Yggelder-plinius/ST3GG
↗ GitHubAll-in-one steganography suite
854
Stars
211
Forks
7
Watchers
3
Open Issues
Safety Rating B
ST3GG is a legitimate, well-documented open-source security research tool with a clear dual-use purpose (offense/defense steganography). The codebase and README are consistent with an academic/security research project. However, two notable findings warrant a Caution rating rather than Safe: (1) The README contains live Unicode zero-width character steganographic payloads embedded in the hyperlink text, and HTML/Markdown comments containing hidden flag strings with the 'LOVE PLINY' signature — a phrase associated in the AI safety community with prompt injection jailbreak attempts. The project author ('elder-plinius') is known for prompt injection research and jailbreak tooling. (2) These embedded artifacts are real prompt injection vectors in this document, not merely described techniques. While the project's intent appears to be a self-demonstrating thematic Easter egg rather than a malicious attack on analysts, the content is functionally indistinguishable from a prompt injection attempt targeting AI systems processing this repository. There are no hardcoded production secrets, malicious code patterns, or dependency vulnerabilities detected. The tool itself is a dual-use security research instrument with legitimate use cases, distributed under AGPL-3.0.
ℹAI-assisted review, not a professional security audit.
AI Analysis
ST3GG is a comprehensive, dual-use steganography and steganalysis toolkit that supports 100+ encoding techniques across images, audio, text, documents, network protocols, and archives. It runs entirely in-browser as a static site (no server required) or as a Python CLI/TUI/WebUI installable via PyPI. Features include LSB embedding with 15 channel presets and 8 bit depths, a novel SPECTER channel-cipher, AES-256-GCM encryption (Ghost Mode), compression-resistant DCT/F5 modes, up to 11-layer recursive Matryoshka nesting, Unicode steganography, network covert channels (DNS, ICMP, TCP, HTTP), and an AI-powered exhaustive analysis engine. The blue-team side provides 20+ detection functions including chi-square analysis, bit-plane entropy, histogram analysis, and Unicode steg detection across 200+ automated tests.
Use Cases
- Red team / penetration testing: simulate data exfiltration via steganographic channels to validate DLP and SIEM coverage
- Blue team / SOC analysis: detect and decode hidden payloads in suspicious files using ALLSIGHT comprehensive analysis
- CTF competition tooling: encode/decode across every channel/bit/strategy combination with smart auto-detection
- Digital forensics and incident response: analyze seized media for steganographic communication channels
- AI agent security research: test prompt injection via hidden image payloads, agent data exfiltration, and content filter bypass
- Academic study and benchmarking of steganographic techniques across all modalities
- DLP vendor benchmarking against 100+ encoding techniques
Tags
Security Findings (2)
The README contains an HTML comment embedding a fake CTF flag and a message 'LOVE PLINY' (<!-- ⊰ If you can read this, you understand steganography. The real flag is in the banner image. Decode it with ST3GG. ST3GG{s0urc3_v13w3r} LOVE PLINY ⊱ -->). While this is framed as a thematic steganographic Easter egg consistent with the project's purpose, it is a direct attempt to embed hidden text that any AI system or automated tool parsing the README would encounter. The 'LOVE PLINY' signature is associated with prompt injection jailbreak attempts in the AI safety community. Similarly, a Markdown link-reference comment at the bottom hides another flag string (ST3GG{r34dm3_h4ck3r}). The README text also contains invisible Unicode zero-width characters embedded inline (e.g., in the [STE.GG] link text), consistent with the Unicode steganography techniques the tool documents. These are the exact prompt injection / covert channel techniques described by the tool itself, deployed within the README as demonstrations — but they also constitute real prompt injection artifacts in this document.
The STE.GG hyperlink text in the README contains a long sequence of invisible zero-width Unicode characters (visible as ... etc.) embedded immediately after the visible link text. This is a live demonstration of Unicode steganography encoding hidden data directly into the README, which would be processed by any AI or automated tool reading the file. While the project frames this as a self-referential demonstration, it constitutes an actual covert payload embedded in the repository documentation.
Project Connections
vxcontrol/pentagi
PentAGI is an autonomous penetration testing agent framework; ST3GG's steganographic covert channel and data exfiltration simulation capabilities directly extend red-team engagements that PentAGI orchestrates, particularly for DLP bypass testing.
ZeroLeaks/zeroleaks
ZeroLeaks tests LLM systems for prompt injection vulnerabilities; ST3GG's prompt injection via image steganography and invisible Unicode techniques represent an attack surface that ZeroLeaks-style evaluations could be extended to cover, making them complementary AI security tools.
PurpleAILAB/Decepticon
Decepticon is an autonomous red-team hacking framework; ST3GG provides steganographic data exfiltration and covert channel techniques that complement Decepticon's post-exploitation and data smuggling simulation capabilities.
JaydenBeard/clawguard
ClawGuard monitors AI agent activity for security anomalies; ST3GG's steganalysis and covert channel detection capabilities (ALLSIGHT) address a blind spot in agent monitoring — detecting steganographically hidden data in agent-generated or processed files.
LucidAkshay/kavach
Kavach is an EDR desktop app for monitoring AI agent filesystem operations; ST3GG's steganographic encoding techniques represent an evasion vector that Kavach's monitoring could be hardened against, and ST3GG's detection tools could inform Kavach's content inspection layer.