Steganography
A good list to look at can be found here.
Images
exiftool
Can be installed with sudo apt install exiftool
. This tool can be used to extract metadata from images.
exiftool image.jpg
: Shows all the metadata in the imageimage.jpg
.
strings
This is the most basic tool for extracting data from images. Can be installed with sudo apt install binutils
.
strings image.jpg
: Shows all the strings in the imageimage.jpg
, possibly uncovering hidden data.
steghide
Can be installed with sudo apt install steghide
.
steghide info image.jpg
: Displays info about whetherimage.jpg
has embedded data or not.steghide extract -sf image.jpg
: Extracts any hidden data from the imageimage.jpg
using the default password list.steghide extract -sf image.jpg -p password
: Extracts any hidden data from the imageimage.jpg
using the passwordpassword
.
stegseek
This is a faster version of the well-known stegcracker
tool.
Can be installed with sudo docker pull rickdejager/stegseek
. Repository available here.
sudo docker run --rm -it -v "$(pwd):/steg" rickdejager/stegseek image.jpg rockyou.txt
: Extracts any hidden data from the imageimage.jpg
using the wordlistrockyou.txt
.
stego-toolkit
Can be installed with sudo docker pull dominicbreuker/stego-toolkit
, then ran with sudo docker run -it -v $(pwd):/data dominicbreuker/stego-toolkit /bin/bash
.
pngcheck image.png
: Confirms that the image is a PNG file.zsteg image.png
: Confirms that steganography is being used.
stegsolve
Can be installed with the following:
wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar
java -jar stegsolve.jar
A new modded version can be found here, and it has the added benefit of being open-source unlike the original.
zsteg
Can be installed with sudo gem install zsteg
. Useful for png
and bmp
files.
zsteg -a image.png
: Runs all methods on the imageimage.png
.zsteg -E image.png
: Extracts data from the given payload (example :zsteg -E b4,bgr,msb,xy image.png
)
foremost
Can be installed with sudo apt install foremost
. Most useful for png
files, but can also be used for jpg
files. Repository available here.
foremost -i image.png
: Extracts any hidden data from the imageimage.png
.
binwalk
Can be installed with sudo apt install binwalk
. Useful for both images and audio files.
binwalk -e image.jpg
: Extracts any hidden data from the imageimage.jpg
.
Digital Invisible Ink Toolkit
Can be downloaded from here. Useful for image files. Can run the software with java -jar -Xmx512m diit-1.5.jar
.
The BlindHide
mode is often used. Use the Set Message
option to set an output text file, then investigate the contents to determine the type of file.
Audio
WavSteg
Can be installed with pip install stego-lsb
. Useful for wav
files. More information available here.
stegolsb wavsteg -h -i sound.wav -s file.txt -o sound_steg.wav -n 1
stegolsb wavsteg -r -i sound_steg.wav -o output.txt -n 1 -b 1000
ZIP Files
fcrackzip
Can be installed with sudo apt install fcrackzip
. Useful for zip
files.
fcrackzip -u -D -p rockyou.txt file.zip
: Attempts to crack the password of thezip
filefile.zip
using the wordlistrockyou.txt
.
Backlinks