stegextract - Detect hidden files and text in images

  •        486

Bash script to extract hidden files and strings from images. Stegextract extracts any trailing data after the image's closing bytes, and any hidden files (or other images) embedded within the image. Short byte combinations such as JPEG's FFD8 FFE0 might sometimes create false positives. Manually reviewing the hexdump is sometimes inevitable in cases of highly complex embedded files. Stegextract is not the solution for any color/pixel/filter/LSB related Steganography, nor does it try to be. It relies on magic numbers, hexdumps and binary data alone. Currently supports PNG, JPG, and GIF.

https://github.com/evyatarmeged/stegextract

Tags
Implementation
License
Platform

   




Related Projects

stego-toolkit - Collection of steganography tools - helps with CTF challenges

  •    Shell

This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes pre-installed with many popular tools (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for a JPG file). First make sure you have Docker installed (how to). Then you can use the shell scripts bin/buid.sh and bin/run.sh in this repo to build the image and run the container. You will be dropped into a bash shell inside the container. It will have the data folder mounted, into which you can put the files to analyze.

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

airbash - A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing

  •    C

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured). After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.

Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

  •    Python

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.

fbctf - Platform to host Capture the Flag competitions

  •    Hack

The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.The FBCTF platform was designed with flexibility in mind, allowing for different types of installations depending on the needs of the end user. The FBCTF platform can be installed either in Development Mode, or Production Mode.


stripe-ctf-2.0 - Capture the Flag: Web Edition https://stripe.com/blog/capture-the-flag-20

  •    Python

This repository contains the source code to the levels from the Stripe CTF 2.0, which ran from August 22-29, 2012.

LSB-Steganography - Python program to steganography files into images using the Least Significant Bit

  •    Python

Python program based on stegonographical methods to hide files in images using the Least Significant Bit technique. I used the most basic method which is the least significant bit. A colour pixel is composed of red, green and blue, encoded on one byte. The idea is to store information in the first bit of every pixel's RGB component. In the worst case, the decimal value is different by one which is not visible to the human eye. In practice, if you don't have space to store all of your data in the first bit of every pixel you should start using the second bit, and so on. You have to keep in mind that the more your store data in an image, the more it can be detected.

jsteg - JPEG steganography

  •    Go

jsteg is a package for hiding data inside jpeg files, a technique known as steganography. This is accomplished by copying each bit of the data into the least-significant bits of the image. The amount of data that can be hidden depends on the filesize of the jpeg; it takes about 10-14 bytes of jpeg to store each byte of the hidden data. Note that the data is not demarcated in any way; the caller is responsible for determining which bytes of hidden it cares about. The easiest way to do this is to prepend the data with its length.

android-Camera2Raw

  •    Java

This sample demonstrates using the Camera2 API to capture a JPEG and RAW sensor frame. Check the source code to see a typical example of how to display the camera preview; run auto-focus, auto-exposure metering, and auto-white-balance; capture a JPEG and RAW image for the same sensor frame; and save these into MediaStore for use in other applications. The Camera2 API allows users to capture RAW images, i.e. unprocessed pixel data directly from the camera sensor that has not yet been converted into a format and colorspace typically used for displaying and storing images viewed by humans. The DngCreator class is provided as part of the Camera2 API as a utility for saving RAW images as DNG files.

iOS-Asset-Extractor - A tool to extract image assets from the iOS SDK.

  •    Objective-C

iOS Asset Extractor is a tool to extract images from the iOS SDK. It extracts PNGs, PDFs, and CAR files. I made this tool as I base the icons and images I use in my apps off of the images in Apple's stock apps. And it is much easier to have the original files, than it is to take screenshots. Note: The iOSAssetExtractor executable must be next to the CARExtractor executable in order for the program to work.

SniffAir - A framework for wireless pentesting.

  •    Python

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.

Zeratool - Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems

  •    Python

This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote code execution through pwntools and a series of script tricks. Finally the payload is tested locally then submitted to a remote CTF server to recover the flag. Zeratool has room to grow and future iterations of Zeratool will include information disclosure discovery and linking those leaks to an offset for general ASLR bypasses.

RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)

  •    HTML

Root the Box is a real-time scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for any CTF game. Root the Box attempts to engage novice and experienced players alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to the real-world, such as penetration testing, incident response, digital forensics and threat hunting. Just as in traditional CTF games, each team or player targets challenges of varying difficulty and sophistication, attempting to collect flags. Root the Box brings additional options to the game. It can be configured to allow the creation of "Botnets" by uploading a small bot program to target machines, which grant periodic rewards with (in-game) money for each bot in the botnet; the larger the botnet the larger the reward. Money can be used to unlock new levels, buy hints to flags, download a target's source code, or even "SWAT" other players by bribing the (in-game) police. Player's "bank account passwords" can also be publically displayed by the scoring engine, allowing players to crack each other's passwords and steal each other's money.

SWFTools - Utilities to work with Adobe Flash files

  •    C

SWFTools is a collection of utilities for working with Adobe Flash files (SWF files). The tool collection includes programs for reading SWF files, combining them, and creating them from other content (like images, sound files, videos or sourcecode).

pwntools - CTF framework and exploit development library

  •    Python

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.

Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs.

  •    Go

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

Digital Identity

  •    VB

Password manager for Windows that includes file encryption and steganography (allows files and data to be hidden in images).

stegotools

  •    C

stegotools is a suite of UNIX command-line applications to read/write hidden information from/in files using steganography. It currently fully supports 24bpp bitmap images.

ColorCube - Dominant color extraction for iOS, macOS and Python

  •    Objective-C

In a current iOS project I needed to get dominant colors from images. Some hints were going into some code that tried to mimic iTunes way of doing it, but they did not work for me. So I did this thing, called ColorCube. It performs fast and easy color extraction from RGB images on iOS using a 3d histogram ("color cube"). It is fast because in order to extract colors you can downscale your image if it is too large and still get nice colors.

payloads - Git All the Payloads! A collection of web attack payloads.

  •    Shell

run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.