zsteg
Steganography detection tool for PNG and BMP file formats.
TLDR
Detect embedded data in a PNG image
Detect embedded data in a BMP image, using all known methods
Detect embedded data in a PNG image, iterating pixels vertically and using MSB first
Detect embedded data in a BMP image, specifying the bits to consider
Detect embedded data in a PNG image, extracting only prime pixels and inverting bits
Detect embedded data in a BMP image, specifying the minimum length of the strings to be found and the find mode
Help
Usage: zsteg [options] filename.png [param_string]
-c, --channels X channels (R/G/B/A) or any combination, comma separated
valid values: r,g,b,a,rg,bgr,rgba,r3g2b3,...
-l, --limit N limit bytes checked, 0 = no limit (default: 256)
-b, --bits N number of bits, single int value or '1,3,5' or range '1-8'
advanced: specify individual bits like '00001110' or '0x88'
--lsb least significant BIT comes first
--msb most significant BIT comes first
-P, --prime analyze/extract only prime bytes/pixels
--invert invert bits (XOR 0xff)
-a, --all try all known methods
-o, --order X pixel iteration order (default: 'auto')
valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...
-E, --extract NAME extract specified payload, NAME is like '1b,rgb,lsb'
--[no-]file use 'file' command to detect data type (default: YES)
--no-strings disable ASCII strings finding (default: enabled)
-s, --strings X ASCII strings find mode: first, all, longest, none
(default: first)
-n, --min-str-len X minimum string length (default: 8)
--shift N prepend N zero bits
-v, --verbose Run verbosely (can be used multiple times)
-q, --quiet Silent any warnings (can be used multiple times)
-C, --[no-]color Force (or disable) color output (default: auto)
PARAMS SHORTCUT
zsteg fname.png 2b,b,lsb,xy ==> --bits 2 --channel b --lsb --order xy
