All-in-One Steganography Analysis & Extraction Tool
Project description
๐ Steg Analyzer
All-in-One Steganography Analysis & Extraction Tool
Steg Analyzer is a comprehensive steganography toolkit for CTF challenges, digital forensics, and security research. It bundles every major analysis technique into a single, clean CLI.
โจ Features
| Module | What it does |
|---|---|
| Metadata | Full EXIF / JPEG marker extraction via Pillow + exiftool |
| LSB Analysis | Brute-forces all channel ร bit ร order combinations |
| ELA | Error Level Analysis โ reveals hidden manipulated regions |
| Chi-Square | Statistical test for LSB embedding probability |
| DCT / JSteg | JPEG DCT coefficient LSB extraction (JSteg-compatible) |
| Bit Planes | Generates 24 bit-plane visualisation images |
| Strings | Extracts printable ASCII + CTF flag patterns |
| Structure | Finds appended files, embedded signatures, base64 blobs |
| Visual | FFT spectrum, channel XOR/diff, colour channel separation |
| Extract | LSB, Steghide, DCT extraction with one command |
| Crack | Multi-threaded steghide brute-force + stegseek support |
๐ฆ Installation
From PyPI (recommended)
pip install steg-analyzer
# With all optional extras (OpenCV, JPEG DCT support, etc.)
pip install "steg-analyzer[full]"
From source
git clone https://github.com/your-org/steg-analyzer.git
cd steg_analyzer
pip install -e ".[full]"
System dependencies (optional but useful)
# Debian / Ubuntu
sudo apt install steghide stegseek exiftool zbar-tools
# macOS
brew install steghide exiftool zbar
๐ Quick Start
# Full analysis โ runs ALL modules
steg-analyzer analyze suspicious.jpg --all
# Targeted analysis
steg-analyzer analyze image.png --lsb --ela --metadata
# Extract hidden data
steg-analyzer extract image.png --method lsb --channel rgb --bit 0 --output secret.bin
steg-analyzer extract image.jpg --method steghide --password "mypass" --output data.bin
# Crack steghide password
steg-analyzer crack image.jpg --wordlist rockyou.txt --threads 8
# Generate all visual analysis images
steg-analyzer visual image.png --all --output ./visuals/
# Save report as JSON or HTML
steg-analyzer analyze image.jpg --all --format json --output ./report/
steg-analyzer analyze image.jpg --all --format html --output ./report/
๐ Command Reference
steg-analyzer analyze
steg-analyzer analyze <image> [options]
Options:
--all, -a Run every analysis module
--metadata EXIF and file metadata
--lsb LSB bit-plane analysis
--ela Error Level Analysis
--histogram Chi-square steganography test
--strings Printable string extraction
--dct JPEG DCT coefficient analysis
--bitplanes Save all 24 bit-plane images
--structure File structure (appended data, embedded files)
--output, -o DIR Output directory (default: ./steg_analyzer_output)
--format FMT Output format: text | json | html (default: text)
steg-analyzer extract
steg-analyzer extract <image> [options]
Options:
--method, -m lsb | steghide | dct | all (default: lsb)
--channel, -c r | g | b | a | rgb | all (default: rgb)
--bit, -b Bit plane 0-7 (default: 0=LSB)
--password, -p Passphrase for steghide
--output, -o FILE Output file (default: extracted.bin)
steg-analyzer crack
steg-analyzer crack <image> --wordlist <wordlist> [options]
Options:
--wordlist, -w FILE Path to password list (required)
--method steghide | stegseek (default: steghide)
--threads, -t N Worker threads (default: 4)
--output, -o FILE Save extracted data on success
steg-analyzer visual
steg-analyzer visual <image> [options]
Options:
--all, -a Generate every visual output type
--bitplanes 24 bit-plane PNGs (R/G/B ร bits 0-7)
--channels RGB channel separation images
--ela Error Level Analysis image
--fft FFT magnitude spectrum
--diff Channel difference & XOR images
--output, -o DIR Output directory (default: ./steg_analyzer_visual)
๐ Python API
Steg Analyzer can also be used as a library:
from pathlib import Path
from steg_analyzer.analyzer import StegAnalyzer
from steg_analyzer.modules import metadata, lsb_analysis, ela, structure_analysis
analyzer = StegAnalyzer(Path("suspicious.jpg"))
# Run specific modules
meta = metadata.run(analyzer)
lsb = lsb_analysis.run(analyzer)
struct = structure_analysis.run(analyzer)
# Check for flags
for module_result in [meta, lsb, struct]:
if "flags" in module_result:
print("FLAGS FOUND:", module_result["flags"])
# Extract LSB bytes directly
raw_bits = analyzer.extract_lsb_bits(["r", "g", "b"], bit_position=0)
print(raw_bits[:64])
# ELA
from steg_analyzer.modules import ela as ela_mod
ela_result = ela_mod.run(analyzer, output_dir=Path("./output"))
print(ela_result["verdict"])
๐งช Running Tests
# Install dev dependencies
pip install -e ".[dev]"
# Run full test suite
pytest tests/ -v
# With coverage
pytest tests/ -v --cov=steg_analyzer --cov-report=term-missing
# Run a specific test class
pytest tests/ -v -k "TestLSBAnalysis"
๐๏ธ Project Structure
steg_analyzer/
โโโ steg_analyzer/
โ โโโ __init__.py # Version info
โ โโโ cli.py # CLI entry point (argparse)
โ โโโ analyzer.py # Core image loader + helpers
โ โโโ reporter.py # text / JSON / HTML reporter
โ โโโ utils.py # Colors, file detection, flag finder
โ โโโ modules/
โ โโโ metadata.py # EXIF + JPEG marker analysis
โ โโโ lsb_analysis.py # Comprehensive LSB brute-force
โ โโโ ela.py # Error Level Analysis
โ โโโ histogram_analysis.py# Chi-square statistical test
โ โโโ strings_extractor.py # Printable strings + flag hunt
โ โโโ dct_analysis.py # JPEG DCT / JSteg analysis
โ โโโ bitplane_analysis.py # Bit-plane image generator
โ โโโ structure_analysis.py# File structure + embedded data
โ โโโ lsb_extractor.py # LSB data extractor
โ โโโ steghide_extractor.py# Steghide wrapper
โ โโโ dct_extractor.py # JSteg DCT extractor
โ โโโ cracker.py # Multi-threaded password cracker
โ โโโ visual_generator.py # Visual analysis image generator
โโโ tests/
โ โโโ test_steg_analyzer.py # Full test suite (pytest)
โโโ .github/workflows/ci.yml # GitHub Actions CI + PyPI publish
โโโ pyproject.toml # Modern packaging config
โโโ requirements.txt # Runtime dependencies
โโโ LICENSE # MIT
โโโ README.md
๐ค Contributing
- Fork the repo and create a feature branch
- Write tests for your changes
- Run
pytestandruff check steg_analyzer/to make sure everything passes - Open a pull request โ all contributions welcome!
๐ License
MIT โ free to use, modify, and distribute.
โ ๏ธ Disclaimer
Steg Analyzer is built for legal, ethical use only โ CTF competitions, academic research, and analysing your own files. Never use it against systems or files you do not have permission to analyse.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file steg_analyzer-1.0.1.tar.gz.
File metadata
- Download URL: steg_analyzer-1.0.1.tar.gz
- Upload date:
- Size: 25.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d8ee6f81d20d7d6fcf1856070097567ba8124d4dcf2fcf7f80f413e33739019f
|
|
| MD5 |
c5e687667a43cef4b0a4ee5587849c2f
|
|
| BLAKE2b-256 |
c7915e293d46cefc26d8de43c9bd8b2a5c5e701bff5c560c1f69473e3473db7e
|
Provenance
The following attestation bundles were made for steg_analyzer-1.0.1.tar.gz:
Publisher:
ci.yml on Kavi-ya/Steg-Analyzer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
steg_analyzer-1.0.1.tar.gz -
Subject digest:
d8ee6f81d20d7d6fcf1856070097567ba8124d4dcf2fcf7f80f413e33739019f - Sigstore transparency entry: 1199327590
- Sigstore integration time:
-
Permalink:
Kavi-ya/Steg-Analyzer@89fd836a223cd1a47eff5be3234a9b2aedfda1a4 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/Kavi-ya
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@89fd836a223cd1a47eff5be3234a9b2aedfda1a4 -
Trigger Event:
release
-
Statement type:
File details
Details for the file steg_analyzer-1.0.1-py3-none-any.whl.
File metadata
- Download URL: steg_analyzer-1.0.1-py3-none-any.whl
- Upload date:
- Size: 27.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9998f0781aecf0afc88d353be2074f47e9505bf12106970a8cef636c3fb07bec
|
|
| MD5 |
8632806f3964651587314b286637e406
|
|
| BLAKE2b-256 |
2691a0bf8c74127d63a260d88c8ee8b3769f6dc2764bd897090127dc88fa6559
|
Provenance
The following attestation bundles were made for steg_analyzer-1.0.1-py3-none-any.whl:
Publisher:
ci.yml on Kavi-ya/Steg-Analyzer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
steg_analyzer-1.0.1-py3-none-any.whl -
Subject digest:
9998f0781aecf0afc88d353be2074f47e9505bf12106970a8cef636c3fb07bec - Sigstore transparency entry: 1199327598
- Sigstore integration time:
-
Permalink:
Kavi-ya/Steg-Analyzer@89fd836a223cd1a47eff5be3234a9b2aedfda1a4 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/Kavi-ya
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@89fd836a223cd1a47eff5be3234a9b2aedfda1a4 -
Trigger Event:
release
-
Statement type: