HTTP::StegTest is a Perl module designed to automate the collection, detection, and reporting of images which have been potentially altered by steganography tools, and it also detects and quarantines images that have changed in size between collections (and runs a binary comparison between them if desired). It also compiles collected information into logs and creates a few html pages reporting results.

It supports compiling information from several scans into a single report in a "common directory", splitting all the information out into each scanned group.

An example report can be found at in which the library was run against several anti-American and "pro-Taliban" sites. The reports display images that changed between collections, images that tested positive for being altered by an outside program, and images which were "false positives." Over 25,000 images were tested across 10 sites.

Outside programs

The library requires the use of other programs for image testing. All image testing was done with stegdetect 0.4, available at the Outguess website. Also, the path to cmp, a tool for binary comparison between files, can be set in order to provide additional information on the "Changed Images" page.

Without these outside programs, the library collects images, detects changes in file size, and creates reports omitting the testing information.

Veracity of Positive Images

Of course, the reliability of detection is only as good as the software used to detect it. The author of stegdetect has noted several types of images have a higher probability of being a false positive than others, specifically paintings or drawings. (Source)


The library was tested on a Win 2000 Server with ActiveState Perl 5.6.1, on a machine with an AMD K-6 500MHz and 322 MB of RAM. See the test page for sites tested with the code over Dec 14-23, 2001. The Windows binary for stegdetect 0.4 was used, as well as the GNU windows binary for cmp.exe.



Links to Steganography detection and methods:

SANS Intro to Steganography
Outguess, a stego tool, also has links to numerous works by Niels Provos including stegdetect
Phrack - "Steganography Thumbprinting" - discusses S-Tools and Steganos
Older article discussing several techniques, links to over 80 Steganography tools. More info than I could post here.