hemlock list-techniques¶

Display all available document hiding techniques with their format, stealth score, and identifier.

Synopsis¶

hemlock list-techniques

Description¶

list-techniques prints a table of every hiding technique hemlock supports. Each technique has:

Format -- the document format it applies to
Technique -- the identifier used with craft --technique
Stealth score -- a value from 0 to 100 indicating resistance to detection (higher is stealthier)

This command takes no flags.

Example Output¶

[hemlock] Available techniques:

FORMAT      TECHNIQUE              STEALTH
html        comment                    30
html        invisible-div              55
html        aria-hidden                70
html        css-hide                   75
html        microdata                  60
html        chunk-boundary             65
html        offscreen                  80
html        color-transparent          85
html        noscript                   60
docx        metadata                   60
docx        fontzero                   80
docx        whitefont                  70
docx        comment                    50
docx        custom-xml                 65
docx        metadata-distributed       70
docx        chunk-boundary             60
docx        hidden-paragraph           75
pdf         annotation                 65
pdf         invisible-text             75
pdf         javascript                 40
pdf         xmp-metadata               60
pdf         xmp-distributed            70
pdf         chunk-boundary             55
pdf         offpage                    70
txt         zero-width                 85
txt         homoglyph                  80
txt         bidi-override              70
txt         chunk-boundary             45
markdown    html-comment               35
markdown    frontmatter                55
markdown    link-title                 65
markdown    image-alt                  60
markdown    chunk-boundary             50
rtf         fontzero                   80
rtf         whitefont                  65
rtf         metadata                   50
epub        metadata                   60
epub        css-hide                   70
epub        comment                    35
epub        aria-hidden                65
epub        metadata-distributed       65
epub        toc                        55
csv         extra-column               45
csv         bom-prefix                 50
csv         formula-injection          60
json        metadata-key               55
json        unicode-escape             70
xlsx        hidden-sheet               60
xlsx        metadata                   55
xlsx        font-color                 70
xlsx        very-hidden                75
image       text-chunk                 55
image       xmp-metadata               60
image       multi-chunk                65
image       steganographic             90

Techniques by Format¶

HTML (9 techniques)¶

Technique	Stealth	Method
`comment`	30	Payload in HTML comments (`<!-- ... -->`)
`invisible-div`	55	Payload in a `div` with `display: none`
`aria-hidden`	70	Payload in an element with `aria-hidden="true"`
`css-hide`	75	Payload hidden via CSS properties (position, overflow, opacity)
`microdata`	60	Payload in schema.org microdata `meta` content attributes
`chunk-boundary`	65	Fragments distributed across DOM with filler between
`offscreen`	80	Payload positioned far offscreen with CSS transforms
`color-transparent`	85	Very small transparent text on matching background
`noscript`	60	Payload inside `<noscript>` tags

DOCX (8 techniques)¶

Technique	Stealth	Method
`metadata`	60	Payload in document metadata fields
`fontzero`	80	Payload in a run with font size set to zero
`whitefont`	70	Payload in white-colored text on a white background
`comment`	50	Payload in a DOCX comment annotation
`custom-xml`	65	Payload in a custom XML part within the DOCX archive
`metadata-distributed`	70	Payload split across 4 Dublin Core metadata fields
`chunk-boundary`	60	Fragments as white 2pt text with filler paragraphs
`hidden-paragraph`	75	Payload in `<w:vanish/>` hidden paragraph

PDF (7 techniques)¶

Technique	Stealth	Method
`annotation`	65	Payload in a PDF annotation object
`invisible-text`	75	Payload rendered with invisible text rendering mode
`javascript`	40	Payload in embedded JavaScript (low stealth, often blocked)
`xmp-metadata`	60	Payload in XMP metadata stream
`xmp-distributed`	70	Payload split across 4 XMP metadata fields
`chunk-boundary`	55	Fragments on separate pages with filler pages between
`offpage`	70	Payload at coordinates outside visible page bounds

TXT (4 techniques)¶

Technique	Stealth	Method
`zero-width`	85	Payload encoded as zero-width Unicode characters
`homoglyph`	80	Payload characters replaced with visually identical Unicode homoglyphs
`bidi-override`	70	Payload hidden using bidirectional text override characters
`chunk-boundary`	45	Payload fragments separated by ~512 chars of benign filler

Markdown (5 techniques)¶

Technique	Stealth	Method
`html-comment`	35	Payload in an HTML comment within Markdown
`frontmatter`	55	Payload in YAML front matter metadata
`link-title`	65	Payload distributed across link title attributes
`image-alt`	60	Payload distributed across image alt text
`chunk-boundary`	50	Fragments in separate heading sections

RTF (3 techniques)¶

Technique	Stealth	Method
`fontzero`	80	Payload in zero-size font run
`whitefont`	65	Payload in white text on white background
`metadata`	50	Payload in RTF document info fields

EPUB (6 techniques)¶

Technique	Stealth	Method
`metadata`	60	Payload in OPF Dublin Core metadata
`css-hide`	70	CSS-hidden span with zero font size
`comment`	35	XHTML comment in chapter body
`aria-hidden`	65	`aria-hidden="true"` span in XHTML
`metadata-distributed`	65	Payload split across 4 OPF metadata fields
`toc`	55	Payload in NCX navigation labels

CSV (3 techniques)¶

Technique	Stealth	Method
`extra-column`	45	Payload in extra `_metadata` column
`bom-prefix`	50	Payload after UTF-8 BOM
`formula-injection`	60	`CONCATENATE()` formula reassembles payload from fragments

JSON (2 techniques)¶

Technique	Stealth	Method
`metadata-key`	55	Payload in a `_metadata` key
`unicode-escape`	70	Payload in Unicode-escaped string values

XLSX (4 techniques)¶

Technique	Stealth	Method
`hidden-sheet`	60	Payload in a hidden worksheet
`metadata`	55	Payload in workbook metadata properties
`font-color`	70	White text on white cell background
`very-hidden`	75	Payload in a `veryHidden` worksheet

Image (4 techniques)¶

Technique	Stealth	Method
`text-chunk`	55	Payload in a PNG `tEXt` chunk
`xmp-metadata`	60	Payload in XMP metadata
`multi-chunk`	65	Payload split across multiple PNG ancillary chunks
`steganographic`	90	Payload encoded in LSBs of pixel data

Using Technique Identifiers¶

The values in the Technique column are the identifiers you pass to craft --technique:

# Generate documents using only the fontzero technique
hemlock craft --format docx --technique fontzero --output ./test

# Generate documents using all techniques for a format (default)
hemlock craft --format docx --technique all --output ./test

Stealth score interpretation

Range	Meaning
0--39	Easily detected by basic content inspection
40--69	Survives casual review; may be caught by targeted filters
70--84	Difficult to detect without format-specific analysis tooling
85--100	Requires specialized Unicode or binary analysis to identify