to flask-unsign.
Python
29
star
7

PIP-Module-Scanner

Scans your Python project for all installed third party pip libraries that are used and generates a requirements.txt file based on it
Python
20
star
8

Reverse-Shell-Client

The reverse shell client is a Python based alternative for a netcat reverse shell listener
Python
19
star
9

Facebook-CSharp-Ads-SDK

A third party Facebook Ads SDK (Marketing API) wrapper for C#
C#
16
star
10

Git-Fingerprint

Git Fingerprint is a web fingerprinting tool that attempts to scan a target based on the files a git repository by enumerating over all files ever found in the public web root and comparing cryptographic hashes of each commit, branch or tag in order to calculate the best possible match.
Python
8
star
11

TransIP-STACK-API

(Deprecated) Unofficial wrapper for the TransIP STACK API, written in Python 3.
Python
7
star
12

SHA2017

All finished projects written during the SHA2017 camp
Python
7
star
13

Fizz-Buzz

Ace that job interview with minimal effort, good developers write clean code, master developers don't write any at all.
Python
5
star
14

Hogeschool-Rotterdam-Course-Scraper

Rather than going through the absolute hell that is the school system called 'OSIRIS', I decided to just write a scraper and generate a beautiful and searchable website to do the same instead. Also a full website authentication 'framework'
HTML
3
star
15

PHP-security-classes

PHP essential security simplified
PHP
3
star
16

Arduino-Morse-Code-Translator

Arduino application written in C that translates a string of text from ascii to morse code and flashes to output on an LED
Arduino
3
star
17

Fuck-The-Youtube-Homepage

Can't stand the 'innovative' YouTube homepage? Good, me neither.
JavaScript
2
star
18

Let-There-Be-NewLines

Replaces all newlines in the bio of every GitHub profile page, because seriously, why isn't this a thing yet?
JavaScript
2
star
19

Angular-2.0-todo-list

Sample todo list app written in Angular 2.0 and Materialize CSS
HTML
2
star
20

VeilingOneMen

Open-sourced legacy project, promotional website for a charity auction
HTML
1
star
21

OSRS-Script-Map

OSRS world map which allows for coordinate mapping for scripts - fork of explv.github.io
JavaScript
1
star
22

Siek-Communicatie

Source code of the website www.siek-communicatie.nl, built in February of 2015 with PhalconPHP
PHP
1
star