Auto-detect steganography in an image. Runs chi-square, RS analysis, entropy, metadata, appended data, and tool signature checks. Returns a comprehensive JSON report.

Statistical LSB steganography detection. Runs chi-square and sample pair analysis on each color channel independently.

Extract hidden data from image LSBs. Extracts bits from specified channels and bit plane, attempts UTF-8 decode, and shows hex dump.

Embed a message into an image using LSB steganography. Reads a PNG file, embeds the message into the least significant bits, and writes a new PNG file.

Extract and visualize a specific bit plane from an image channel. Shows dimensions, percentage of 1-bits, and an ASCII art preview of the first rows.

Chi-square steganalysis attack on each color channel independently. Detects LSB replacement by testing whether adjacent pixel value pairs are equalized.

RS (Regular-Singular) steganalysis using the Fridrich-Goljan-Du method. Analyzes pixel groups to estimate LSB embedding rate per channel.

Generate a pixel value histogram with anomaly detection. Detects Pairs-of-Values (PoV) anomalies that indicate LSB steganography.

Per-block entropy analysis of an image. Splits the image into blocks and calculates Shannon entropy per block, flagging high-entropy regions that may contain hidden data.

Deep metadata extraction from an image. For PNG: extracts text chunks, chunk list, IHDR info. For JPEG: extracts EXIF, comments, quantization tables, marker list.

Detect and extract data appended after the image EOF marker. Checks for hidden data past PNG IEND, JPEG EOI, or BMP file size boundary.

Pixel-by-pixel comparison of two images. Reports identical/different pixel counts, max difference, and which channels are affected. Useful for detecting steganographic modifications.

Per-channel statistical analysis for R, G, B, and A channels. Reports mean, standard deviation, entropy, min, max, and unique value count for each channel.

Scan image file bytes for known steganography tool signatures. Checks against a database of known patterns from tools like OpenStego, Steghide, JSteg, F5, and others.

Parse JPEG markers/segments with offsets and sizes. Shows the internal structure of a JPEG file including all markers, their positions, and segment lengths — useful for identifying hidden data or anomalous segments.

DCT coefficient distribution analysis for steganography detection. Analyzes the Y-channel pixel value distribution and SOS entropy data to detect anomalies caused by DCT-domain stego tools like JSteg, F5, and OutGuess.

Detect double JPEG compression artifacts. Double compression occurs when a JPEG is decoded and re-encoded, which introduces characteristic blocking artifacts and quantization table anomalies — a common indicator of image tampering or steganographic embedding.

Quantization table analysis with quality estimation. Displays all quantization tables in 8x8 grid format and estimates the JPEG quality factor by comparing against the standard luminance/chrominance tables — essential for forensic analysis.

Deep EXIF analysis including GPS coordinates, timestamps, software info, thumbnails, maker notes, and all IFD entries. Flags interesting fields for forensic investigation such as editing software traces, GPS location, and temporal inconsistencies.

Compare the EXIF thumbnail against the main JPEG image. A dimension or content mismatch between the thumbnail and the main image is a strong indicator that the main image was modified after capture while the original thumbnail was preserved — a common forensic artifact.

Extract and analyze JPEG COM (comment) markers. Checks for hidden data patterns, unusually large comment segments, and high-entropy content that could indicate steganographic payloads concealed in comment fields.

Auto-detect audio steganography in a WAV file. Runs LSB chi-square, entropy analysis, metadata inspection, and checks for appended data after the WAV data chunk.

PCM sample LSB statistical analysis. Performs chi-square test on LSBs grouped by value pairs to detect LSB replacement steganography in WAV audio.

Extract LSB data from audio samples. Reads the least significant bit of each PCM sample and attempts to decode hidden data.

Basic spectral analysis for hidden signals in WAV audio. Analyzes sample value distribution, zero-crossing rate, RMS energy per block, and detects anomalous quiet sections with high entropy.

Extract metadata from a WAV file including RIFF INFO chunks, format details, and all chunk information.

Analyze silent sections in WAV audio for hidden data. Finds near-zero sample regions and checks their LSBs — silent sections with active LSBs are a strong indicator of steganography.

Echo hiding detection via autocorrelation analysis. Computes normalized autocorrelation at common echo delays (50-1000 samples). Unusually regular echo patterns indicate steganographic echo hiding.

Auto-detect text steganography. Checks for zero-width characters, whitespace encoding, invisible Unicode, homoglyphs, and unusual patterns.

Detect zero-width characters (ZWSP, ZWNJ, ZWJ, BOM) in text. Reports positions, counts, and potential encoded message length.

Decode a zero-width character encoded message. Extracts ZWC chars and decodes binary: ZWSP=0, ZWNJ=1 (attempts both polarities).

Embed a secret message into cover text using zero-width characters. Encodes the message to binary and maps bits to ZWSP(0)/ZWNJ(1), inserting them between characters of the cover text.

Detect whitespace encoding in text. Checks each line for trailing whitespace patterns where space=0 and tab=1 might encode binary data.

Extract a whitespace-encoded message from text. Reads trailing whitespace from each line and decodes space=0/tab=1 binary encoding.

Scan text for ALL invisible Unicode characters. Checks every character against the full invisible character database and reports positions, names, and categories.

Detect Unicode homoglyph substitutions in text. Identifies non-ASCII characters that visually resemble ASCII letters (e.g., Cyrillic a vs Latin a, Greek o vs Latin o).

Full Unicode character distribution analysis. Categorizes all characters by script block, performs entropy analysis, and detects suspicious script mixing.

Detect first-letter, first-word, last-letter, last-word, or nth-character patterns (acrostic messages) hidden across lines of text.

File type identification via magic bytes. Reads the file header and matches against a comprehensive database of known file signatures. Also checks for extension vs actual type mismatch.

Detect polyglot files that are valid as two or more different file formats simultaneously. Checks for multiple valid file signatures at different offsets (e.g., PDF+ZIP, PNG+PDF). Useful for CTF challenges and forensic analysis.

Scan for embedded files within a binary, similar to binwalk. Searches for known magic byte signatures at every offset within the file to discover hidden or appended files, concatenated archives, and other embedded content.

Detect data appended after a file's format-specific end-of-file marker. Supports PNG (IEND), JPEG (FFD9), BMP (file size header), ZIP (end of central directory), and PDF (%%EOF). Commonly used to hide data in images and documents.

Section-by-section entropy analysis of a file. Calculates Shannon entropy per block and overall, flagging anomalous high-entropy sections that may indicate encrypted, compressed, or steganographically embedded data.

ASCII entropy visualization of a file. Renders a text-based bar chart showing entropy levels across the file, making it easy to visually spot high-entropy regions that may contain hidden data, encryption, or compression.

Extract printable and Unicode strings from binary files, similar to the Unix 'strings' command. Scans for runs of printable characters of a configurable minimum length and reports them with their file offsets. Supports ASCII, UTF-8, and UTF-16.

Hex dump with ASCII sidebar display. Shows file contents in traditional hex editor format with offset addresses, hexadecimal byte values, and printable ASCII representation. Useful for manual inspection of binary file structures.

Deep header and structure analysis for known file formats. Parses and displays format-specific header fields including PNG IHDR chunk, JPEG SOF markers, BMP info header, ZIP local file headers, and PDF version/metadata. Provides low-level structural insight.

Binary diff between two files. Compares files byte-by-byte and reports size comparison, first N differences with their offsets and values, percentage of identical bytes, and a summary of the changes. Useful for detecting steganographic modifications.

Hidden PDF content detection. Scans PDF files for suspicious elements including embedded JavaScript (/JS), auto-actions (/AA, /OpenAction), hidden annotations, invisible text (white-on-white), embedded files, and other potentially malicious or covert content.

PDF metadata extraction. Parses the /Info dictionary for standard fields (Title, Author, Creator, Producer, CreationDate, ModDate) and searches for XMP metadata blocks. Useful for forensic attribution and document provenance analysis.

PDF stream analysis. Locates all stream/endstream blocks in a PDF, attempts zlib decompression on each, and reports sizes and entropy. Useful for finding hidden data within compressed PDF content streams.

Hidden HTML content detection. Scans HTML files for covert content including HTML comments, elements with display:none or visibility:hidden, data-* attributes, hidden form inputs, base64 embedded content, zero-size elements, and other techniques used to hide information.

XML and Office document metadata extraction. Parses XML-like content for Dublin Core metadata (dc:creator, dc:title), Microsoft Office properties, processing instructions, and other metadata that may reveal authorship, editing history, or hidden information.

Auto-detect encoding type of an input string. Tests against all known encoding patterns (Base64, hex, binary, morse, URL encoding, HTML entities, etc.) and returns matches sorted by confidence, with attempted decoding for top results.

Multi-format decoder supporting Base64, hex, binary, decimal, octal, URL encoding, ROT13, Base32, Morse code, and HTML entities. In auto mode, detects the encoding first and applies the appropriate decoder.

Character frequency analysis for cryptanalysis. Counts character occurrences, compares to standard English letter frequency (ETAOINSHRDLU), and calculates the Index of Coincidence. IC near 0.0667 suggests English/monoalphabetic, IC near 0.038 suggests random/polyalphabetic.

Shannon entropy calculation and classification for strings. Computes both character-level and byte-level entropy, classifying the result into categories: very low (repeated), low (simple text), normal text, compressed/encoded, or encrypted/random.

XOR key brute-force for single-byte and multi-byte keys. Tries all single-byte XOR keys (0x00-0xFF) and scores by printable character ratio. For multi-byte keys, uses Index of Coincidence to estimate key length. Returns top 5 most likely results.

Hash type identification. Matches the input against known hash patterns by length and format to identify possible hash algorithms (MD5, SHA-1, SHA-256, SHA-512, bcrypt, CRC32, NTLM, MySQL, etc.).

Known cipher and encoding pattern detection. Analyzes text for indicators of Caesar cipher, substitution cipher, Vigenere, rail fence transposition, Atbash cipher, and reversed text. Uses statistical methods like Index of Coincidence and frequency analysis.

Auto-detect steganography in an AVI video. Runs LSB analysis on the first few frames, checks for appended data after the RIFF container, and analyzes frame size variance for anomalies.

LSB analysis of a specific video frame. Extracts the raw pixel data from the given frame index and checks LSB distribution, balance, and entropy.

Extract LSB data from video frames as bytes. Collects the least significant bit from each byte of the specified frames and assembles them into a byte stream with hex dump and text preview.

Compare adjacent video frames for pixel-level anomalies. Computes byte-level diff, Mean Squared Error (MSE), and PSNR between two frames to detect steganographic modifications.

Analyze frame types from the AVI idx1 index. Reports keyframe vs delta frame distribution, size statistics per type, and flag anomalies that may indicate steganographic manipulation.

Extract metadata from an AVI video file. Reports dimensions, FPS, codec, stream info, duration, and file-level properties.

Visualize the AVI/RIFF chunk structure as a tree. Shows all chunks, their FourCC codes, offsets, and sizes for forensic analysis of the container structure.

Detect and analyze data appended after the AVI RIFF container EOF. Reports the offset, size, entropy, and hex dump of any trailing data that may contain hidden payloads.

Auto-detect steganography in a GIF file. Analyzes the global color table for LSB patterns, checks for appended data after the trailer, inspects comment extensions, and reports frame count and animation info.

Analyze the GIF global color table for steganographic indicators. Reports sort order, duplicate entries, unused slots, color distribution, and luminance profile.

Extract and analyze LSB patterns from GIF color table entries. Reports per-channel LSB bit strings, balance ratios, and chi-square test results for LSB uniformity.

Analyze multi-frame GIF animation properties. Reports per-frame size, delay times, disposal methods, local color tables, and anomalies in frame dimensions or compression.

Extract and analyze GIF comment extensions. Comments can be used to hide data within a GIF file. Reports all comment text, sizes, and entropy.

Analyze GIF application extensions. Inspects NETSCAPE and other application extension blocks for anomalies or hidden data payloads.

Analyze LZW compressed sub-block sizes and entropy in GIF image data. Checks individual sub-block sizes for anomalies and patterns that may indicate steganographic manipulation of the compressed stream.

Visualize the GIF block structure. Shows all blocks (header, color tables, extensions, image descriptors, trailer) with offsets and sizes for forensic analysis.

Auto-detect network steganography in a PCAP file. Checks IP covert header fields, ICMP payload anomalies, DNS tunneling indicators, and inter-packet timing patterns. Returns a combined suspicion score.

IP header covert field analysis. Examines TTL patterns, IP identification field entropy, and TOS/DSCP usage across packets to detect hidden data in IP header fields.

TCP sequence/acknowledgment number analysis. Checks for patterns in ISN (Initial Sequence Numbers), unusual TCP options, and seq/ack number anomalies that could indicate covert channel usage.

ICMP echo payload analysis. Examines entropy, printable content ratio, payload size anomalies, and pattern consistency of ICMP echo request/reply payloads to detect covert data exfiltration.

DNS tunneling detection. Analyzes subdomain length distribution, label entropy, TXT record usage, query frequency per domain, and unique subdomain counts to identify DNS-based covert channels.

HTTP header covert channel analysis. Examines unusual/custom headers, cookie value entropy, header ordering anomalies, and hidden data in standard header fields across HTTP traffic in a PCAP.

Inter-packet timing analysis. Computes packet arrival intervals and analyzes them for binary encoding patterns (e.g., short interval = bit 0, long interval = bit 1). Detects timing-based covert channels.

PCAP statistics summary. Reports packet count, protocol distribution, top IP pairs, port usage, capture duration, and data volume for an overview of the capture file.

Auto-detect MP3 steganography. Checks ID3 tag padding, gaps before first audio frame, trailing data after last frame, bitrate anomalies, and inter-frame gaps for signs of hidden data.

MP3 frame header analysis. Examines bitrate changes, padding patterns, VBR detection, frame size consistency, and layer/version anomalies across audio frames.

ID3v1/v2 hidden data analysis. Inspects APIC (image) frames, PRIV (private) frames, excessive padding, unknown frame IDs, and overall tag entropy for signs of steganographic content.

Bit reservoir and padding manipulation detection. Analyzes the gap before the first audio frame, inter-frame gaps between consecutive frames, and checks for data inserted between or around audio frames.

Statistical analysis of decoded MP3 frame sizes. Computes entropy, variance, and anomalies in frame size distribution to detect steganographic manipulation of audio frame data.

Full MP3 metadata extraction. Reports ID3v1 tag, ID3v2 frames with content, duration, bitrate, VBR status, sample rate, and file structure overview.

MP3 frame structure visualization. Displays the first N frames with bitrate, padding bit, channel mode, and frame size for a detailed map of the file's audio frame layout.

F5 steganography detection. F5 embeds data by decrementing the absolute values of DCT coefficients toward zero (shrinkage). Detects the characteristic excess of zeros relative to near-zero coefficients and the histogram dip at +/-1 that F5 matrix embedding produces.

JSteg steganography detection. JSteg replaces the LSB of non-zero, non-one DCT coefficients. Uses chi-square test on coefficient value pairs (2k, 2k+1) to detect the equalization that JSteg embedding produces. Includes sliding window analysis on sequential AC coefficients.

OutGuess steganography detection. OutGuess embeds data in DCT coefficients and adjusts unused coefficients to preserve first-order statistics. Detects by analyzing second-order statistics (inter-block coefficient correlations) that OutGuess disrupts, and checks for preserved histogram with disrupted spatial correlations.

Pixel Value Differencing (PVD) steganography detection applied to JPEG. PVD encodes data in the differences between adjacent pixel values. Detects by analyzing the distribution of pixel differences for the staircase pattern at PVD range boundaries (Wu-Tsai ranges). Works on decoded pixel data via jpeg-js.

Sliding window chi-square analysis over sequential DCT coefficients. Divides the coefficient stream into windows of configurable size and runs chi-square pair analysis on each window. Returns per-window p-values and detection results to map where embedding starts and stops.

Crop-recalibrate steganalysis. Crops the image by removing a few pixel rows/columns to break DCT block alignment, then compares DCT and pixel statistics between the original and calibrated version. Steganographic modifications are revealed because recalibration restores natural statistics that embedding had disrupted.

JPEG stego tool compatibility check. Analyzes the image to determine which steganography tools could have been used based on its properties: color space, quality factor, progressive vs baseline encoding, marker structure, quantization tables, and metadata patterns.

DFT magnitude spectrum analysis for spread spectrum steganography detection. Computes the Discrete Fourier Transform of pixel values and analyzes the frequency spectrum for hidden signals, unusual peaks, or spectral flatness anomalies that indicate spread spectrum embedding.

Autocorrelation-based steganography detection. Computes the autocorrelation of pixel values to find periodic embedding patterns. Spread spectrum and watermarking methods often introduce periodic signals that appear as peaks in the autocorrelation function.