Wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It’s written in Go.
wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it can automatically send files to the corresponding recipients by using Sendgrid, AWS SES or SMTP integrations. Instead of sending them by e-mail, you can also share them manually.
wholeaked works with every file type. However, it has additional features for common file types such as PDF, DOCX, MOV etc.
+———–++———–+ / |Top Secret |
|Top Secret ||Recipient | / |.pdf |
|.pdf ||List | +———+ / | |
| || | |utkusen/ | / b@gov | |
| ||a@gov |—–>|wholeaked| /———-+ |
| ||b@gov | | | \ |Hidden |
| ||c@gov | +———+ \ |signature2 |
| || | \ +———–+
+———–++———–+ \ +———–+
\ |Top Secret |
\ |.pdf |
c@gov \ | |
\ | |
\ | |
\ |Hidden |
-|signature3 |
+———–+
To find who leaked the document, you just need to provide the leaked file to wholeaked, and it will reveal the responsible person by comparing the signatures in the database.
+———–+ +———+
|Top Secret | |Signature|
|.pdf | +———+|Database |
| | |utkusen/ || | Document leaked by
| |->|wholeaked|| |——–+
| | | || | b@gov
|Hidden | +———+| |
|Signature2 | | |
+———–+ +———+
wholeaked can add the unique signature to different sections of a file. Available detection modes are given below:
File Hash: SHA256 hash of the file. All file types are supported.
Binary: The signature is directly added to the binary. Almost all file types are supported.
Metadata: The signature is added to a metadata section of a file. Supported file types: PDF, DOCX, XLSX, PPTX, MOV, JPG, PNG, GIF, EPS, AI, PSD
Watermark: An invisible signature is inserted into the text. Only PDF files are supported.
You can download the pre-built binaries from the releases page and run. For example:
unzip wholeaked_0.1.0_macOS_amd64.zip
./wholeaked --help
go install github.com/utkusen/wholeaked@latest
wholeaked requires exiftool
for adding signatures to metadata section of files. If you don’t want to use this feature, you don’t need to install it.
apt install exiftool
brew install exiftool
exiftool.exe
in the same directory with wholeaked.wholeaked requires pdftotext
for verifying watermarks inside PDF files. If you don’t want to use this feature, you don’t need to install it.
bin64
folder.pdftotext
(or pdftotext.exe
) executable to the same folder with wholeakedapt install libfontconfig
command.wholeaked requires a project name -n
, the path of the base file which the signatures will add -f
and a list of target recipients -t
Example command: ./wholeaked -n test_project -f secret.pdf -t targets.txt
The targets.txt
file should contain name and the e-mail address in the following format:
Utku Sen,utku@utkusen.com
Bill Gates,bill@microsoft.com
After execution is completed, the following unique files will be generated:
test_project/files/Utku_Sen/secret.pdf
test_project/files/Bill_Gates/secret.pdf
By default, wholeaked adds signatures to all available places that are defined in the “File Types and Detection Modes” section. If you don’t want to use a method, you can define it with a false
flag. For example:
./wholeaked -n test_project -f secret.pdf -t targets.txt -binary=false -metadata=false -watermark=false
In order to send e-mails, you need to fill some sections in the CONFIG
file.
SENDGRID_API_KEY
section.awscli
on your machine and add the required AWS key to it. wholeaked will read the key by itself. But you need to fill the AWS_REGION
section in the config file.SMTP_SERVER
, SMTP_PORT
, SMTP_USERNAME
, SMTP_PASSWORD
sections.The other necessary fields to fill:
EMAIL_TEMPLATE_PATH
Path of the e-mail’s body. You can specify use HTML or text format.EMAIL_CONTENT_TYPE
Can be html
or text
EMAIL_SUBJECT
Subject of the e-mailFROM_NAME
From name of the e-mailFROM_EMAIL
From e-mail of the e-mailTo specify the sending method, you can use -sendgrid
, -ses
or -smtp
flags. For example:
./wholeaked -n test_project -f secret.pdf -t targets.txt -sendgrid
You can use the -validate
flag to reveal the owner of a leaked file. wholeaked will compare the signatures detected in the file and the database located in the project folder. Example:
./wholeaked -n test_project -f secret.pdf -validate
Important: You shouldn’t delete the project_folder/db.csv
file if you want to use the file validation feature. If that file is deleted, wholeaked won’t be able to compare the signatures.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…