Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/R4yGM/stegbrute
Fast Steganography bruteforce tool written in Rust useful for CTF's
https://github.com/R4yGM/stegbrute
brute-force cargo crack ctf ctf-tools decryption docker hacktoberfest hacktoberfest2020 images rust steg steganography steghide
Last synced: 22 days ago
JSON representation
Fast Steganography bruteforce tool written in Rust useful for CTF's
- Host: GitHub
- URL: https://github.com/R4yGM/stegbrute
- Owner: R4yGM
- License: apache-2.0
- Created: 2020-10-15T17:08:37.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-09-12T17:07:17.000Z (over 3 years ago)
- Last Synced: 2024-10-05T18:35:21.609Z (2 months ago)
- Topics: brute-force, cargo, crack, ctf, ctf-tools, decryption, docker, hacktoberfest, hacktoberfest2020, images, rust, steg, steganography, steghide
- Language: Rust
- Homepage: https://r4ygm.github.io/stegbrute/
- Size: 5.06 MB
- Stars: 238
- Watchers: 11
- Forks: 34
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - R4yGM/stegbrute - Fast Steganography bruteforce tool written in Rust useful for CTF's (Rust)
README
![](https://api.travis-ci.org/R4yGM/StegBrute.svg)
![](https://img.shields.io/docker/cloud/build/r4yan/stegbrute)
# stegbrute
stegbrute is a fast steganography brute force tool written in Rust
# Dependencies
Stegbrute cannot run without **steghide**!, to install steghide run :
```bash
apt-get install -y steghide
```if you are not in a debian distribution you can download it from steghide [website](http://steghide.sourceforge.net/)
# Installation
stegbrute can be installed in different ways:## **Cargo**
throught [cargo](https://github.com/rust-lang/cargo) (Rust package manager)
if you don't have cargo you can install it either from apt or by downloading Rust lang
```bash
cargo install stegbrute
```
**this will work for every platform**## Debian distributions
if you have ubuntu/kali or other debian distributions you can install the .deb file you find on the [releases](https://github.com/R4yGM/stegbrute/releases) section, then unpack the file and run it
```bash
wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute_0.1.1_amd64.deb &&
dpkg --install stegbrute_0.1.1_amd64.deb
```## **Docker**
if you don't have docker installed you can follow their [guide](https://docs.docker.com/engine/install/)
first you have to pull the docker image (only **4.93 MB**) from the docker registry, you can see it [here](https://hub.docker.com/r/r4yan/stegbrute), if you don't want to pull the image you can also clone the repository and then build the image from the Dockerfile
```bash
docker pull r4yan/stegbrute:latest
```
you can also decide to pull different images by replacing 'latest' with a stegbrute version, ex.
```bash
docker pull r4yan/stegbrute:0.1.0
```
if you don't want to pull the image you can download/copy stegbrute Dockerfile that can be found [here](https://github.com/R4yGM/stegbrute/blob/main/Dockerfile) and then build the image from the Dockerfile
then if you want to launch the container you have to first create a volume to share your files to the container
```bash
docker volume create --name stegbrute_data
```
then move or copy the files you want to use for stegbrute inside the volume folder wich usually is here `/var/lib/docker/volumes/stegbrute_data/_data` by just doing
```bash
cp wordlist.txt /var/lib/docker/volumes/stegbrute_data/_data && cp file.jpg /var/lib/docker/volumes/stegbrute_data/_data
```
and now run stegbrute
```bash
docker run -v stegbrute_data:/stegbrute_data -it --rm --name stegbrute r4yan/stegbrute:latest
```
replace the `` with the options/arguments you want to give to stegbrute,
once you did everything you don't have to pull/build the image again only if there are new updates or features
**Always save your results inside the volume and not in the container because then the results will be deleted! you can save them by adding this option `-x /$VOLUME_NAME/results.txt` or `--extract-file /$VOLUME_NAME/results.txt`**
if you added this and did everything correctly at the end of every attack you'd find the results inside the folder `/var/lib/docker/volumes/stegbrute_data/_data`
**this will work for every platform**
## Executable
you can also download the already compiled programn and then execute it, example :
```bash
wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute && chmod +x stegbrute
mv stegbrute /usr/local/bin/
```# Usage
stegbrute is very simple to use and it gives you many options, you can view the program help with the -h or --help option
```bash
============================================================
____ _ ____ _
/ ___|| |_ ___ __ _| __ ) _ __ _ _| |_ ___
\___ \| __/ _ \/ _` | _ \| '__| | | | __/ _ \
___) | || __/ (_| | |_) | | | |_| | || __/
|____/ \__\___|\__, |____/|_| \__,_|\__\___|
|___/StegBrute v0.1.1 - By R4yan
https://github.com/R4yGM/StegBruteStegBrute 0.1.1
R4yan
Steganography bruteforce toolUSAGE:
stegbrute [FLAGS] [OPTIONS] --file-name --wordlistFLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose shows every try the program doesOPTIONS:
-x, --extract-file the file name path where you want to write the results [default:
stegbrute_results.txt]
-f, --file-name the file name path you want to crack
-t, --threads number of threads to bruteforce the file [default: 3]
-w, --wordlist path of the wordlist
```for example :
Options :
- `-x` or `--extract-file` with `` will save the results of the extracted data into the file_name, if no file is specified stegbrute will save your results inside ./stegbrute_results.txt file- `-t` or `--threads` with `` will launch a number of programs bruteforcing the file simultaneously, incrementing the number of threads doesn't always mean this will run more faster it all depends on how many threads your machine can handle
- `-f` or `--file_name` with `` the file name that stegbrute is going to attack, must be one of these supported formats : JPEG, BMP, WAV or AU
- `-w` or `--wordlist` with `` the file where stegbrute is going to take the passwords line by line and then start trying them to the file you want to crack, if you don't have one you can install for example [rockyou.txt](https://github.com/praetorian-inc/Hob0Rules/blob/master/wordlists/rockyou.txt.gz)
# Benchmark
stegbrute benchmark on different wordlists using 3 threads| Wordlist passwords | Time |
|---|---|
| 100 | 841.12ms |
| 1000 | 8.57s |
| 10000 | 77.79s |
| 100000 | 775.93s |