Upload an image. Could it be quietly leaking GPS location, device fingerprints, or even hidden payloads?
PixelSink is a lightweight web app that inspects uploaded images for potential data exposure. It performs layered analysis across EXIF metadata, LSB steganography signals, and file integrity / similarity hashes to produce a risk score.
🎯 What It Does
For each uploaded image, PixelSink runs:
EXIF Metadata Extraction — Surface GPS, timestamps, camera model, and more.
LSB Steganography Check — Sample least-significant bits for hidden-message patterns.
Image Hashing — SHA256 for exact-file integrity; pHash for perceptual similarity.
A consolidated Suspicion Score based on metadata presence (esp. GPS) and LSB anomalies.
🧰 Tech Stack
- Flask backend
- Pillow for image operations & sampling
- exifread for metadata extraction
- imagehash for perceptual hashing
- hashlib for SHA256
- Minimal HTML/CSS/JS front-end UI.
⚙️ How It Works (Flow)
Accepts PNG / JPG / JPEG uploads (max ~5 MB).
Saves the file with a timestamped safe filename.
Generates SHA256 + pHash; parses EXIF; runs LSB distribution sampling.
Scores risk: metadata found (+GPS weighted), plus High LSB anomalies raise score.
Renders a report view with all results.
đź’ˇ Extension Ideas
Visual map pin for GPS metadata.
Batch upload + CSV export.
Compare incoming hashes to a known “safe” or “tainted” corpus.
Flag overly large EXIF blobs as potential staging for covert data. (Forward-looking suggestions based on current architecture — inference.)
📦 GitHub Repo:
đź”— https://github.com/akbak/PixelSink
by Muhammet Ali AKBAK
Top comments (0)