{"id":13548618,"url":"https://github.com/utkusen/wholeaked","last_synced_at":"2025-04-12T18:52:11.618Z","repository":{"id":40630534,"uuid":"452300927","full_name":"utkusen/wholeaked","owner":"utkusen","description":"a file-sharing tool that allows you to find the responsible person in case of a leakage","archived":false,"fork":false,"pushed_at":"2022-01-31T13:16:52.000Z","size":53,"stargazers_count":1051,"open_issues_count":1,"forks_count":61,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-04-03T21:14:25.925Z","etag":null,"topics":["file-sharing","osint","privacy","privacy-tools","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/utkusen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-26T14:12:01.000Z","updated_at":"2025-03-19T19:36:32.000Z","dependencies_parsed_at":"2022-07-20T13:47:59.785Z","dependency_job_id":null,"html_url":"https://github.com/utkusen/wholeaked","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utkusen%2Fwholeaked","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utkusen%2Fwholeaked/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utkusen%2Fwholeaked/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utkusen%2Fwholeaked/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/utkusen","download_url":"https://codeload.github.com/utkusen/wholeaked/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248618229,"owners_count":21134200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["file-sharing","osint","privacy","privacy-tools","security"],"created_at":"2024-08-01T12:01:12.480Z","updated_at":"2025-04-12T18:52:11.590Z","avatar_url":"https://github.com/utkusen.png","language":"Go","funding_links":["https://www.buymeacoffee.com/utkusen"],"categories":["Go","Uncategorized"],"sub_categories":["Uncategorized"],"readme":"# Introduction\n\n```\n                          ,_         \n                        ,'  '\\,_     Utku Sen's\n                        |_,-'_)         wholeaked\n                        /##c '\\  (   \n                       ' |'  -{.  )  \"When you have eliminated the impossible,\n                         /\\__-' \\[]  whatever remains, however improbable,\n                        /'-_'\\       must be the truth\" - Sherlock Holmes\n                        '     \\    \n ```\n\nwholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go.\n\n## How?\n\nwholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it can automatically send files to the corresponding recipients by using Sendgrid, AWS SES or SMTP integrations. Instead of sending them by e-mail, you can also share them manually.\n\nwholeaked works with every file type. However, it has additional features for common file types such as PDF, DOCX, MOV etc.\n\n### Sharing Process\n\n```                     \n                                                       +-----------+\n                                                       |Top Secret |\n                                                       |.pdf       |       \n                                                       |           |       \n                                                      -|           |       \n                                                     / |           |       \n                                                    /  |Hidden     |       \n                                             a@gov /   |signature1 |       \n                                                  /    +-----------+       \n                                                 /     +-----------+       \n+-----------++-----------+                      /      |Top Secret |       \n|Top Secret ||Recipient  |                     /       |.pdf       |       \n|.pdf       ||List       |      +---------+   /        |           |       \n|           ||           |      |utkusen/ |  /  b@gov  |           |       \n|           ||a@gov      |-----\u003e|wholeaked| /----------+           |       \n|           ||b@gov      |      |         | \\          |Hidden     |       \n|           ||c@gov      |      +---------+  \\         |signature2 |       \n|           ||           |                    \\        +-----------+       \n+-----------++-----------+                     \\       +-----------+       \n                                                \\      |Top Secret |       \n                                                 \\     |.pdf       |       \n                                           c@gov  \\    |           |       \n                                                   \\   |           |       \n                                                    \\  |           |       \n                                                     \\ |Hidden     |       \n                                                      -|signature3 |       \n                                                       +-----------+    \n```\n\n### Validation Part\n\nTo find who leaked the document, you just need to provide the leaked file to wholeaked, and it will reveal the responsible person by comparing the signatures in the database.\n\n```\n+-----------+             +---------+                           \n|Top Secret |             |Signature|                           \n|.pdf       |  +---------+|Database |                           \n|           |  |utkusen/ ||         |         Document leaked by\n|           |-\u003e|wholeaked||         |--------+                  \n|           |  |         ||         |              b@gov        \n|Hidden     |  +---------+|         |                           \n|Signature2 |             |         |                           \n+-----------+             +---------+                           \n                                                               \n```\n\n## Demonstration Video\n\n[![Demo Video](https://img.youtube.com/vi/EEDtXp9ngHw/0.jpg)](https://www.youtube.com/watch?v=EEDtXp9ngHw)\n\n## File Types and Detection Modes\n\nwholeaked can add the unique signature to different sections of a file. Available detection modes are given below:\n\n**File Hash:** SHA256 hash of the file. All file types are supported. \n\n**Binary:** The signature is directly added to the binary. *Almost* all file types are supported.\n\n**Metadata:** The signature is added to a metadata section of a file. Supported file types: PDF, DOCX, XLSX, PPTX, MOV, JPG, PNG, GIF, EPS, AI, PSD\n\n**Watermark:** An invisible signature is inserted into the text. Only PDF files are supported.\n\n# Installation\n\n## From Binary\n\nYou can download the pre-built binaries from the [releases](https://github.com/utkusen/wholeaked/releases/latest) page and run. For example:\n\n`unzip wholeaked_0.1.0_macOS_amd64.zip`\n\n`./wholeaked --help`\n\n## From Source\n\n1) Install Go on your system\n\n2) Run: `go install github.com/utkusen/wholeaked@latest`\n\n## Installing Dependencies\n\nwholeaked requires `exiftool` for adding signatures to metadata section of files. If you don't want to use this feature, you don't need to install it.\n\n1) Debian-based Linux: Run `apt install exiftool`\n2) macOS: Run `brew install exiftool`\n3) Windows: Download exiftool from here https://exiftool.org/ and put the `exiftool.exe` in the same directory with wholeaked.\n\nwholeaked requires `pdftotext` for verifying watermarks inside PDF files. If you don't want to use this feature, you don't need to install it.\n\n1) Download \"Xpdf command line tools\" for Linux, macOS or Windows from here: https://www.xpdfreader.com/download.html\n2) Extract the archive and navigate to `bin64` folder.\n3) Copy the `pdftotext` (or `pdftotext.exe`) executable to the same folder with wholeaked\n4) For Debian Based Linux: Run `apt install libfontconfig` command.\n\n# Usage\n\n## Basic Usage\n\nwholeaked requires a project name `-n`, the path of the base file which the signatures will add `-f` and a list of target recipients `-t`\n\nExample command: `./wholeaked -n test_project -f secret.pdf -t targets.txt`\n\nThe `targets.txt` file should contain name and the e-mail address in the following format:\n\n```\nUtku Sen,utku@utkusen.com\nBill Gates,bill@microsoft.com\n```\n\nAfter execution is completed, the following unique files will be generated:\n\n```\ntest_project/files/Utku_Sen/secret.pdf\ntest_project/files/Bill_Gates/secret.pdf\n```\n\nBy default, wholeaked adds signatures to all available places that are defined in the \"File Types and Detection Modes\" section. If you don't want to use a method, you can define it with a `false` flag. For example:\n\n`./wholeaked -n test_project -f secret.pdf -t targets.txt -binary=false -metadata=false -watermark=false`\n\n## Sending E-mails\n\nIn order to send e-mails, you need to fill some sections in the `CONFIG` file.\n\n- If you want to send e-mails via Sendgrid, type your API key to the `SENDGRID_API_KEY` section. \n\n- If you want to send e-mails via AWS SES integration, you need to install `awscli` on your machine and add the required AWS key to it. wholeaked will read the key by itself. But you need to fill the `AWS_REGION` section in the config file. \n\n- If you want to send e-mails via a SMTP server, fill the `SMTP_SERVER`, `SMTP_PORT`, `SMTP_USERNAME`, `SMTP_PASSWORD` sections.\n\nThe other necessary fields to fill:\n\n- `EMAIL_TEMPLATE_PATH` Path of the e-mail's body. You can specify use HTML or text format.\n- `EMAIL_CONTENT_TYPE` Can be `html` or `text`\n- `EMAIL_SUBJECT` Subject of the e-mail\n- `FROM_NAME` From name of the e-mail\n- `FROM_EMAIL` From e-mail of the e-mail\n\nTo specify the sending method, you can use `-sendgrid`, `-ses` or `-smtp` flags. For example:\n\n`./wholeaked -n test_project -f secret.pdf -t targets.txt -sendgrid`\n\n## Validating a Leaked File\n\nYou can use the `-validate` flag to reveal the owner of a leaked file. wholeaked will compare the signatures detected in the file and the database located in the project folder. Example:\n\n`./wholeaked -n test_project -f secret.pdf -validate`\n\n**Important:** You shouldn't delete the `project_folder/db.csv` file if you want to use the file validation feature. If that file is deleted, wholeaked won't be able to compare the signatures.\n\n# Donation\n\nLoved the project? You can buy me a coffee\n\n\u003ca href=\"https://www.buymeacoffee.com/utkusen\" target=\"_blank\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/default-orange.png\" alt=\"Buy Me A Coffee\" height=\"41\" width=\"174\"\u003e\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Futkusen%2Fwholeaked","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Futkusen%2Fwholeaked","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Futkusen%2Fwholeaked/lists"}