Last modified: 2023-07-06


Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection.

Basic Analysis

open example.jpg
file example.jpg

strings example.jpg
# Display the first N lines (default: 10 lines)
strings example.jpg | head
strings example.jpg | head -n 50
# Display the last N lines (default: 10 lines)
strings example.jpg | tail
strings example.jpg | tail -n 50

xxd example.jpg
xxd example.jpg | head

Extract the Data inside the Image File

# -e: extract data inside image
binwalk -e example.jpg

outguess-extract example.ppm out.ppm

Read Meta Information

exiftool example.jpg

If you get the GPS Latitude/Longitude, you can get the location by searching on Google Map e.g. GPS Latitude: 54 deg 17' 41.27" N, GPS Longitude: 2 deg 15' 1.33" W Input "54 17' 41.27" N 2 15' 1.33" W" in the search form on Google Map.

Get Hidden Data

# JPG only
steghide info sample.jpg
steghide extract -sf sample.jpg

# PNG & BMP only -
zsteg -a sample.png

sudo apt install poppler-utils
pdfinfo sample.pdf

# QR code scan
zbarimg QR.png
  • Crack Steg Passphrases

    Use Stegseek.

    # Crack using wordlists
    stegseek --crack sample.jpg /usr/share/wordlists/rockyou.txt
    # Crack by attempting all embedding patterns
    stegseek --seed sample.jpg
  • Crack PDF password

    # 1. Convert
    pdf2john example.pdf > hash.txt
    # or
    /usr/share/john/ example.pdf > hash.txt
    # 2. Crack
    john --format=pdf --wordlist=wordlist.txt hash.txt

GUI Analyzer

stegsolve is an image analysis tool on GUI.

java -jar stegsolve.jar

Embed Hidden Data


exiftool -Key="value" sample.jpg


steghide embed -ef sample.jpg


[Outguess](A steganography tool for JPG, PPM and PNM.) is a steganography tool for JPG, PPM and PNM.

outguess -k "passphrase" -d hidden.txt example.jpg out.jpg


Search the image information using search engines.


npiet is an interpreter for the piet programming language.
It takes as input a portable pixmap (PPM) and PNG, GIF.

  1. Download and Compile

    First of all, download the npiet and extract it.

    tar -xf npiet-1.3f.tar.gz

    Then compile the "npiet.c".

    cd npiet-1.3f
    gcc npiet.c -o npiet
  2. Decode

    After compiling, decode the image files

    ./npiet example.png
    ./npiet example.ppm
    ./npiet example.gif