The ultimate open-source steganography suite — hide anything in any file using 100+ encoding techniques, detect it all, and run everything 100% in your browser.
ST3GG (ste.gg) is a comprehensive, dual-use steganography toolkit that covers both offense and defense across every file modality imaginable. It lets you hide secret data inside images, audio files, documents, archives, network packets, and source code using over 100 distinct encoding techniques — and then detect, analyze, and decode that hidden data with equal precision. The entire system runs client-side in the browser as a static site with no server involved, or as a Python package installable via pip with CLI, TUI, and Web UI interfaces.
On the offensive side, ST3GG enables red teams and security researchers to simulate realistic data exfiltration scenarios: embedding payloads in JPEG DCT coefficients that survive social media re-encoding, hiding data in DNS query names and TCP sequence numbers, injecting invisible Unicode characters into text, and generating polyglot files valid as two formats simultaneously. Ghost Mode layers AES-256-GCM encryption with bit scrambling and random noise decoys for maximum stealth. Matryoshka mode supports up to 11 recursive layers of nested steganography.
On the defensive side, the ALLSIGHT analysis engine provides over 264 detection functions covering chi-square analysis, bit-plane entropy, histogram analysis, signature scanning, Unicode steg detection, EXIF forensics, and PNG chunk inspection. An AI-powered exhaustive mode autonomously tests every applicable decoding method against an uploaded file. The toolkit ships with a library of 100+ pre-encoded example files covering every supported technique, along with a comprehensive test suite of 500+ assertions to verify detection accuracy and round-trip encoding fidelity.
ST3GG is built on Python 3.9+ with Pillow and NumPy for vectorized image operations, Typer and Rich for the CLI, Textual for the TUI, and NiceGUI/FastAPI for the web interface. The browser version runs entirely in vanilla JavaScript and HTML. It is published to PyPI as the stegg package and deployed as a static site on Cloudflare Pages.
Architecture
ST3GG is organized as a flat collection of single-purpose Python modules — a deliberate, pragmatic structure rather than a layered framework. The core engine (steg_core.py) implements all image encoding and decoding using NumPy vectorized operations, exposing a clean encode/decode/detect_encoding API with a self-describing 32-byte binary header that carries the full StegConfig needed to reproduce any decode operation without external metadata. Analysis capabilities live in a separate analysis_tools.py module built around a TOOL_REGISTRY pattern, where each of the 264+ detection functions is registered with a name and supported file types, making it straightforward to run exhaustive analysis by iterating the registry. Multiple interface layers — CLI via Typer, TUI via Textual, Web UI via NiceGUI/FastAPI, and a static browser build in vanilla JavaScript — all call the same core modules, keeping the data-model and presentation layers cleanly separated. The browser build is a completely independent implementation in JavaScript that mirrors the Python logic for client-side execution without any server dependency.
Tech Stack
The Python implementation targets Python 3.9+ and relies on Pillow for image I/O across PNG, JPEG, WebP, GIF, and BMP, with NumPy providing the vectorized bit manipulation that makes bulk LSB operations ten to one hundred times faster than pixel-by-pixel Python loops. The CLI uses Typer with Rich for styled terminal output and progress indicators; the terminal UI uses Textual for a full-screen interactive interface; the web UI runs on NiceGUI backed by FastAPI with an optional legacy Streamlit path. Encryption is handled by the Python cryptography package (AES-256-GCM) with graceful fallback to XOR when the package is unavailable. Audio analysis uses the stdlib wave module. Network packet analysis handles raw PCAP binary format without requiring scapy. The browser-side implementation is pure ES6 JavaScript bundled in a single index.html with an external f5stego-lib.js for JPEG DCT operations, deployed as a Cloudflare Pages static asset via wrangler.
Code Quality
The codebase has extensive test coverage organized across three test files with a combined 3,500+ lines and over 500 assertions. The comprehensive pre-push suite (test_comprehensive.py) validates 120 LSB round-trip combinations, 28 required tool registry entries, 17 file format detections, 15 image decoder variants, 12 Unicode steg methods, and README accuracy checks in a single run — a genuinely rigorous regression harness. The core modules use Python dataclasses with type annotations throughout, and analysis_tools.py defines a standardized AnalysisResult dataclass ensuring all 264+ detection functions return a consistent structure. Error handling is explicit with graceful optional import patterns for heavy dependencies. Inline comment density is high in steg_core.py with well-structured docstrings. The absence of a formal linter or CI configuration is the main quality gap, and the test_comprehensive.py is run manually rather than through an automated pipeline.
What Makes It Unique
ST3GG’s most distinctive contribution is the sheer breadth of modalities and encoding techniques unified under a single API — reaching beyond the conventional image LSB toolkit into network covert channels (DNS tunneling, TCP sequence number hiding, ICMP payload embedding), Unicode invisible character techniques across a dozen character class families, and compression-resistant JPEG DCT encoding that survives social media re-upload pipelines. The SPECTER channel cipher introduces a genuinely novel approach where the channel-hopping pattern itself becomes a cryptographic key: encoding distributes bits across R, G, and B channels in a repeating sequence derived from a passphrase via HMAC-SHA256, so even knowing data is hidden reveals nothing without the pattern. The self-describing binary header format means any payload encoded with ST3GG can be fully decoded by Smart Scan without out-of-band parameter transmission — the header carries the complete StegConfig serialized to 32 bytes, enabling autonomous detection across 120+ configuration combinations.
ST3GG is released under the GNU Affero General Public License v3.0 (AGPL-3.0). In plain terms this means you can use, study, modify, and redistribute the software freely, including for commercial internal use, as long as you release any modifications under the same AGPL-3.0 license. The critical AGPL clause is network copyleft: if you run a modified version of ST3GG as a network service — for example, as a hosted steganography API — you must make the modified source code available to the users of that service. Individuals, researchers, educators, and open-source projects can use ST3GG without restriction. Organizations wanting to embed ST3GG into a proprietary product or SaaS offering without open-sourcing their code must obtain a separate commercial license from the project maintainers.
Running ST3GG yourself is straightforward — the primary deployment is a fully static HTML/JavaScript bundle served via Cloudflare Pages, so the browser-based UI requires no server infrastructure at all beyond a web host. The Python package is installed with pip install stegg and runs on any Python 3.9+ environment with no database or external service dependencies. You are responsible for your own hosting, uptime, and updates. There is no auto-update mechanism, so tracking upstream releases via PyPI or GitHub is a manual process. The example file library and test suite are bundled in the repository, making offline operation fully supported.
The hosted version at ste.gg is the canonical public deployment and receives the latest changes from the main branch. Self-hosters get a point-in-time snapshot of the codebase. There are no premium tiers, cloud backup features, SLAs, managed upgrades, or commercial support contracts — the project is a community-maintained open-source tool with no company behind it. This means you get complete transparency and control, but accept full responsibility for availability, security patching, and operational maintenance.
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
Developer Tools · Game Development · Design Tools
Free, MIT-licensed 2D and 3D game engine with one-click multi-platform export and no royalties.
Developer Tools · Databases · Search
The open-source Postgres development platform that replaces Firebase with authentication, real-time APIs, edge functions, storage, and vector embeddings — all built on PostgreSQL.