Skip to content

johnrickman/stegextract

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.MD
README.MD
 
 
poc.gif
poc.gif
 
 
stegextract
stegextract
 
 

Repository files navigation

Stegextract

Bash script to extract hidden files and strings from images.

Description

Stegextract extracts any trailing data after the image's closing bytes, and any hidden files (or other images) embedded within the image.
Short byte combinations such as JPEG's FFD8 FFE0 might sometimes create false positives.
Manually reviewing the hexdump is sometimes inevitable in cases of highly complex embedded files.
Stegextract is not the solution for any color/pixel/filter/LSB related Steganography, nor does it try to be. It relies on magic numbers, hexdumps and binary data alone.
Currently supports PNG, JPG, and GIF.

Update: --analyze flag was deprecated and is now being performed automatically with every scan.

Installation

sudo curl https://raw.githubusercontent.com/evyatarmeged/stegextract/master/stegextract > /usr/local/bin/stegextract
sudo chmod +x /usr/local/bin/stegextract

Usage

Usage: stegextract <file> [options]

-h, --help                Print this and exit
-o, --outfile             Specify an outfile
-s, --strings             Extract strings from file
-q, --quiet               Do not output to stdout
--force-format            Force this image format instead of detecting

POC:

poc

Image examples from the above GIF can be found in the examples folder.

About

Detect hidden files and text in images

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%