Steganography brute-force utility to uncover hidden data inside files.

Please use Stegeek, newer and quicker.


python3 -m pip install stegcracker


stegcracker <file> [<wordlist>]


StegCracker 2.1.0 - (
Copyright (c) 2021 - Luke Paris (Paradoxis)

StegCracker has been retired following the release of StegSeek, which 
will blast through the rockyou.txt wordlist within 1.9 second as opposed 
to StegCracker which takes ~5 hours.

StegSeek can be found at:

Steganography brute-force utility to uncover hidden data inside files

positional arguments:
       Input file you think contains hidden information and wish to crack. Note: Stegcracker only accepts the following file types: jpg, jpeg, bmp, wav, au

       Wordlist containing the one or more passwords (one password per line). If no password list is supplied, this will default to the rockyou.txt wordlist on Kali Linux.

optional arguments:
  -h, --help
       Show this help message and exit

  -o OUTPUT, --output OUTPUT
       Output file location, this will be the file the data will be written to on a successful cracked password. If no output location is specified, the default location will be the same filename with ".out" appended to the name.

  -t THREADS, --threads THREADS
       Number of concurrent threads used to crack passwords with, increasing this number might lead to better performance. Default: 16

  -c CHUNK_SIZE, --chunk-size CHUNK_SIZE
       Number of passwords loaded into memory per thread cycle. After each password of the chunk has been depleted a status update will be printed to the console with the attempted password. Default: 64

  -q, --quiet, --stfu
       Runs the program in "quiet mode", meaning no status updates or other output besides the cracked password will be echoed to the terminal. By default, all logging / error messages are printed to stderr (making piping to other processes easier).

  -v, --version
       Print the current version number and exit.

  -V, --verbose
       Runs the program in "verbose mode", this will print additional debugging information (include this output when submitting bug reports). Cannot be used in conjunction with the "--quiet" argument.



URL List