Tirith Locks Down Shell Commands to Stop Imposter Homoglyph Attacks
A new open-source, cross-platform tool called Tirith hooks into major shells to inspect pasted commands for dangerous URLs and other homoglyph tricks, blocking execution locally with sub-millisecond overhead. It defends against homograph domains, terminal injections, pipe-to-shell patterns, dotfile hijacking, insecure transports, supply-chain risks, and credential exposure, while performing analysis offline and without telemetry. It supports Windows, Linux, and macOS and can be installed via Homebrew, apt/dnf, npm, Cargo, Nix, Scoop, Chocolatey, and Docker. It does not hook cmd.exe and has limited independent testing at publication.