Nour833/StegoForge

## ⚡ Quick Launch (Standalone Binaries) StegoForge is a complex Python framework, but you shouldn't have to deal with broken environments when doing active forensics. We have compiled **zero-dependency, native executables** that automatically resolve their own AI and Media requirements. Head over to the **[Releases Page](https://github.com/Nour833/StegoForge/releases)** and download the binary for your OS. * No `pip install` required. * No `PATH` configurations. * **Just execute it.** ## 🧠 What is StegoForge? StegoForge is a **modular, enterprise-grade steganography toolkit** engineered for the full lifecycle of covert data: from embedding payloads into images, audio, video, and active network protocols, to deploying machine-learning steganalysis to forcibly extract anomalies from suspicious carrier files. Built for security researchers, CTF players, and digital forensics practitioners, it doesn't try to be one thing. It executes the entire forensic spectrum seamlessly. ``` $ stegoforge encode --carrier cover.png --payload secret.txt --key "mypassword" --method lsb [+] Payload encrypted with AES-256-GCM [+] Embedded 2048 bits across RGB channels (1-bit depth) [+] Output: cover_stego.png [+] Statistical profile: indistinguishable from baseline (chi² = 0.021) $ stegoforge ctf --file suspicious.mp3 [*] Running all detectors on suspicious.mp3 ... [⏭] Chi-square LSB anomaly SKIPPED [⏭] RS analysis SKIPPED [!] Blind extractor found payload at: audio-lsb, depth=1, AES encrypted blob [+] Extracted 412 bytes → saved to extracted_payload.bin ``` ## Feature Overview ``` stegoforge/ ├── Image Carriers PNG · JPEG · BMP · GIF · WebP │ ├── LSB / Adaptive LSB 1–4 bit depth + WOW-style content-aware cost ordering │ ├── DCT + JND-safe cap JPEG frequency-domain embedding + Watson-style perceptual budget │ ├── Fingerprint LSB PRNU-aware embedding mode │ └── Alpha / Palette Transparency and indexed-color channels │ ├── Video Carriers MP4 · WebM │ ├── Video DCT Keyframe embedding with block-cost ranking │ └── Video Motion Temporal+texture masked block embedding (MP4) │ ├── Audio Carriers WAV · FLAC · MP3 · OGG │ ├── Sample LSB Psychoacoustic-style cost-ordered PCM LSB │ ├── Phase coding Segment-phase encoding │ └── Spectrogram art Visual payloads in spectrum domain │ ├── Document Carriers TXT · PDF · DOCX · XLSX │ ├── Unicode whitespace Adaptive insertion-point ranking (ZWSP/ZWNJ/ZWJ) │ ├── Linguistic mode Key-aware synonym-channel text steganography │ ├── PDF streams Object/stream/metadata injection │ └── Office XML Custom XML parts and streams │ ├── Binary Carriers ELF · PE/EXE/DLL (CLI) │ ├── ELF slack/notes 2-bit masked region-cost embedding │ └── PE slack/overlay 2-bit masked region-cost embedding │ ├── Network Covert Channels (CLI) │ ├── TCP field channels ip_id, tcp_seq, ttl │ └── Timing channel Inter-packet delay encoding │ ├── Crypto + Survivability │ ├── AES-256-GCM + Argon2 │ ├── Decoy mode Dual-payload plausible deniability │ ├── Wet-paper wrapping Reed-Solomon resilience wrapper │ └── Platform profiles Social-media-aware method selection/simulation │ └── Interfaces ├── CLI Hybrid-first grouped method selection + full command mode ├── Web UI (Flask) Grouped method pills, hybrid badges, local SSE streaming └── CTF mode One command, all relevant detectors, ranked report ``` ## 💻 Developer Installation If you wish to build StegoForge from source or utilize the Python APIs natively: ``` git clone https://github.com/Nour833/StegoForge.git cd StegoForge pip install -r requirements.txt pip install -r requirements-web.txt pip install -e . ``` Fire up the Glassmorphism Web App instantly: ``` stegoforge web # Automatically deploys at http://localhost:5000 ``` ## 🎨 Interactive Menu (Recommended for Beginners) Don't want to memorize terminal commands? Just run the tool on its own to access the interactive CLI! ``` stegoforge ``` **Pro-Tips for Automation:** - `STEGOFORGE_FAST_UI=1 stegoforge` skips animations for rapid, zero-delay bootups. - `STEGOFORGE_UI_STAGE_DELAY=0.45 stegoforge` fine-tunes the pacing of the visual display. ## 💻 Advanced Command Line Interface If you prefer raw terminal throughput, the CLI supports hyper-specific routing for all modules. ### 🥷 1. Payload Encoding ``` # Basic LSB into PNG stegoforge encode -c photo.png -p message.txt -k "passphrase" # Stealth JPEG DCT with custom bit depth stegoforge encode -c photo.jpg -p secret.bin -k "key" --method dct # Spectrogram Art — Hide a visual image inside playable audio stegoforge encode -c music.wav -p logo.png --method spectrogram # Decoy mode — Generates two keys, hiding two payloads in one file for plausible deniability stegoforge encode -c photo.png -p real_secret.txt -k "realkey" \ --decoy decoy_message.txt --decoy-key "duresskey" ``` ### 🔓 2. Payload Decoding ``` stegoforge decode -f photo_stego.png -k "passphrase" stegoforge decode -f music_stego.wav -k "key" --method phase ``` ### 🕵️ 3. Blind Forensics & CTF Mode (Zero-Knowledge) ``` # Run the complete heuristic gauntlet natively (Highly Recommended) stegoforge ctf -f suspicious.png # Targeted ML / Statistical Detection stegoforge detect --chi2 -f image.png stegoforge detect --rs -f image.png ``` ### 🛰️ 4. Covert Protocols (Dead Drops) ``` # Embed a payload and securely POST it as a disguised HTTP packet stegoforge deadrop post -c cover.png -p msg.txt -k "shared_key" # Monitor a remote image URL for an incoming payload change stegoforge deadrop monitor --url "https://example.com/image.png" -k "shared_key" --interval 20 ``` ## 🔬 Detection Methods Overview

Click to expand full list of Forensic Capabilities

| Method | Target File | What It Automatically Detects | |---|---|---| | **Chi-square** | Images | LSB frequency distribution anomalies | | **RS Analysis** | Images | Payload capacity estimation without a key | | **ML Steganalysis** | Images | Learned stego likelihood from HuggingFace ONNX CNN models | | **Fingerprint** | Images | PRNU inconsistency + in-browser tamper heatmaps | | **Video anomaly** | MP4/WebM | Keyframe DCT-distribution anomalies | | **Audio anomaly** | WAV/FLAC/MP3 | Sample bit-plane and statistical irregularities | | **PDF anomaly** | PDF | Suspicious `/EmbeddedFile`, JS, or tail entropy | | **Blind extractor** | Multimedia | Auto-tries common bit-patterns and AES-magic headers |

## 📂 System Architecture

Click to explore StegoForge's Module Tree

``` stegoforge/ ├── core/ │ ├── image/ # LSB, Adaptive WOW, DCT, PRNU Fingerprinting, Palette │ ├── audio/ # PCM LSB, Phase-Coding, Spectrogram visual embedding │ ├── video/ # Keyframe block-cost, motion temporal masks │ ├── document/ # PDF Streams, Office XML, Unicode Zero-Width │ ├── network/ # Timing channels, TCP field covert channels │ ├── crypto/ # AES-256-GCM, Decoy Deniability, Argon2 KDF │ └── binary/ # ELF / PE Slack space embedding ├── detect/ # Statistical analysis, HuggingFace ONNX CNNs, Brute-forcing ├── protocol/ # HTTP Dead Drops, X25519 Stego Key Exchange └── web/ # High-performance Flask dashboard & Server-Sent Events ```

## 🚀 Supported Capabilities Matrix | Carrier Format | Injection Method | Extraction Status | Forensic Blind Detection | |:---:|:---:|:---:|:---:| | **PNG** | ✅ LSB, Alpha, Palette | ✅ Supported | ✅ Supported | | **JPEG** | ✅ DCT | ✅ Supported | ✅ Supported | | **MP4** | ✅ Video DCT, Motion | ✅ Supported | ✅ Supported | | **WAV / MP3** | ✅ Sample, Phase, Spectro | ✅ Supported | ✅ Supported | | **PDF** | ✅ Object/Stream | ✅ Supported | ✅ Supported | | **Office XML** | ✅ XML Streams | ✅ Supported | ✅ Supported | | **ELF / PE** | ✅ Slack Space / Header | ✅ Supported | ✅ Supported | Social survivability targets currently supported via Reed-Solomon wrapping: `twitter`, `instagram`, `telegram`, `discord`, `whatsapp`, `signal`. ## ⚖️ Legal Disclaimer & Contributing **Contributing:** Pull requests are heavily welcomed. Please ensure new encoding methods implement the `BaseEncoder` interface and contain robust PyTest coverage.

标签：AES-256-GCM, CNCF毕业项目, LSB, Python, Steganalysis, 取证工具, 图像隐写, 多载体, 数字取证, 数据隐藏, 文档隐写, 无依赖, 无后门, 机器学习检测, 独立可执行文件, 盲取证, 网络包隐写, 自动化脚本, 视频隐写, 逆向工具, 隐写术, 零信任取证, 音频隐写