Forensicssteganographybrute-forcepassword-crackingstegcrackersteghide

StegCracker

StegCracker is a steganography brute-force utility to uncover hidden data inside files. It supports specific file types like jpg, jpeg, bmp, wav, and au.

Description

StegCracker is designed to brute-force passwords for steganography tools like steghide, revealing hidden information embedded in image and audio files. It automates the process of trying multiple passwords from a wordlist against suspected steganography containers, making it useful for digital forensics and security analysis.

Common use cases include investigating suspicious media files during incident response, penetration testing steganography implementations, or recovering data from files where the password is unknown but guessable. The tool integrates with Kali Linux's rockyou.txt wordlist by default, streamlining common brute-force scenarios.

It relies on dependencies like steghide for extraction and operates with multi-threading for performance, allowing users to adjust resources based on their environment.

How It Works

StegCracker uses steghide internally to attempt password extraction on supported file types (jpg, jpeg, bmp, wav, au). It loads passwords from a provided wordlist or defaults to rockyou.txt, processing them in configurable chunks per thread cycle. Multi-threading (default 16 threads) parallelizes attempts, printing status updates unless quiet mode is enabled. On success, it writes the extracted data to an output file.

Installation

bash

sudo apt install stegcracker

Flags

-h, --helpShow this help message and exit

-o, --output OUTPUTOutput file location, this will be the file the data will be written to on a successful cracked password. If no output location is specified, the default location will be the same filename with ".out" appended to the name.

-t, --threads THREADSNumber of concurrent threads used to crack passwords with, increasing this number might lead to better performance. Default: 16

-c, --chunk-size CHUNK_SIZENumber of passwords loaded into memory per thread cycle. After each password of the chunk has been depleted a status update will be printed to the console with the attempted password. Default: 64

-q, --quiet, --stfuRuns the program in "quiet mode", meaning no status updates or other output besides the cracked password will be echoed to the terminal. By default, all logging / error messages are printed to stderr (making piping to other processes easier).

-v, --versionPrint the current version number and exit.

-V, --verboseRuns the program in "verbose mode", this will print additional debugging information (include this output when submitting bug reports). Cannot be used in conjunction with the "--quiet" argument.

Examples

Brute-forces hidden data in the input file using the default rockyou.txt wordlist.

stegcracker <file>

Brute-forces hidden data in the input file using a custom wordlist with one password per line.

stegcracker <file> <wordlist>

Brute-forces the file and writes extracted data to output.txt on success.

stegcracker <file> -o output.txt

Uses 32 threads for faster brute-forcing of the input file.

stegcracker <file> -t 32

Processes passwords in chunks of 128 per thread cycle for the input file.

stegcracker <file> -c 128

Runs in quiet mode, outputting only the cracked password if successful.

stegcracker <file> -q

Runs in verbose mode to print additional debugging information.

stegcracker <file> -V

Updated 2026-04-16kali.org ↗