stegseek

stegseek is the fastest known steghide passphrase cracker — it runs the whole of rockyou.txt in a couple of seconds (benchmarked thousands of times faster than StegCracker or Stegbrute). It is the modern replacement for the older cracking tools you will still see in writeups.

A companion tool, not an Aperi'Solve analyzer

Aperi'Solve runs steghide with the single password you provide. When you have no candidate password, crack it locally with stegseek, then re-run the extraction.

Cracking a passphrase

$ stegseek file.jpg /usr/share/wordlists/rockyou.txt

On a hit, stegseek prints the passphrase and writes the embedded file to file.jpg.out. Point -wl at a bigger list (crackstation, custom) if rockyou fails.

Seed mode (detect without a password)

steghide can be used with encryption disabled; stegseek's seed mode detects and extracts such payloads without any wordlist:

$ stegseek --seed file.jpg

Guess before you brute-force

The passphrase is frequently sitting in plain sight — the filename, the challenge title, the image subject, or a value in strings / exiftool output. Try those first, and confirm data is even present with steghide info file.jpg.

Installing locally

$ # Debian/Ubuntu: grab the .deb from the releases page
$ wget https://github.com/RickdeJager/stegseek/releases/latest/download/stegseek.deb
$ sudo apt install ./stegseek.deb

Limitations

  • Cracks steghide only (JPEG/BMP/WAV/AU). For other schemes use their own extractors — see Images and Audio.
  • A password outside your wordlist will not be found; escalate to a larger list or generate a targeted one (CeWL from the challenge site, crunch).

Common CTF patterns

  • JPEG with a payload and no obvious password → stegseek file.jpg rockyou.txt.
  • steghide with encryption disabled → stegseek --seed.
  • The tool is so fast it is worth running speculatively on any JPEG/WAV before assuming it is clean.