`katana.units.stego.steghide` — Run steghide¶

Extract hidden data with steghide

This unit will extract hidden data file using the steghide command-line utility. First the unit will try with an empty password, and then it will try with the user-supplied password argument. Finally, it will bruteforce with a upplied dictionary file. The syntax runs as:

steghide extract -sf <target_path> -p <password> -xf <steghide_directory>

The unit inherits from katana.unit.FileUnit to ensure the target is a JPG file.

Note

steghide only works on JPG files!

class katana.units.stego.steghide.Unit(*args, **kwargs)

Bases: katana.unit.FileUnit

DEPENDENCIES = ['steghide']: Required depenencies for this unit “steghide”

GROUPS = ['stego', 'image']: These are “tags” for a unit. Considering it is a Stego unit, “stego” is included, as well as the tag “image”.

PRIORITY = 20: Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a high priority for matching files

enumerate(): This function will first yield an empty password, then the supplied password argument, then loop through each line of a provided dictionary file. The password will then be used by the evaluate function to try and open the encrypted PDF.

evaluate(password)

Evaluate the target. Extract any info with steghide and recurse on any new found files.

Parameters:	password – A case returned by `enumerate`. For this unit, `password` will first be an empty password, then the password supplied as an argument, then the contents of a provided dictionary file.
Returns:	None. This function should not return any data.

katana.units.stego.steghide — Run steghide¶

`katana.units.stego.steghide` — Run steghide¶