This script automates the process of extracting hidden data from files using steghide. During my Introduction to Digital Forensics course by Security Blue Team, I found it tedious to run steghide commands manually for each file and password. To save time, I created this Bash script to streamline the process.
I developed extract_flags.sh specifically for the Stenography Activity in the course that required me to try 3 different passwords on 7 files to find the flags.
Then I realised I would have a more enhanced version so I could use it whenever I felt it would save me more time so I developed extract_steghide.sh; which allows users to:
- Specify the directory containing the files to analyze.
- Use custom password lists or fallback to default ones.
- Displays the content of extracted files.
- Batch processing of files in a directory.
- Multiple passwords are tried for each file.
- Logs the success or failure of extraction attempts.
- Displays the content of extracted files automatically.
Ensure steghide is installed on your system:
sudo apt install steghidegit clone https://github.com/N-r0bin/steghide-extractor.git
cd steghide-extractor-mainchmod +x extract_steghide.sh
- To process files in the current directory with default passwords:
./extract_steghide.sh .- To specify a directory and custom passwords:
./extract_steghide.sh /path/to/directory "password1,password2,password3"Example:
./extract_steghide.sh ~/Downloads "password123,letmein,opensesame"- If no directory is specified, the script will process the current directory (.).
- If no passwords are specified, it will use the default list: christmastree, darksky123, goldenwatch.
- I utilized extract_flags.sh in the Steganography Activity:
- I utilized extract_steghide.sh in the Capstone of the Introduction to Digital Forensics course by the Security Blue Team:
