Written in Go, Wholeaked is a tool for file-sharing that enables you to track down the individual responsible in the event of a leak.
How?
Wholeaked is a tool that receives a file and a list of recipients to share it with. It then generates a distinct signature for each recipient and covertly embeds it into the file. The tool can use integrations like Sendgrid, AWS SES or SMTP to automatically send the files to their respective recipients. Alternatively, the files can be manually shared instead of being sent via email.
Wholeaked is compatible with all types of files, but it offers extra functionalities for popular file formats such as PDF, DOCX, MOV, and more.
Sharing Process
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
+-----------+
|Top Secret |
|.pdf |
| |
-| |
/ | |
/ |Hidden |
a@gov / |signature1 |
/ +-----------+
/ +-----------+
+-----------++-----------+ / |Top Secret |
|Top Secret ||Recipient | / |.pdf |
|.pdf ||List | +---------+ / | |
| || | |utkusen/ | / b@gov | |
| ||a@gov |----->|wholeaked| /----------+ |
| ||b@gov | | | \ |Hidden |
| ||c@gov | +---------+ \ |signature2 |
| || | \ +-----------+
+-----------++-----------+ \ +-----------+
\ |Top Secret |
\ |.pdf |
c@gov \ | |
\ | |
\ | |
\ |Hidden |
-|signature3 |
+-----------+
Validation Part
If you want to identify the person who leaked the document, simply submit the leaked file to wholeaked. The platform will compare the signatures in its database and disclose the responsible individual.
1
2
3
4
5
6
7
8
9
+-----------+ +---------+
|Top Secret | |Signature|
|.pdf | +---------+|Database |
| | |utkusen/ || | Document leaked by
| |->|wholeaked|| |--------+
| | | || | b@gov
|Hidden | +---------+| |
|Signature2 | | |
+-----------+ +---------+
Demo
File Types and Detection Modes
Wholeaked has the ability to add a distinctive signature to various sections of a file. The following detection modes are currently available:
File Hash:
SHA256 hash of the file. All file types are supported.
Binary:
The signature is directly added to the binary. Almost all file types are supported.
Metadata:
The signature is added to a metadata section of a file. Supported file types: PDF, DOCX, XLSX, PPTX, MOV, JPG, PNG, GIF, EPS, AI, PSD
Watermark:
An invisible signature is inserted into the text. Only PDF files are supported.
Installation
From Binary
One way to run the program is to download the pre-built binaries from the releases page, like this:
1
unzip wholeaked\_0.1.0\_macOS\_amd64.zip
1
./wholeaked --help
From Source
- Install Go on your system
- Run:
1
go install github.com/utkusen/wholeaked@latest
Installing Dependencies
To utilize the signature addition feature in the metadata section of files, wholeaked necessitates exiftool. However, if you prefer not to utilize this feature, there is no need to install exiftool.
- Debian-based Linux: Run apt install exiftool
- macOS: Run brew install exiftool
- Windows: Download exiftool from here https://exiftool.org/ and put the exiftool.exe in the same directory with wholeaked.
To verify watermarks inside PDF files, Wholeaked relies on pdftotext. However, if you do not intend to use this feature, there is no need to install it.
- Download “Xpdf command line tools” for Linux, macOS or Windows from here: https://www.xpdfreader.com/download.html
- Extract the archive and navigate to bin64 folder.
- Copy the pdftotext (or pdftotext.exe) executable to the same folder with wholeaked
- For Debian Based Linux: Run apt install libfontconfig command.
Usage
Basic Usage
To use Wholeaked, you need to specify a project name (-n), the path to the base file to which the signatures will be added (-f), and a list of intended recipients (-t).
Example command: ./wholeaked -n test_project -f secret.pdf -t targets.txt
The format for the content of the targets.txt file should include both the name and email address in the following manner:
1
2
Utku Sen,utku@utkusen.com
Bill Gates,bill@microsoft.com
After execution is completed, the following unique files will be generated:
1
2
test_project/files/Utku_Sen/secret.pdf
test_project/files/Bill_Gates/secret.pdf
The “File Types and Detection Modes” section in wholeaked defines all the available places where signatures are added by default. In case you wish to exclude a particular method, you can define it using a false flag. For instance:
1
./wholeaked -n test_project -f secret.pdf -t targets.txt -binary=false -metadata=false -watermark=false
Sending E-mails
To be able to send emails, you must complete certain sections within the CONFIG file.
If you want to send e-mails via Sendgrid, type your API key to the SENDGRID_API_KEY section.
If you want to send e-mails via AWS SES integration, you need to install awscli on your machine and add the required AWS key to it. wholeaked will read the key by itself. But you need to fill the AWS_REGION section in the config file.
If you want to send e-mails via a SMTP server, fill the SMTP_SERVER, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD sections.
The other necessary fields to fill:
- EMAIL_TEMPLATE_PATH Path of the e-mail’s body. You can specify use HTML or text format.
- EMAIL_CONTENT_TYPE Can be html or text
- EMAIL_SUBJECT Subject of the e-mail
- FROM_NAME From name of the e-mail
- FROM_EMAIL From e-mail of the e-mail
To specify the sending method, you can use -sendgrid, -ses or -smtp flags. For example:
1
./wholeaked -n test_project -f secret.pdf -t targets.txt -sendgrid
Validating a Leaked File
The -validate flag can be utilized to uncover the possessor of a leaked file. By comparing the signatures identified in the file with the database situated in the project folder, wholeaked will execute this task. Here is an example:
1
./wholeaked -n test_project -f secret.pdf -validate
Important:
To utilize the file validation feature, it’s essential to avoid deleting the project_folder/db.csv file. If this file is removed, wholeaked won’t be able to compare the signatures.
⚠ ONLY USE FOR EDUCATIONAL PURPOSES ⚠