https://github.com/n-r0bin/steghide-extractor

This script automates the process of extracting hidden data from files using 'steghide,' streamlining digital forensic investigations."
https://github.com/n-r0bin/steghide-extractor

bash-script digital-forensics security-blue-team steganography steghide

Last synced: about 2 months ago
JSON representation

This script automates the process of extracting hidden data from files using 'steghide,' streamlining digital forensic investigations."

• Host: GitHub
• URL: https://github.com/n-r0bin/steghide-extractor
• Owner: N-r0bin
• License: mit
• Created: 2024-12-11T00:22:08.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2025-01-16T14:27:33.000Z (4 months ago)
• Last Synced: 2025-01-16T15:53:40.631Z (4 months ago)
• Topics: bash-script, digital-forensics, security-blue-team, steganography, steghide
• Language: Shell
• Homepage:
• Size: 9.77 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# steghide-extractor

## Overview

This script automates the process of extracting hidden data from files using `steghide`. During my Introduction to Digital Forensics course by Security Blue Team, I found it tedious to run `steghide` commands manually for each file and password. To save time, I created this Bash script to streamline the process.

I developed `extract_flags.sh` specifically for the Stenography Activity in the course that required me to try 3 different passwords on 7 files to find the flags.

Then I realised I would have a more enhanced version so I could use it whenever I felt it would save me more time so I developed `extract_steghide.sh`; which allows users to:

- Specify the directory containing the files to analyze.

- Use custom password lists or fallback to default ones.

- Displays the content of extracted files.

## Features

1. Batch processing of files in a directory.

2. Multiple passwords are tried for each file.

3. Logs the success or failure of extraction attempts.

4. Displays the content of extracted files automatically.

## Usage

### Prerequisites

Ensure `steghide` is installed on your system:

```bash

sudo apt install steghide

```

## License

This project is licensed under the MIT License

## Running the Script:

#### 1. Clone the repository:

```bash

git clone https://github.com/N-r0bin/steghide-extractor.git

cd steghide-extractor-main

```

#### 2. Make the script executable:

```bash

chmod +x extract_steghide.sh

```

#### 3. Execute the script:

- To process files in the current directory with default passwords:

 ```bash

./extract_steghide.sh .

```

- To specify a directory and custom passwords:

 ```bash

./extract_steghide.sh /path/to/directory "password1,password2,password3"

```

Example: 

```bash

./extract_steghide.sh ~/Downloads "password123,letmein,opensesame"

```

### Notes:

- If no directory is specified, the script will process the current directory (.).

- If no passwords are specified, it will use the default list: christmastree, darksky123, goldenwatch.

### Screenshots of how I utilized the bash scripts while investigating:

1. I utilized extract_flags.sh in the Steganography Activity:

![1st ectraction](https://github.com/user-attachments/assets/07bb32d9-035f-404b-b3dc-e99d62347abd)

![2nd extraction](https://github.com/user-attachments/assets/d7a5ca7f-a028-4321-b085-115540ba2ff2)

![3rdextraction](https://github.com/user-attachments/assets/d877bfc8-4dae-41c8-acbe-698bcafae1e3)

2. I utilized extract_steghide.sh in the Capstone of the Introduction to Digital Forensics course by the Security Blue Team:

![capstone-extract-result](https://github.com/user-attachments/assets/ab6ea8c5-38e7-4880-a850-10a13bcf5588)