The ultimate hybrid of steganography, digital forensics, and covert communications.
β‘ Quick Launch (Standalone Binaries)
StegoForge is a complex Python framework, but you shouldn't have to deal with broken environments when doing active forensics. We have compiled zero-dependency, native executables that automatically resolve their own AI and Media requirements.
Head over to the Releases Page and download the binary for your OS.
- No
pip installrequired. - No
PATHconfigurations. - Just execute it.
π Quick Start in 30 Seconds
# 1. Hide a file inside an image (AES-256-GCM encrypted, auto-method) stegoforge encode -c photo.png -p secret.pdf -k "my-pass" # 2. Retrieve the hidden file stegoforge decode -f photo_stego.png -k "my-pass" # 3. CTF one-click forensic dump on any suspicious file stegoforge ctf -f suspicious.mp3 # 4. Compare original vs stego β pixel heatmap stegoforge diff -c photo.png -s photo_stego.png # 5. Batch embed a secret into every carrier in a folder stegoforge batch -d ./carriers/ -p secret.txt -k "my-pass" # 6. Check capacity and stealth score of a carrier stegoforge capacity -c photo.png --depth 2 # 7. Simulate Twitter recompression and test payload survives stegoforge encode -c photo.png -p secret.txt -k "my-pass" --target twitter --test-survival # 8. Launch the local web UI (no data ever leaves your machine) stegoforge web # Install tab-completion (bash) eval "$(stegoforge completion bash)" # Use env var to avoid key in shell history export STEGOFORGE_KEY="my-pass" stegoforge decode -f stego.png # key read from env
π§ What is StegoForge?
The Concept in Plain English: Steganography is the art of hiding secrets in plain sight. StegoForge takes your secret message or file and mathematically weaves it into the pixels of a normal photo, the soundwaves of a song, or the frames of a video. To the rest of the world, it just looks like a regular meme or MP3 track. To you, it's an invisible vault.
StegoForge is a modular, enterprise-grade steganography toolkit engineered for the full lifecycle of covert data: from embedding payloads into images, audio, video, and active network protocols, to deploying machine-learning steganalysis to forcibly extract anomalies from suspicious carrier files.
Built for security researchers, CTF players, and digital forensics practitioners, it doesn't try to be one thing. It executes the entire forensic spectrum seamlessly.
$ stegoforge encode --carrier cover.png --payload secret.txt --key "mypassword" --method lsb
[+] Payload encrypted with AES-256-GCM
[+] Embedded 2048 bits across RGB channels (1-bit depth)
[+] Output: cover_stego.png
[+] Statistical profile: indistinguishable from baseline (chiΒ² = 0.021)
$ stegoforge ctf --file suspicious.mp3
[*] Running all detectors on suspicious.mp3 ...
[β] Chi-square LSB anomaly SKIPPED
[β] RS analysis SKIPPED
[!] Blind extractor found payload at: audio-lsb, depth=1, AES encrypted blob
[+] Extracted 412 bytes β saved to extracted_payload.bin
Feature Overview
stegoforge/
βββ Image Carriers PNG Β· JPEG Β· BMP Β· GIF Β· WebP
β βββ LSB / Adaptive LSB 1β4 bit depth + WOW-style content-aware cost ordering
β βββ DCT + JND-safe cap JPEG frequency-domain embedding + Watson-style perceptual budget
β βββ Fingerprint LSB PRNU-aware embedding mode
β βββ Alpha / Palette Transparency and indexed-color channels
β
βββ Video Carriers MP4 Β· WebM
β βββ Video DCT Keyframe embedding with block-cost ranking
β βββ Video Motion Temporal+texture masked block embedding (MP4)
β
βββ Audio Carriers WAV Β· FLAC Β· MP3 Β· OGG
β βββ Sample LSB Psychoacoustic-style cost-ordered PCM LSB
β βββ Phase coding Segment-phase encoding
β βββ Spectrogram art Visual payloads in spectrum domain
β
βββ Document Carriers TXT Β· PDF Β· DOCX Β· XLSX
β βββ Unicode whitespace Adaptive insertion-point ranking (ZWSP/ZWNJ/ZWJ)
β βββ Linguistic mode Key-aware synonym-channel text steganography
β βββ PDF streams Object/stream/metadata injection
β βββ Office XML Custom XML parts and streams
β
βββ Binary Carriers ELF Β· PE/EXE/DLL (CLI)
β βββ ELF slack/notes 2-bit masked region-cost embedding
β βββ PE slack/overlay 2-bit masked region-cost embedding
β
βββ Network Covert Channels (CLI)
β βββ TCP field channels ip_id, tcp_seq, ttl
β βββ Timing channel Inter-packet delay encoding
β
βββ Crypto + Survivability
β βββ AES-256-GCM + Argon2
β βββ Decoy mode Dual-payload plausible deniability
β βββ Wet-paper wrapping Reed-Solomon resilience wrapper
β βββ Platform profiles Social-media-aware method selection/simulation
β
βββ Interfaces
βββ CLI Hybrid-first grouped method selection + full command mode
βββ Web UI (Flask) Grouped method pills, hybrid badges, local SSE streaming
βββ CTF mode One command, all relevant detectors, ranked report
π» Developer Installation
If you wish to build StegoForge from source or utilize the Python APIs natively:
git clone https://github.com/Nour833/StegoForge.git cd StegoForge pip install -r requirements.txt pip install -r requirements-web.txt pip install -e .
Fire up the Glassmorphism Web App instantly:
stegoforge web # Automatically deploys at http://localhost:5000Note on ML Architecture: StegoForge implements true Machine Learning steganalysis. The very first time you boot the engine, it will silently interface with HuggingFace to download the ONNX CNN weights directly into your
~/.stegoforge/modelscache.
π¨ Interactive Menu (Recommended for Beginners)
Don't want to memorize terminal commands? Just run the tool on its own to access the interactive CLI!
The menu features a cinematic startup sequence, grouped method selection, and guided transitions between Encoding, Decoding, and Forensics.
Pro-Tips for Automation:
STEGOFORGE_FAST_UI=1 stegoforgeskips animations for rapid, zero-delay bootups.STEGOFORGE_UI_STAGE_DELAY=0.45 stegoforgefine-tunes the pacing of the visual display.
π» Advanced Command Line Interface
If you prefer raw terminal throughput, the CLI supports hyper-specific routing for all modules.
π₯· 1. Payload Encoding
# Basic LSB into PNG stegoforge encode -c photo.png -p message.txt -k "passphrase" # Stealth JPEG DCT with custom bit depth stegoforge encode -c photo.jpg -p secret.bin -k "key" --method dct # Spectrogram Art β Hide a visual image inside playable audio stegoforge encode -c music.wav -p logo.png --method spectrogram # Decoy mode β Generates two keys, hiding two payloads in one file for plausible deniability stegoforge encode -c photo.png -p real_secret.txt -k "realkey" \ --decoy decoy_message.txt --decoy-key "duresskey"
π 2. Payload Decoding
stegoforge decode -f photo_stego.png -k "passphrase" stegoforge decode -f music_stego.wav -k "key" --method phase
π΅οΈ 3. Blind Forensics & CTF Mode (Zero-Knowledge)
# Run the complete heuristic gauntlet natively (Highly Recommended) stegoforge ctf -f suspicious.png # Targeted ML / Statistical Detection stegoforge detect --chi2 -f image.png stegoforge detect --rs -f image.png
π°οΈ 4. Covert Protocols (Dead Drops)
# Embed a payload and securely POST it as a disguised HTTP packet stegoforge deadrop post -c cover.png -p msg.txt -k "shared_key" # Monitor a remote image URL for an incoming payload change stegoforge deadrop monitor --url "https://example.com/image.png" -k "shared_key" --interval 20
π¬ Detection Methods Overview
Click to expand full list of Forensic Capabilities
| Method | Target File | What It Automatically Detects |
|---|---|---|
| Chi-square | Images | LSB frequency distribution anomalies |
| RS Analysis | Images | Payload capacity estimation without a key |
| ML Steganalysis | Images | Learned stego likelihood from HuggingFace ONNX CNN models |
| Fingerprint | Images | PRNU inconsistency + in-browser tamper heatmaps |
| Video anomaly | MP4/WebM | Keyframe DCT-distribution anomalies |
| Audio anomaly | WAV/FLAC/MP3 | Sample bit-plane and statistical irregularities |
| PDF anomaly | Suspicious /EmbeddedFile, JS, or tail entropy |
|
| Blind extractor | Multimedia | Auto-tries common bit-patterns and AES-magic headers |
π System Architecture
Click to explore StegoForge's Module Tree
stegoforge/
βββ core/
β βββ image/ # LSB, Adaptive WOW, DCT, PRNU Fingerprinting, Palette
β βββ audio/ # PCM LSB, Phase-Coding, Spectrogram visual embedding
β βββ video/ # Keyframe block-cost, motion temporal masks
β βββ document/ # PDF Streams, Office XML, Unicode Zero-Width
β βββ network/ # Timing channels, TCP field covert channels
β βββ crypto/ # AES-256-GCM, Decoy Deniability, Argon2 KDF
β βββ binary/ # ELF / PE Slack space embedding
βββ detect/ # Statistical analysis, HuggingFace ONNX CNNs, Brute-forcing
βββ protocol/ # HTTP Dead Drops, X25519 Stego Key Exchange
βββ web/ # High-performance Flask dashboard & Server-Sent Events
π Supported Capabilities Matrix
| Carrier Format | Injection Method | Extraction Status | Forensic Blind Detection |
|---|---|---|---|
| PNG | β LSB, Alpha, Palette | β Supported | β Supported |
| JPEG | β DCT | β Supported | β Supported |
| MP4 | β Video DCT, Motion | β Supported | β Supported |
| WAV / MP3 | β Sample, Phase, Spectro | β Supported | β Supported |
| β Object/Stream | β Supported | β Supported | |
| Office XML | β XML Streams | β Supported | β Supported |
| ELF / PE | β Slack Space / Header | β Supported | β Supported |
Social survivability targets currently supported via Reed-Solomon wrapping: twitter, instagram, telegram, discord, whatsapp, signal.
βοΈ Legal Disclaimer & Contributing
Strictly Educational Disclaimer: StegoForge was engineered strictly for digital forensics research, Capture The Flag (CTF) competitions, and lawful offensive security testing. Concealing illegal content, orchestrating unauthorized data exfiltration, or attempting to evade lawful surveillance is universally illegal. The author accepts zero liability for any misuse of this technology.
Contributing:
Pull requests are heavily welcomed. Please ensure new encoding methods implement the BaseEncoder interface and contain robust PyTest coverage.
Built by Nour833. Coded for the community.
If you find StegoForge useful, educational, or just plain cool, consider leaving a β!