I've been messing around with Steganography lately, and was looking into which software in Kali that could be of use to my little project. The obvious one is 'steghide', which seems to be the preferred tool for embedding secret stuff into pictures, and that one works just fine.
But what if you want to check, if a picture actually has hidden stuff in it? That's where stegdetect could come in handy. Only problem (for me at least) was that its a pain to install in Kali Linux, basically it comes up with some errors relating to automake, and even after a reinstall of automake it was still causing trouble.
cd . && /root/stegdetect/missing aclocal-1.4 WARNING: `aclocal-1.4' is needed, and you do not seem to have it handy on your system. You might have modified some files without having the proper tools for further handling them. Check the `README' file, it often tells you about the needed prerequirements for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing `aclocal-1.4' program. Makefile:183: recipe for target 'aclocal.m4' failed make: *** [aclocal.m4] Error 1
So after struggling for an hour or so, I decided to just install stegdetect via one of the archived Debian packages, and it seems to work just fine. The stegdetect package have not been updated for the past three years, so I guess it wont make a difference.
wget http://archive.debian.net/etch/i386/stegdetect/download dpkg -i stegdetect_0.6-3_amd.deb
It is worth taking into consideration, that stegdetect does return false negatives, so it can't really be trusted, but can certainly be used for a quick check before you proceed with other tools.
Other tools for steganography:
- steghide (tool for embedding / extracting hidden information from JPEG)
- stegbreak (for bruteforcing)
- stegcompare (checking filesize difference between an original and the modified JPEG)
- OutGuess (another tool for embedding / extracting hidden information)