Add Image Security Toolkit (tools)

Library: - Add peek_image() to detect Stegasoo headers without decrypting CLI: - stegasoo tools capacity <image> - show LSB/DCT capacity - stegasoo tools strip <image> - remove EXIF metadata - stegasoo tools peek <image> - detect hidden data API: - POST /api/tools/capacity - POST /api/tools/strip-metadata - POST /api/tools/peek WebUI: - /tools page with tabbed interface (login required) - Basic implementation - needs polish (dropzones, better results) Architecture: Library -> CLI -> API -> WebUI pattern 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-04 00:54:40 -05:00
parent 2f1ac3a747
commit 5df9b9dac8
7 changed files with 460 additions and 2 deletions
--- a/src/stegasoo/cli.py
+++ b/src/stegasoo/cli.py
@@ -782,6 +782,111 @@ def channel_clear(ctx, project, user):
            click.echo("No channel key files found")


+# =============================================================================
+# TOOLS COMMANDS
+# =============================================================================
+
+
+@cli.group()
+@click.pass_context
+def tools(ctx):
+    """Image security tools."""
+    pass
+
+
+@tools.command("capacity")
+@click.argument("image", type=click.Path(exists=True))
+@click.option("--json", "as_json", is_flag=True, help="Output as JSON")
+def tools_capacity(image, as_json):
+    """Show steganography capacity for an image.
+
+    Example:
+
+        stegasoo tools capacity photo.jpg
+    """
+    from .dct_steganography import estimate_capacity_comparison
+
+    with open(image, "rb") as f:
+        image_data = f.read()
+
+    result = estimate_capacity_comparison(image_data)
+    result["filename"] = Path(image).name
+    result["megapixels"] = round((result["width"] * result["height"]) / 1_000_000, 2)
+
+    if as_json:
+        click.echo(json.dumps(result, indent=2))
+    else:
+        click.echo(f"\n  {result['filename']}")
+        click.echo(f"  {'─' * 40}")
+        click.echo(f"  Dimensions:   {result['width']} × {result['height']}")
+        click.echo(f"  Megapixels:   {result['megapixels']} MP")
+        click.echo(f"  {'─' * 40}")
+        click.echo(f"  LSB Capacity: {result['lsb']['capacity_kb']:.1f} KB")
+        if result['dct']['available']:
+            click.echo(f"  DCT Capacity: {result['dct']['capacity_kb']:.1f} KB")
+        else:
+            click.echo("  DCT Capacity: N/A (scipy required)")
+        click.echo()
+
+
+@tools.command("strip")
+@click.argument("image", type=click.Path(exists=True))
+@click.option("-o", "--output", type=click.Path(), help="Output file (default: <name>_clean.png)")
+@click.option("--format", "fmt", type=click.Choice(["png", "bmp"]), default="png", help="Output format")
+def tools_strip(image, output, fmt):
+    """Strip EXIF/metadata from an image.
+
+    Example:
+
+        stegasoo tools strip photo.jpg
+        stegasoo tools strip photo.jpg -o clean.png
+    """
+    from .utils import strip_image_metadata
+
+    with open(image, "rb") as f:
+        image_data = f.read()
+
+    clean_data = strip_image_metadata(image_data, output_format=fmt.upper())
+
+    if not output:
+        stem = Path(image).stem
+        output = f"{stem}_clean.{fmt}"
+
+    with open(output, "wb") as f:
+        f.write(clean_data)
+
+    click.echo(f"Saved clean image to: {output}")
+
+
+@tools.command("peek")
+@click.argument("image", type=click.Path(exists=True))
+@click.option("--json", "as_json", is_flag=True, help="Output as JSON")
+def tools_peek(image, as_json):
+    """Check if image contains Stegasoo hidden data.
+
+    Example:
+
+        stegasoo tools peek suspicious.jpg
+    """
+    from .steganography import peek_image
+
+    with open(image, "rb") as f:
+        image_data = f.read()
+
+    result = peek_image(image_data)
+    result["filename"] = Path(image).name
+
+    if as_json:
+        click.echo(json.dumps(result))
+    else:
+        if result["has_stegasoo"]:
+            click.echo(f"\n  ✓ Stegasoo data detected in {result['filename']}")
+            click.echo(f"    Mode: {result['mode'].upper()}")
+        else:
+            click.echo(f"\n  ✗ No Stegasoo header found in {result['filename']}")
+        click.echo()
+
+
 def main():
    """Entry point for CLI."""
    cli(obj={})
--- a/src/stegasoo/steganography.py
+++ b/src/stegasoo/steganography.py
@@ -930,3 +930,82 @@ def is_lossless_format(image_data: bytes) -> bool:
    is_lossless = fmt is not None and fmt.upper() in LOSSLESS_FORMATS
    debug.print(f"Image is lossless: {is_lossless} (format: {fmt})")
    return is_lossless
+
+
+def peek_image(image_data: bytes) -> dict:
+    """
+    Check if an image contains Stegasoo hidden data without decrypting.
+
+    Attempts to detect LSB and DCT headers by extracting the first few bytes
+    and looking for Stegasoo magic markers.
+
+    Args:
+        image_data: Raw image bytes
+
+    Returns:
+        dict with:
+            - has_stegasoo: bool - True if header detected
+            - mode: str or None - 'lsb', 'dct', or None
+            - confidence: str - 'high', 'low', or None
+
+    Example:
+        >>> result = peek_image(suspicious_image_bytes)
+        >>> if result['has_stegasoo']:
+        ...     print(f"Found {result['mode']} data!")
+    """
+    from .constants import EMBED_MODE_DCT, EMBED_MODE_LSB
+
+    result = {"has_stegasoo": False, "mode": None, "confidence": None}
+
+    # Try LSB extraction (look for header bytes)
+    try:
+        img = Image.open(io.BytesIO(image_data))
+        pixels = list(img.getdata())
+        img.close()
+
+        # Extract first 32 bits (4 bytes) from LSB
+        extracted = []
+        for i in range(32):
+            if i < len(pixels):
+                pixel = pixels[i]
+                if isinstance(pixel, tuple):
+                    extracted.append(pixel[0] & 1)
+                else:
+                    extracted.append(pixel & 1)
+
+        # Convert bits to bytes
+        header_bytes = bytearray()
+        for i in range(0, len(extracted), 8):
+            byte = 0
+            for j in range(8):
+                if i + j < len(extracted):
+                    byte = (byte << 1) | extracted[i + j]
+            header_bytes.append(byte)
+
+        # Check for LSB magic: \x89ST3
+        if bytes(header_bytes[:4]) == b"\x89ST3":
+            result["has_stegasoo"] = True
+            result["mode"] = EMBED_MODE_LSB
+            result["confidence"] = "high"
+            return result
+    except Exception:
+        pass
+
+    # Try DCT extraction (requires scipy/jpegio)
+    try:
+        from .dct_steganography import HAS_JPEGIO, HAS_SCIPY
+
+        if HAS_SCIPY or HAS_JPEGIO:
+            from .dct_steganography import extract_from_dct
+
+            # Extract first few bytes to check header
+            extracted = extract_from_dct(image_data, seed=b"\x00" * 32, length=4)
+            if extracted == b"\x89DCT":
+                result["has_stegasoo"] = True
+                result["mode"] = EMBED_MODE_DCT
+                result["confidence"] = "high"
+                return result
+    except Exception:
+        pass
+
+    return result