stegcloak
by KuroLabs
StegCloak is a JavaScript steganography tool that securely hides secrets within plain text using invisible Unicode characters, encryption, and compression.
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
Primary Use Case
This tool is ideal for covert communication, securely embedding sensitive information within seemingly innocuous text messages, social media posts, or web content. Users can protect secrets with passwords and ensure data integrity, making it suitable for privacy-conscious individuals and developers needing to embed hidden data.
- Password-protected secrets with HMAC integrity
- Cryptographically secure encryption using AES-256-CTR
- Utilizes 6 invisible Unicode characters for universal compatibility
- Maximum compression (LZ, Huffman) for reduced payload
- Completely invisible hiding using Zero Width Characters
- Fast performance, capable of hiding large data within short cover texts
- Available as an API module, CLI, and Web Interface
Installation
- Install globally using npm: `npm install -g stegcloak`
- Install locally for use in a program: `npm install stegcloak`
Usage
>_ stegcloak hideInitiates the process to hide a secret within cover text.
>_ stegcloak hide -fc <file>Extracts cover text from a specified file.
>_ stegcloak hide -fs <file>Extracts secret text from a specified file.
>_ stegcloak hide -nHides secrets without encryption.
>_ stegcloak hide -iAdds additional security to prevent tampering.
>_ stegcloak hide -o <output>Streams the results to an output file.
>_ stegcloak hide -c <file>Uses a configuration file for hiding options.
>_ stegcloak revealInitiates the process to reveal a hidden secret from a message.
>_ stegcloak reveal -f <file>Extracts a message from a file to reveal the secret.
>_ stegcloak reveal -cpCopies the message directly from the clipboard to reveal the secret.
>_ stegcloak reveal -o <output>Streams the revealed secret to an output file.
>_ stegcloak reveal -c <file>Uses a configuration file for revealing options.
- Integrate StegCloak with red team toolkits to simulate advanced data exfiltration via covert channels.
- Use StegCloak in blue team deception strategies to embed honeytokens invisibly in communications.
- Automate secret embedding and extraction in DevSecOps pipelines for secure configuration management.
- Leverage the CLI and API for rapid prototyping of covert communication channels in penetration tests.
- Combine with threat hunting tools to detect anomalous use of zero-width characters in network traffic.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about stegcloak. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
server
nextcloud/server
☁️ Nextcloud server, a safe home for all your data
gitleaks
gitleaks/gitleaks
Find secrets with Gitleaks 🔑
trufflehog
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
Ciphey
bee-san/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
sops
getsops/sops
Simple and flexible tool for managing secrets
dotenv
motdotla/dotenv
Loads environment variables from .env for nodejs projects.