Made default wordlist handling more user-friendly, sould address issue …

…#14 - If no wordlist is specified Kali Linuxes rockyou.txt will be used - If the rockyou is not found, but the gzipped version is, a message will be printed - If neither was found the program will quit with a message stating to use a custom wordlist
Paradoxis · Jul 9, 2020 · f98fab9 · f98fab9
1 parent ffdae98
commit f98fab9
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -6,9 +6,12 @@
 Steganography brute-force utility to uncover hidden data inside files.
 
 ## Usage
-Using stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path
-to a wordlist of passwords to try as it's second parameter. If this is not set it will default to the
-rockyou.txt password file which ships with Kali Linux or can be downloaded [here](https://github.com/danielmiessler/SecLists/raw/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz).
+Using stegcracker is simple, pass a file to it as it's first parameter and 
+optionally pass the path to a wordlist of passwords to try as it's second 
+parameter. If you don't specify the wordlist, the tool will try to use the 
+built-in rockyou.txt wordlist which ships with Kali Linux. If you are running a 
+different distribution, you can download the rockyou wordlist 
+[here](https://github.com/danielmiessler/SecLists/raw/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz).
 
 ```
 $ stegcracker <file> [<wordlist>]

diff --git a/stegcracker/__init__.py b/stegcracker/__init__.py
@@ -1,3 +1,3 @@
-__version__ = '2.0.8'
+__version__ = '2.0.9'
 __description__ = 'Steganography brute-force utility to uncover hidden data inside files'
 __url__ = 'https://github.com/Paradoxis/StegCracker'
diff --git a/stegcracker/__main__.py b/stegcracker/__main__.py
@@ -9,6 +9,9 @@
 from stegcracker.helpers import error, wc, handle_interrupt, DevNull, log, CustomHelpFormatter
 
 
+DEFAULT_WORDLIST_PATH = '/usr/share/wordlists/rockyou.txt'
+
+
 @handle_interrupt
 def main():
     """Main entry point of the application"""
@@ -42,7 +45,7 @@ def main():
         'Wordlist containing the one or more passwords (one password per line). '
         'If no password list is supplied, this will default to the rockyou.txt '
         'wordlist on Kali Linux.'
-    ), default='/usr/share/wordlists/rockyou.txt')
+    ), default=None)
 
     args.add_argument('-o', '--output', default=None, help=(
         'Output file location, this will be the file the data will be written '
@@ -87,6 +90,23 @@ def main():
             'steghide -y" or by downloading it from the official code '
             'repository: http://steghide.sourceforge.net/')
 
+    if args.wordlist is None:
+        if isfile(DEFAULT_WORDLIST_PATH):
+            log('No wordlist was specified, using default rockyou.txt wordlist.')
+            args.wordlist = DEFAULT_WORDLIST_PATH
+
+        elif isfile(DEFAULT_WORDLIST_PATH + '.gz'):
+            return error(
+                f'No wordlist was specified, but a gzipped variant of the '
+                f'rockyou.txt wordlist was found on your system. If you wish '
+                f'to use it, please decompress it first using the following command: '
+                f'gzip -d {DEFAULT_WORDLIST_PATH}.gz')
+
+        else:
+            return error(
+                'No wordlist was specified. '
+                'For more help, please run: stegcracker --help')
+
     if isfile(output):
         return error(f'Output file {output!r} already exists!')
 

diff --git a/tests/data/rockyou-only-gz.txt.gz b/tests/data/rockyou-only-gz.txt.gz
diff --git a/tests/stegcracker.py b/tests/stegcracker.py
@@ -10,15 +10,18 @@
 from uuid import uuid4
 
 import stegcracker
-from stegcracker import __main__ as cli, cracker, __version__
-
+from stegcracker import __main__ as cli, cracker, __version__, helpers
 
 FILE = 'tests/data/tom.jpg'
 FILE_MISSING = str(uuid4())
 FILE_INVALID = 'tests/data/tom.php'
 WORDLIST = 'tests/data/tom.txt'
 WORDLIST_GZ = 'tests/data/tom.txt.gz'
 WORDLIST_INVALID = 'tests/data/tom.invalid.txt'
+
+ROCKYOU_ONLY_GZ = 'tests/data/rockyou-only-gz.txt'
+ROCKYOU_EXISTS = 'tests/data/rockyou-without-gz.txt'
+
 PASSWORD = 'TOM'
 
 
@@ -253,3 +256,42 @@ def test_exception_handling_in_thread(self, terminate, popen):
 
         finally:
             shutil.rmtree(directory, ignore_errors=True)
+
+    @patch.object(helpers, 'check_output')
+    def test_print_diagnostic_info_subprocess_error(self, check_output):
+        """Subprocess errors in print diagnostic info should return 'unknown' strings"""
+
+        check_output.side_effect = helpers.SubprocessError
+
+        output = StringIO()
+
+        with redirect_stderr(output):
+            helpers.print_diagnostic_info()
+
+        output.seek(0)
+
+        self.assertIn('unknown', output.read(), msg=(
+            'Expected "unknown" to be in the error output.'))
+
+    def test_uses_rockyou_by_default(self):
+        with patch.object(cli, 'DEFAULT_WORDLIST_PATH', new=FILE_MISSING):
+            stdout, stderr, code = self.call(FILE)
+            self.assertNotEqual(code, 0, msg='Wordlist should not exist on the system')
+
+        with patch.object(cli, 'DEFAULT_WORDLIST_PATH', new=ROCKYOU_ONLY_GZ):
+            stdout, stderr, code = self.call(FILE)
+            self.assertNotEqual(code, 0, msg='Wordlist should exist on the system, but gzipped')
+
+        # Should be successful
+        directory = mkdtemp(prefix='stegcracker_')
+        file = directory + '/' + str(uuid4()) + '.txt'
+
+        try:
+            with patch.object(cli, 'DEFAULT_WORDLIST_PATH', new=WORDLIST):
+                stdout, stderr, code = self.call(FILE, '--output', file)
+                self.assertEqual(code, 0, msg='Wordlist should exist on the system (and use the default)')
+
+            self.assertTrue(os.path.isfile(file))
+
+        finally:
+            shutil.rmtree(directory, ignore_errors=True)