R4yGM/stegbrute R4yGM/stegbrute

  • Stars
    star
    231
  • Rank 167,768 (Top 4 %)
  • Language
    Rust
  • License
    Apache License 2.0
  • Created over 3 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
R4yGM/stegbrute
github

R4yGM

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fast Steganography bruteforce tool written in Rust useful for CTF's

stegbrute

stegbrute is a fast steganography brute force tool written in Rust

Dependencies

Stegbrute cannot run without steghide!, to install steghide run :

apt-get install -y steghide

if you are not in a debian distribution you can download it from steghide website

Installation

stegbrute can be installed in different ways:

Cargo

throught cargo (Rust package manager)

if you don't have cargo you can install it either from apt or by downloading Rust lang

cargo install stegbrute

this will work for every platform

Debian distributions

if you have ubuntu/kali or other debian distributions you can install the .deb file you find on the releases section, then unpack the file and run it

wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute_0.1.1_amd64.deb &&
dpkg --install stegbrute_0.1.1_amd64.deb

Docker

if you don't have docker installed you can follow their guide

first you have to pull the docker image (only 4.93 MB) from the docker registry, you can see it here, if you don't want to pull the image you can also clone the repository and then build the image from the Dockerfile

docker pull r4yan/stegbrute:latest

you can also decide to pull different images by replacing 'latest' with a stegbrute version, ex.

docker pull r4yan/stegbrute:0.1.0

if you don't want to pull the image you can download/copy stegbrute Dockerfile that can be found here and then build the image from the Dockerfile

then if you want to launch the container you have to first create a volume to share your files to the container

docker volume create --name stegbrute_data

then move or copy the files you want to use for stegbrute inside the volume folder wich usually is here /var/lib/docker/volumes/stegbrute_data/_data by just doing

cp wordlist.txt /var/lib/docker/volumes/stegbrute_data/_data && cp file.jpg /var/lib/docker/volumes/stegbrute_data/_data

and now run stegbrute

docker run -v stegbrute_data:/stegbrute_data -it --rm --name stegbrute r4yan/stegbrute:latest <options>

replace the <options> with the options/arguments you want to give to stegbrute, once you did everything you don't have to pull/build the image again only if there are new updates or features

Always save your results inside the volume and not in the container because then the results will be deleted! you can save them by adding this option -x /$VOLUME_NAME/results.txt or --extract-file /$VOLUME_NAME/results.txt

if you added this and did everything correctly at the end of every attack you'd find the results inside the folder /var/lib/docker/volumes/stegbrute_data/_data

this will work for every platform

Executable

you can also download the already compiled programn and then execute it, example :

wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute && chmod +x stegbrute
mv stegbrute /usr/local/bin/

Usage

stegbrute is very simple to use and it gives you many options, you can view the program help with the -h or --help option

============================================================
     ____  _             ____             _
    / ___|| |_ ___  __ _| __ ) _ __ _   _| |_ ___
    \___ \| __/ _ \/ _` |  _ \| '__| | | | __/ _ \
     ___) | ||  __/ (_| | |_) | |  | |_| | ||  __/
    |____/ \__\___|\__, |____/|_|   \__,_|\__\___|
                   |___/

StegBrute v0.1.1 - By R4yan
https://github.com/R4yGM/StegBrute

StegBrute 0.1.1
R4yan <[email protected]>
Steganography bruteforce tool

USAGE:
    stegbrute [FLAGS] [OPTIONS] --file-name <file-name> --wordlist <wordlist>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information
    -v, --verbose    shows every try the program does

OPTIONS:
    -x, --extract-file <extract-file>    the file name path where you want to write the results [default:
                                         stegbrute_results.txt]
    -f, --file-name <file-name>          the file name path you want to crack
    -t, --threads <threads>              number of threads to bruteforce the file [default: 3]
    -w, --wordlist <wordlist>            path of the wordlist

for example :

Options :

  • -x or --extract-file with <file_name> will save the results of the extracted data into the file_name, if no file is specified stegbrute will save your results inside ./stegbrute_results.txt file

  • -t or --threads with <number_of_threads> will launch a number of programs bruteforcing the file simultaneously, incrementing the number of threads doesn't always mean this will run more faster it all depends on how many threads your machine can handle

  • -f or --file_name with <file_name> the file name that stegbrute is going to attack, must be one of these supported formats : JPEG, BMP, WAV or AU

  • -w or --wordlist with <wordlist> the file where stegbrute is going to take the passwords line by line and then start trying them to the file you want to crack, if you don't have one you can install for example rockyou.txt

Benchmark

stegbrute benchmark on different wordlists using 3 threads

Wordlist passwords Time
100 841.12ms
1000 8.57s
10000 77.79s
100000 775.93s

More Repositories

1

dorkscout

DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
Go
221
star
2

netscanner

netscanner - TCP/UDP scanner to find open or closed ports
Go
204
star
3

garlicshare

Private and self-hosted file sharing over the Tor network written in golang
Go
113
star
4

AsciiPy

translate images, videos and text to Ascii arts easy
Python
62
star
5

SpaceXTelemetry-Api

SpaceXTelemetry API - Open Source REST API for telemetry and predictions to rocket launches
JavaScript
30
star
6

NorthKoreaScans

Collection of port scans of the North Korean IPv4 subnets from different vps
Shell
9
star
7

gonion

Golang Client for querying Tor network data using the Onionoo service.
Go
9
star
8

SpaceR4y_TelegramBot

Telegram bot that can request some cool NASA api
JavaScript
6
star
9

R4y-Search-Engine-Python

a python script i made for searching on the net, uses Google custom search api
Python
5
star
10

GoTelegram

Go
5
star
11

AsciiRb-R4y

a Ruby script that could create Ascii texts with a lot of fonts
Ruby
5
star
12

r4nasa-api

r4nasa-api Get space data easy with this node js module!
JavaScript
5
star
13

Nasa-Apod-Discord-Bot

Discord bot that returns the Astronomy Picture of the Day
Go
4
star
14

SpaceXNews-api

simple spacex api to request missions logos or news
JavaScript
4
star
15

email-spam-in-python

Python
4
star
16

go-mysql

simple example of a golang mysql connection and returning some values from a table
Go
4
star
17

Youtube-api-

this script get some data via youtube api and then it parse into the console the subscribers count of a channel
Python
4
star
18

request-and-parse

simple repo to request and parse an rest api
Go
3
star
19

r4y-message

simple chat built in Nodejs and socket.io
HTML
3
star
20

NodeJs-TelegramBot-weather-and-youtube-api

JavaScript
2
star
21

SpaceXData

Website for SpaceXData Android application
2
star
22

R4yan

just a test.
1
star
23

R4yann

this is just a temporary website
JavaScript
1
star