stegseek v0.5 releases: lightning fast steghide cracker
Stegseek
Stegseek is a lightning-fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds.
Stegseek can also be used to extract steghide metadata without a password, which can be used to test whether a file contains steghide data.
* rockyou.txt is a well-known password list with over 14 million passwords.
Performance
This is where Stegseek really shines. As promised, let’s start with the “rockyou.txt in just 2 seconds” claim.
All of these numbers are measured on a laptop with an Intel i7-7700HQ CPU @ 2.80GHz and 8 GB of RAM.
RockYou.txt
I picked the last password in rockyou.txt without control characters: “␣␣␣␣␣␣␣1” (7 spaces followed by ‘1’).
This password is on line 14344383 out of 14344391
And there it is, over 14 million passwords in less than 2 seconds 😍.
How does this compare to other tools?
To test the performance of other tools, I created several stego files with different passwords, taken from rockyou.txt. I ran each of the tools with their default settings, except Stegbrute where I increased threading for a fair comparison.
| password | Line | Stegseek v0.4 | Stegcracker 2.0.9 | Stegbrute v0.1.1 (-t 8) |
|---|---|---|---|---|
| “cassandra” | 1 000 | 0.9s | 3.1s | 0.7s |
| “kupal” | 10 000 | 0.9s | 14.4s | 7.1s |
| “sagar” | 100 000 | 0.9s | 2m23.0s | 1m21.9s |
| “budakid1” | 1 000 000 | 0.9s | [p] 23m50.0s | 13m45.7s |
| “␣␣␣␣␣␣␣1” | 14 344 383 | 1.9s | [p] 5h41m52.5s | [p] 3h17m38.0s |
[p] = projected time based on previous results.
To compare the speed of each tool, let’s look at the last row of the table (otherwise Stegseek finishes before all threads have started).
At this scale, Stegseek is over 10 000 times faster than Stegcracker and over 6000 times faster than Stegbrute.
Changelog v0.5
- Better memory management. Large (15GB) wordlists are now feasible
- Scales better with a large amount of threads (16+).
- Added some default guesses (empty password, filename as password, .. ) that will likely not be on any wordlist
- Fixed high false positive rate in seed cracking mode
- Fixed
-toption missing in seed cracking mode - Changed build process to
cmake
Download & Use
Copyright (C) 2020 RickdeJager
