stegseek v0.6 releases: lightning fast steghide cracker

Stegseek

Stegseek is a lightning-fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds.

Stegseek can also be used to extract steghide metadata without a password, which can be used to test whether a file contains steghide data.

* rockyou.txt is a well-known password list with over 14 million passwords.

Performance

This is where Stegseek really shines. As promised, let’s start with the “rockyou.txt in just 2 seconds” claim.
All of these numbers are measured on a laptop with an Intel i7-7700HQ CPU @ 2.80GHz and 8 GB of RAM.

RockYou.txt

I picked the last password in rockyou.txt without control characters: “␣␣␣␣␣␣␣1” (7 spaces followed by ‘1’).
This password is on line 14344383 out of 14344391

time stegseek 7spaces1.jpg rockyou.txt 
Stegseek version 0.4
[i] Read the entire wordlist (14344391 words), starting cracker
[ 14231679 / 14344391 ]  (99,21%)                 
[i] --> Found passphrase: "       1"

[i] Original filename: "secret.txt"
[i] Extracting to "7spaces1.jpg.out"

real	0m1,912s
user	0m10,355s
sys	0m0,144s

And there it is, over 14 million passwords in less than 2 seconds 😍.

How does this compare to other tools?

To test the performance of other tools, I created several stego files with different passwords, taken from rockyou.txt. I ran each of the tools with their default settings, except Stegbrute where I increased threading for a fair comparison.

[p] = projected time based on previous results.

To compare the speed of each tool, let’s look at the last row of the table (otherwise Stegseek finishes before all threads have started).

At this scale, Stegseek is over 10 000 times faster than Stegcracker and over 6000 times faster than Stegbrute.

Changelog v0.6

• Fixed BMP cracking for files with a large palette ( #5 ).
• Added a --continue flag to search for multiple hidden files ( #3 ).
• Added an --accessible flag to make the CLI more screen reader friendly
• Made the CLI more consistent, added colors.
• --crack and --seed now throw proper exit codes for easier scripting.
• Lower performance overhead for metrics.
• fixed compiler flags for default build.

Download & Use

Copyright (C) 2020 RickdeJager