Steganographic code review tool for detecting invisible attacks in source.
stenographussy is a code-review security tool focused on invisible or steganographic attacks hiding inside source code where plain-text review often fails.
Targets source-level tricks that can survive casual review because the dangerous part is hidden in formatting, encoding, or visual ambiguity.
Works as a supplement to normal code review by focusing on a class of attacks that humans are particularly bad at spotting consistently.
A good example of the Ussyverse tendency to take niche-but-real technical problems and turn them into explicit tools instead of blog-post warnings.
Source code can lie visually. Hidden characters, deceptive glyphs, or steganographic tricks can produce behavior that is hard to catch in a normal review pass. stenographussy is aimed squarely at that gap.
The tool complements normal code review by scanning for a class of attacks people miss easily under time pressure, especially when the dangerous part of the code is hidden in appearance rather than obvious syntax.
Run it against incoming changes to catch homoglyph tricks, invisible characters, or visually deceptive edits before they slip through a fast review.
Use it during supply-chain or internal security reviews when you need a second lens for source files that may contain encoded or presentation-layer attacks.
There is no marketing wrapper here; the repo is the product. Start there if you want to see the detection strategy, threat coverage, and example findings.
If the repository clicks for you, use the related projects below to trace how the same ideas show up in adjacent tools and experiments.
Skim the catalog when you want breadth, or use pages like this one when you want a little more context before heading outward.