Skip to content
🕵️‍♀️🕵️‍♂️ Ruby gem for determining whether a given URL is considered an IDN homograph attack
Ruby
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
lib
test
.gitignore
.ruby-version
CODE_OF_CONDUCT.md
Gemfile
Gemfile.lock
LICENSE.txt
NOTICE.md
README.md
Rakefile
homograph-detector.gemspec

README.md

ruby-homograph-detector

Ruby gem for determining whether a given URL is considered an IDN homograph attack. The underlying algorithm used in this gem is loosely based on Google Chrome’s IDN display algorithm. To learn more about why and how you defend against homograph attacks, see this blog post.

Installation

Install the homograph-detector gem, or add it to your Gemfile with bundler:

# In your Gemfile
gem 'homograph-detector'

Usage

The homograph-detector gem provides a single function homograph_attack? which takes a URL string and determines if the URL is considered a homograph attack:

HomographDetector.homograph_attack?('<your URL here>')

Examples

URL with Latin characters:

HomographDetector.homograph_attack?('https://paypal.com') # false

URL with confusable Cyrillic characters:

HomographDetector.homograph_attack?('https://раураӏ.com') # true

URL with non-confusable Cyrillic characters:

HomographDetector.homograph_attack?('http://яндекс.рф') # false

URL with multiple scripts:

# Greek and Latin
HomographDetector.homograph_attack?('wikiρedia.org') # true

# Japanese and Latin
HomographDetector.homograph_attack?('hello你好.com') # false

License

Licensed under Apache License, Version 2.0 (LICENSE.txt or http://www.apache.org/licenses/LICENSE-2.0).

For a summary of the licenses used by ruby-homograph-detector’s dependencies, see NOTICE.md.

You can’t perform that action at this time.