Hide. Encrypt.
Protect.
A lightweight CLI tool that appends AES-256 encrypted data to any carrier file. Images, videos, and PDFs remain fully functional while hiding your secrets.
AES-256 Security
PBKDF2-HMAC-SHA256, 100,000 iterations, random 16-byte salt per encryption.
Universal Carriers
Works with any file format — JPG, MP4, PDF, and more.
Non-Destructive
Data is appended after the carrier's original bytes. The file still opens normally.
Installation
Installs to /usr/local/share/stego/ and registers the stego command in /usr/local/bin/. If already installed, it prompts to update.
To uninstall:
Run directly from the cloned repo — no sudo needed. Only one dependency required.
Commands
$ stego hide photo.jpg secret.txt -o hidden.jpg
$ stego hide photo.jpg secrets/ -o hidden.jpg
| Argument | Description |
|---|---|
| carrier | The carrier file (image, video, PDF, etc.) |
| data | File or folder to hide |
| -o FILE | Output file (required) |
| -p PASSWORD | Password — skips confirmation prompt, use with care |
| -v | Verbose output |
-p, you will be prompted to enter and confirm:> Enter encryption password:
> Confirm encryption password:
The output folder will contain:
├── data/ ← your extracted files
└── original/ ← clean carrier file
| Flag | Description |
|---|---|
| -o FOLDER | Output folder (required) |
| -p PASSWORD | Password (prompted if omitted) |
| -v | Verbose output |
| Flag | Description |
|---|---|
| -r | Scan subdirectories recursively |
| -a | Include hidden files (dotfiles) |
| -v | Verbose output |
Do not modify the output file
Hidden data is appended after the carrier's original bytes. Any operation that rewrites the file will destroy it.
Unsafe — destroys hidden data
- Opening in an image editor and saving
- Compressing or optimising the file
- Converting to another format
- Uploading to social media
Safe — preserves hidden data
- Copying or moving the file (
cp,mv) - Viewing without saving
- Transferring via USB, SCP, rsync
- Running
stego scanto verify
Security notes
stego scan. This tool provides encryption, not invisibility.