Tirith Blocks Homoglyph Attacks Before They Hit Your Shell

Browsers have spent years building defenses against homoglyph URLs—domains that swap Latin characters for Cyrillic or Greek lookalikes to trick users into visiting malicious sites. Terminals, on the other hand, have had no such protection. A new open-source tool called Tirith aims to close that gap by intercepting suspicious commands before they execute.

Created by developer Sheeki and released under an AGPL-3.0 license, Tirith hooks into zsh, bash, fish, and PowerShell to inspect every pasted or typed command in real time. It runs entirely locally—no network calls, no telemetry, no background processes—with sub-millisecond overhead that makes the checks invisible during normal use.

What Tirith Actually Catches

The tool ships with 30 detection rules spread across seven threat categories:

• Homograph attacks — Unicode lookalike characters in domain names, punycode tricks, and mixed-script URLs. A command pointing to gіthub.com (with a Cyrillic "i") gets flagged before it can download anything.
• Terminal injection — ANSI escape sequences, bidirectional text overrides, and zero-width characters that can hide malicious payloads within seemingly innocent output.
• Pipe-to-shell patterns — The classic curl | bash, wget | sh, and eval $(...) constructions that download and execute remote code in a single step.
• Dotfile hijacking — Attempts to modify ~/.bashrc, ~/.ssh/authorized_keys, ~/.gitconfig, and other configuration files that grant persistent access.
• Insecure transport — Plain HTTP piped to shell interpreters or commands with disabled TLS verification.
• Ecosystem threats — Git typosquats, untrusted Docker registries, and suspicious package sources.
• Credential exposure — Userinfo embedded in URLs and shortened URLs that obscure destinations.

Each blocked command gets a clear explanation through the tirith why subcommand, so users understand what triggered the alert rather than just seeing a generic warning.

Why Terminals Need This Now

Homoglyph abuse in command-line environments has grown sharply alongside ClickFix attacks, which trick users into pasting malicious commands through fake CAPTCHA pages and error prompts. Microsoft reported that ClickFix now accounts for roughly 47% of observed initial access attempts. Many of those attacks embed invisible Unicode characters and homoglyphs to evade string-based detection.

The problem goes beyond ClickFix. Threat actors including North Korea's Lazarus group have weaponized command-line social engineering through fake job interviews, instructing victims to paste "troubleshooting" commands that install backdoors. When those commands contain visually identical but technically distinct characters, traditional security tools miss them entirely.

Supply-chain attacks that exploit developer trust in package managers present a related risk. We've covered cases where malicious npm packages delivered working functionality while silently exfiltrating credentials—Tirith's ecosystem detection rules could flag the suspicious registry sources and typosquatted package names before installation.

How It Integrates

Tirith supports four shell environments with specific hook mechanisms:

• zsh (5.8+): preexec hook and paste widget
• bash (5.0+): preexec with dual modes and health gating
• fish (3.5+): fish_preexec event
• PowerShell (7.0+): PSReadLine handler

Installation works through Homebrew, apt, dnf, npm, Cargo, Nix, Scoop, Chocolatey, and Docker. Activation requires a single line in your shell profile:

eval "$(tirith init --shell zsh)"

Beyond passive blocking, the tool includes several active analysis commands. tirith check lets you analyze a command without executing it. tirith score breaks down a URL's trust signals. tirith diff performs byte-level Unicode inspection to reveal hidden character substitutions. And tirith receipt creates SHA-256 audit trails for executed scripts—useful for compliance teams that need to prove what code actually ran in production environments.

The cmd.exe Blind Spot

One significant limitation: Tirith doesn't hook into Windows Command Prompt (cmd.exe). That's a problem because many ClickFix campaigns specifically instruct victims to open cmd.exe—not PowerShell—to paste malicious commands. While PowerShell 7.0+ is covered, the legacy command processor remains unprotected.

This isn't a trivial gap. Attackers deliberately target cmd.exe because it lacks the logging and policy enforcement that PowerShell provides. Any organization deploying Tirith should pair it with endpoint detection rules that monitor cmd.exe execution patterns separately.

Adoption and Licensing

Since its release, the project has gathered roughly 1,600 GitHub stars and 48 forks. It's free under AGPL-3.0 with copyleft obligations, meaning any modified version distributed as a service must also be open-sourced. Commercial licensing is available for organizations that can't comply with AGPL terms.

For security teams looking at broader terminal hardening, Tirith fills a gap that's been widened by the surge in social engineering attacks targeting developer workflows. Whether you're worried about homoglyph URLs, pipe-to-shell footguns, or ANSI injection, it's worth testing. The sub-millisecond overhead means there's little reason not to.