stegdoc 1.0.1 → 3.0.2

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 ReemX
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 ReemX
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,214 +1,214 @@
-# stegdoc
-
-> Hide files inside Office documents with AES-256 encryption and steganography
-
-[![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-
-**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within spreadsheets or documents that appear to contain normal server monitoring reports, while optionally being protected with military-grade AES-256-GCM encryption.
-
-## Features
-
-- **Steganography** - Hide data in Excel spreadsheets (hidden sheets) or Word documents
-- **AES-256-GCM Encryption** - Military-grade encryption with PBKDF2 key derivation (100k iterations)
-- **Realistic Decoy Data** - Generated server metrics that make files look like IT monitoring reports
-- **Multi-part Splitting** - Automatically split large files across multiple documents
-- **Smart Compression** - Gzip compression for compressible files, skipped for images/video/archives
-- **Integrity Verification** - SHA-256 hashing detects tampering
-- **Folder Support** - Encode entire directories (automatically zipped)
-- **Interactive Mode** - User-friendly prompts guide you through options
-
-## Installation
-
-```bash
-npm install -g stegdoc
-```
-
-Or run directly with npx:
-
-```bash
-npx stegdoc encode myfile.pdf
-```
-
-## Quick Start
-
-```bash
-# Encode a file with encryption (recommended)
-stegdoc encode secret.pdf -p mypassword
-
-# Decode it back
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mypassword
-
-# View file info without decoding
-stegdoc info server_metrics_20251215_1200_A1B2.xlsx
-
-# Verify file integrity
-stegdoc verify server_metrics_20251215_1200_A1B2.xlsx -p mypassword
-```
-
-## Commands
-
-### `encode` - Hide a file in an Office document
-
-```bash
-stegdoc encode <file> [options]
-```
-
-**Options:**
-| Option | Description | Default |
-|--------|-------------|---------|
-| `-o, --output-dir <dir>` | Output directory | Current directory |
-| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max`/`single`/`none` | `5MB` |
-| `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
-| `-p, --password <pass>` | Encryption password | None (unencrypted) |
-| `--force` | Overwrite existing files | Prompt |
-| `-q, --quiet` | Minimal output for scripting | Off |
-| `-y, --yes` | Skip interactive prompts | Off |
-
-**Examples:**
-
-```bash
-# Basic encoding (will prompt for options)
-stegdoc encode document.pdf
-
-# Encode with password and Word format
-stegdoc encode document.pdf -p mysecret -f docx
-
-# Split into exactly 3 parts
-stegdoc encode large-video.mp4 -p mysecret -s "3 parts"
-
-# No splitting (single file output)
-stegdoc encode archive.zip -p mysecret -s max
-
-# Encode a folder
-stegdoc encode ./my-folder -p mysecret
-```
-
-### `decode` - Recover the original file
-
-```bash
-stegdoc decode <file> [options]
-```
-
-**Options:**
-| Option | Description | Default |
-|--------|-------------|---------|
-| `-o, --output <path>` | Output file path | Original filename |
-| `-p, --password <pass>` | Decryption password | Prompt if needed |
-| `--force` | Overwrite existing files | Prompt |
-| `-q, --quiet` | Minimal output | Off |
-| `-y, --yes` | Skip prompts, fail if password needed | Off |
-
-**Examples:**
-
-```bash
-# Decode with password
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mysecret
-
-# Decode to specific location
-stegdoc decode report.xlsx -p mysecret -o ./recovered/original.pdf
-
-# Multi-part files are auto-detected
-stegdoc decode server_metrics_20251215_1200_A1B2_part1.xlsx -p mysecret
-```
-
-### `info` - View metadata without decoding
-
-```bash
-stegdoc info <file>
-```
-
-Displays:
-- Original filename and size
-- Encryption status
-- Compression status
-- Part information (for split files)
-- Content hash for verification
-
-### `verify` - Validate file integrity
-
-```bash
-stegdoc verify <file> [options]
-```
-
-**Options:**
-| Option | Description |
-|--------|-------------|
-| `-p, --password <pass>` | Verify password is correct |
-
-Checks:
-- Metadata integrity
-- All parts present (for multi-part files)
-- Password validity (if provided)
-
-## How It Works
-
-### Encoding Pipeline
-
-```
-Input File
-    ↓
-[Compression] → gzip (if beneficial)
-    ↓
-[Base64 Encoding]
-    ↓
-[Encryption] → AES-256-GCM (optional)
-    ↓
-[Office Wrapper] → XLSX or DOCX
-    ↓
-[Decoy Layer] → Server metrics data
-    ↓
-Output File(s)
-```
-
-### File Storage
-
-**XLSX Format:**
-- Sheet 1 ("Server Metrics"): Visible decoy data - looks like IT monitoring reports
-- Sheet 2 ("Data"): Hidden sheet containing your encrypted payload
-
-**DOCX Format:**
-- Embedded text with metadata and payload
-- Appears as a system report document
-
-### Encryption Details
-
-- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
-- **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
-- **Key Size**: 256 bits
-- **IV**: 96 bits (randomly generated)
-- **Salt**: 128 bits (randomly generated)
-- **Authentication**: 128-bit auth tag (GCM provides authenticated encryption)
-
-### Filename Generation
-
-Output files use deterministic, realistic filenames:
-```
-server_metrics_YYYYMMDD_HH00_XXXX.xlsx
-system_report_YYYYMMDD_HH00_XXXX.docx
-```
-
-The date/time and ID are derived from a hash, ensuring files from the same encoding session are related.
-
-## Use Cases
-
-- **Secure file transfer** - Send encrypted files that look like mundane reports
-- **Backup storage** - Store sensitive data in plain sight
-- **Privacy** - Keep personal files private on shared systems
-- **Data portability** - Office documents work everywhere
-
-## Backward Compatibility
-
-Files created with previous versions are fully supported. The tool automatically detects and handles legacy formats.
-
-## Requirements
-
-- Node.js 18.0.0 or higher
-
-## License
-
-MIT License - see [LICENSE](LICENSE) for details.
-
-## Contributing
-
-Contributions are welcome! Please feel free to submit a Pull Request.
+# stegdoc
+
+> Hide files inside Office documents with AES-256 encryption and steganography
+
+[![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within spreadsheets or documents that appear to contain normal server monitoring reports, while optionally being protected with military-grade AES-256-GCM encryption.
+
+## Features
+
+- **Steganography** - Hide data in Excel spreadsheets (hidden sheets) or Word documents
+- **AES-256-GCM Encryption** - Military-grade encryption with PBKDF2 key derivation (100k iterations)
+- **Realistic Decoy Data** - Generated server metrics that make files look like IT monitoring reports
+- **Multi-part Splitting** - Automatically split large files across multiple documents
+- **Smart Compression** - Gzip compression for compressible files, skipped for images/video/archives
+- **Integrity Verification** - SHA-256 hashing detects tampering
+- **Folder Support** - Encode entire directories (automatically zipped)
+- **Interactive Mode** - User-friendly prompts guide you through options
+
+## Installation
+
+```bash
+npm install -g stegdoc
+```
+
+Or run directly with npx:
+
+```bash
+npx stegdoc encode myfile.pdf
+```
+
+## Quick Start
+
+```bash
+# Encode a file with encryption (recommended)
+stegdoc encode secret.pdf -p mypassword
+
+# Decode it back
+stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+
+# View file info without decoding
+stegdoc info server_metrics_20251215_1200_A1B2.xlsx
+
+# Verify file integrity
+stegdoc verify server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+```
+
+## Commands
+
+### `encode` - Hide a file in an Office document
+
+```bash
+stegdoc encode <file> [options]
+```
+
+**Options:**
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output-dir <dir>` | Output directory | Current directory |
+| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max`/`single`/`none` | `5MB` |
+| `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
+| `-p, --password <pass>` | Encryption password | None (unencrypted) |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output for scripting | Off |
+| `-y, --yes` | Skip interactive prompts | Off |
+
+**Examples:**
+
+```bash
+# Basic encoding (will prompt for options)
+stegdoc encode document.pdf
+
+# Encode with password and Word format
+stegdoc encode document.pdf -p mysecret -f docx
+
+# Split into exactly 3 parts
+stegdoc encode large-video.mp4 -p mysecret -s "3 parts"
+
+# No splitting (single file output)
+stegdoc encode archive.zip -p mysecret -s max
+
+# Encode a folder
+stegdoc encode ./my-folder -p mysecret
+```
+
+### `decode` - Recover the original file
+
+```bash
+stegdoc decode <file> [options]
+```
+
+**Options:**
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output <path>` | Output file path | Original filename |
+| `-p, --password <pass>` | Decryption password | Prompt if needed |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output | Off |
+| `-y, --yes` | Skip prompts, fail if password needed | Off |
+
+**Examples:**
+
+```bash
+# Decode with password
+stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mysecret
+
+# Decode to specific location
+stegdoc decode report.xlsx -p mysecret -o ./recovered/original.pdf
+
+# Multi-part files are auto-detected
+stegdoc decode server_metrics_20251215_1200_A1B2_part1.xlsx -p mysecret
+```
+
+### `info` - View metadata without decoding
+
+```bash
+stegdoc info <file>
+```
+
+Displays:
+- Original filename and size
+- Encryption status
+- Compression status
+- Part information (for split files)
+- Content hash for verification
+
+### `verify` - Validate file integrity
+
+```bash
+stegdoc verify <file> [options]
+```
+
+**Options:**
+| Option | Description |
+|--------|-------------|
+| `-p, --password <pass>` | Verify password is correct |
+
+Checks:
+- Metadata integrity
+- All parts present (for multi-part files)
+- Password validity (if provided)
+
+## How It Works
+
+### Encoding Pipeline
+
+```
+Input File
+    ↓
+[Compression] → gzip (if beneficial)
+    ↓
+[Base64 Encoding]
+    ↓
+[Encryption] → AES-256-GCM (optional)
+    ↓
+[Office Wrapper] → XLSX or DOCX
+    ↓
+[Decoy Layer] → Server metrics data
+    ↓
+Output File(s)
+```
+
+### File Storage
+
+**XLSX Format:**
+- Sheet 1 ("Server Metrics"): Visible decoy data - looks like IT monitoring reports
+- Sheet 2 ("Data"): Hidden sheet containing your encrypted payload
+
+**DOCX Format:**
+- Embedded text with metadata and payload
+- Appears as a system report document
+
+### Encryption Details
+
+- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
+- **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
+- **Key Size**: 256 bits
+- **IV**: 96 bits (randomly generated)
+- **Salt**: 128 bits (randomly generated)
+- **Authentication**: 128-bit auth tag (GCM provides authenticated encryption)
+
+### Filename Generation
+
+Output files use deterministic, realistic filenames:
+```
+server_metrics_YYYYMMDD_HH00_XXXX.xlsx
+system_report_YYYYMMDD_HH00_XXXX.docx
+```
+
+The date/time and ID are derived from a hash, ensuring files from the same encoding session are related.
+
+## Use Cases
+
+- **Secure file transfer** - Send encrypted files that look like mundane reports
+- **Backup storage** - Store sensitive data in plain sight
+- **Privacy** - Keep personal files private on shared systems
+- **Data portability** - Office documents work everywhere
+
+## Backward Compatibility
+
+Files created with previous versions are fully supported. The tool automatically detects and handles legacy formats.
+
+## Requirements
+
+- Node.js 18.0.0 or higher
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.

package/package.json

@@ -1,60 +1,59 @@
-{
-  "name": "stegdoc",
-  "version": "1.0.1",
-  "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
-  "main": "src/index.js",
-  "bin": {
-    "stegdoc": "src/index.js"
-  },
-  "scripts": {
-    "start": "node src/index.js",
-    "dev": "node src/index.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "keywords": [
-    "cli",
-    "steganography",
-    "encryption",
-    "aes-256",
-    "xlsx",
-    "docx",
-    "hide",
-    "encode",
-    "decode",
-    "covert",
-    "office",
-    "spreadsheet",
-    "security"
-  ],
-  "author": "ReemX",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ReemX/stegdoc.git"
-  },
-  "bugs": {
-    "url": "https://github.com/ReemX/stegdoc/issues"
-  },
-  "homepage": "https://github.com/ReemX/stegdoc#readme",
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "files": [
-    "src",
-    "bootstrap.js",
-    "LICENSE",
-    "README.md"
-  ],
-  "packageManager": "pnpm@10.19.0",
-  "dependencies": {
-    "adm-zip": "^0.5.16",
-    "chalk": "4.1.2",
-    "commander": "^14.0.2",
-    "docx": "^9.5.1",
-    "exceljs": "^4.4.0",
-    "fast-xml-parser": "^5.3.2",
-    "file-type": "^21.1.1",
-    "inquirer": "^13.0.1",
-    "ora": "5.4.1"
-  }
-}
+{
+  "name": "stegdoc",
+  "version": "3.0.2",
+  "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
+  "main": "src/index.js",
+  "bin": {
+    "stegdoc": "./src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "node src/index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "cli",
+    "steganography",
+    "encryption",
+    "aes-256",
+    "xlsx",
+    "docx",
+    "hide",
+    "encode",
+    "decode",
+    "covert",
+    "office",
+    "spreadsheet",
+    "security"
+  ],
+  "author": "ReemX",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ReemX/stegdoc.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ReemX/stegdoc/issues"
+  },
+  "homepage": "https://github.com/ReemX/stegdoc#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "src",
+    "LICENSE",
+    "README.md"
+  ],
+  "packageManager": "pnpm@10.19.0",
+  "dependencies": {
+    "adm-zip": "^0.5.16",
+    "chalk": "^4.1.2",
+    "commander": "^14.0.2",
+    "docx": "^9.5.1",
+    "exceljs": "^4.4.0",
+    "fast-xml-parser": "^5.3.3",
+    "file-type": "^16.5.4",
+    "inquirer": "^8.2.6",
+    "ora": "^5.4.1"
+  }
+}

package/src/commands/decode.js

@@ -76,7 +76,21 @@ async function decodeCommand(inputFile, options) {
     }
 
     // Determine output path and check overwrite
-    const outputPath = options.output || path.join(process.cwd(), metadata.originalFilename);
+    let outputPath;
+    if (options.output) {
+      // Check if output is a directory - if so, append the original filename
+      if (fs.existsSync(options.output) && fs.statSync(options.output).isDirectory()) {
+        outputPath = path.join(options.output, metadata.originalFilename);
+      } else if (!path.extname(options.output) && !fs.existsSync(options.output)) {
+        // No extension and doesn't exist - treat as directory, create it
+        fs.mkdirSync(options.output, { recursive: true });
+        outputPath = path.join(options.output, metadata.originalFilename);
+      } else {
+        outputPath = options.output;
+      }
+    } else {
+      outputPath = path.join(process.cwd(), metadata.originalFilename);
+    }
 
     if (fs.existsSync(outputPath) && !options.force) {
       if (quiet || options.yes) {

package/src/index.js

@@ -10,8 +10,8 @@ const verifyCommand = require('./commands/verify');
 // CLI Configuration
 program
   .name('stegdoc')
-  .description('Hide files inside Office documents with AES-256 encryption and steganography')
-  .version('1.0.1');
+  .description('CLI tool to encode files into Office documents with AES-256 encryption')
+  .version('3.0.2');
 
 // Encode command
 program

package/src/lib/docx-handler.js

@@ -100,7 +100,7 @@ async function readDocxBase64(docxPath) {
     const metadataStart = fullText.indexOf(metadataMarker);
 
     if (metadataStart === -1) {
-      throw new Error('No metadata found in DOCX file. This may not be a whitener-encoded file.');
+      throw new Error('No metadata found in DOCX file. This may not be a stegdoc-encoded file.');
     }
 
     // Find the separator "---" which comes after the metadata

package/src/lib/metadata.js

@@ -37,7 +37,7 @@ function createMetadata({
     compressed,
     contentHash,
     encodingDate: new Date().toISOString(),
-    version: '1.0.1',
+    version: '3.0.2',
     tool: 'stegdoc',
   };
 }
@@ -79,7 +79,7 @@ function validateMetadata(metadata) {
     }
   }
 
-  if (metadata.tool !== 'stegdoc' && metadata.tool !== 'docstash' && metadata.tool !== 'whitener') {
+  if (metadata.tool !== 'stegdoc' && metadata.tool !== 'whitener') {
     throw new Error('Invalid tool identifier in metadata');
   }
 

package/src/lib/xlsx-handler.js

@@ -211,7 +211,7 @@ async function extractFromXml(xlsxPath) {
   const sheetParsed = parseXmlFromZip(xlsxPath, 'xl/worksheets/sheet2.xml');
 
   if (!sheetParsed) {
-    throw new Error('Hidden sheet not found in XLSX file. This may not be a whitener-encoded file.');
+    throw new Error('Hidden sheet not found in XLSX file. This may not be a stegdoc-encoded file.');
   }
 
   // Build cell map from worksheet > sheetData > row > c

package/bootstrap.js

@@ -1,33 +0,0 @@
-// bootstrap.js - Decode whitener DOCX
-const fs = require('fs');
-const JSZip = require('jszip');
-
-const docxPath = process.argv[2];
-if (!docxPath) {
-  console.log('Usage: node bootstrap.js <file.docx>');
-  process.exit(1);
-}
-
-JSZip.loadAsync(fs.readFileSync(docxPath)).then(zip => {
-  return zip.file('word/document.xml').async('string');
-}).then(xml => {
-  const matches = xml.match(/<w:t[^>]*>([^<]*)<\/w:t>/g) || [];
-  let text = '';
-  matches.forEach(m => {
-    let t = m.replace(/<w:t[^>]*>/, '').replace(/<\/w:t>/, '')
-      .replace(/&quot;/g, '"').replace(/&apos;/g, "'")
-      .replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&amp;/g, '&');
-    text += t;
-  });
-
-  const metaIdx = text.indexOf('WHITENER_METADATA:');
-  const sepIdx = text.indexOf('---', metaIdx);
-  const meta = JSON.parse(text.substring(metaIdx + 18, sepIdx).trim());
-  const base64 = text.substring(sepIdx + 3).trim();
-
-  fs.writeFileSync(meta.originalFilename, Buffer.from(base64, 'base64'));
-  console.log(`Decoded: ${meta.originalFilename}`);
-}).catch(err => {
-  console.error('Error:', err.message);
-  process.exit(1);
-});