🌆Image Steganography

This page is highly inspired by StegOnline.

File

Just to be sure what file you are facing with, check its type with type file.

Strings

View all strings in the file with strings -n 7 -t x file.png. We use -n 7 for strings of length 7+, and -t x to view- their position in the file. Alternatively, you can view strings on this site once an image has been uploaded.

Exif

Check all image metadata with exiftool file.png.

Binwalk

We use binwalk to check image's for hidden embedded files. My preferred syntax is binwalk -Me file.png. -Me is used to recursively extract any files.

pngcheck

We can use pngcheck to look for optional/correct broken chunks. This is vital if the image appears corrupt.

Run pngcheck -vtp7f file.png to view all info. v is for verbose, t and 7 display tEXt chunks, p displays contents of some other optional chunks and f forces continuation after major errors are encountered.

Found a password? (Or not)

If you've found a password, the goto application to check should be steghide. Bear in mind that steghide can be used without a password, too.

You can extract data by running steghide extract -sf file.png.

If not you can use stegcracker to brute force the steghide password by running stegcracker file.png [<wordlist>].

Aperi'Solve

Aperi'Solve is an online platform which performs layer analysis on image. The platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis. The platform supports the following images format: .png, .jpg, .gif, .bmp, .jpeg, .jfif, .jpe, .tiff...

PreviousCrontab NextUseful Commands

Last updated 6 months ago