Powered by

# Stegonography

Steganography is the practice of hiding a secret message inside of something that is not secret such as an image, audio file or even other types of files. You can embed secret messages in just about anything you want, some practical examples are hiding script inside of a Word or Excel document, or C2 messages in DNS requests. This section contains stego tools in order of relevance, starting with simple and going from there.

# Strings

A builtin tool in linux that displays printable strings in a file, great starting point to an analysis.

strings file.png

# Exiftool

ExifTool is a platform-independent Perl library (yuck) plus a command-line application for reading, writing and editing meta information in a wide variety of files.

sudo apt-get install -y exiftool # install exiftool
exiftool file.png                # shows exif metadata

# Exiv2

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. Very similar to Exif tool.

sudo apt-get install -y exiv2 # Install exiv2
exiv2 file.png                # shows exif metadata

# Steghide

Steghide is a steganography program that hides data in various kinds of image and audio files. It supports the following formats: JPEG, BMP, WAV and AU.

steghide info file.jpg    # Determines if stego exists.
steghide extract -sf file # extracts embedded data from a file

# Zsteg

zsteg is a tool written in ruby that can detect hidden data in png and bmp files.

gem install zsteg  # The source can be found on github
zsteg -a file.png  # Runs all the methods on the given file
zsteg -E file.png  # Extracts data from the given payload (example : zsteg -E b4,bgr,msb,xy name.png)

# Wavsteg

WavSteg is a python3 tool that can hide data and files in wav files and can also extract data from wav files. You can get it from github

Useful commands: python3 WavSteg.py -r -s soundfile -o outputfile : extracts data from a wav sound file and outputs the data into a new file

# Foremost

Foremost is a forensic data recovery program for Linux used to recover files using their headers, footers, and data structures through a process known as file carving. Useful for carving out images embedded in a file.

foremost -i file   # extracts data from the given file.

# Stegsolve

A small tool written in java that helps manual stegonographic analysis.

https://github.com/Giotino/stegsolve

# Binwalk

Binwalk is a tool for searching binary files like images and audio files for embedded files and data. It can be installed with apt however the source can be found on github.

Useful commands: binwalk file : Displays the embedded data in the given file binwalk -e file : Displays and extracts the data from the given file

# Sonic visualizer

Sonic visualizer is a tool for viewing and analyzing the contents of audio files, however it can be helpful when dealing with audio steganography. You can reveal hidden shapes in audio files. Offical Website

© Copyright 2021. All rights reserved.