Your browser would catch this.
Your terminal won't.
Tirith intercepts commands and pastes in your terminal, detecting homograph attacks, pipe-to-shell patterns, ANSI injection, and 30+ other threats — in under 1ms.
See It In Action
Click a scenario to see how Tirith responds.
What It Catches
8 threat categories covering every angle of terminal attack surface.
Hostname
Homograph attacks, punycode, confusable characters, IDN spoofing
Path
Non-ASCII paths, homoglyphs, encoded traversal sequences
Transport
Insecure HTTP, TLS downgrades, URL shorteners, data URIs
Terminal
ANSI injection, bidi overrides, zero-width chars, control sequences
Command
Pipe-to-shell, dotfile persistence, archive bombs, code substitution
Environment
Proxy hijacking and environment variable manipulation
Ecosystem
Git, Docker, pip, npm, Web3 — supply-chain attack surface
Policy
Custom blocklists and organizational security policies
How It Works
A 3-tier pipeline that balances speed with thoroughness.
Fast Gate
Regex-powered initial filter eliminates 99% of clean commands instantly.
Extract
Parses URLs, Docker references, and package identifiers from complex commands.
Analyze
35 rules across 8 categories — homographs, injection, supply-chain, and more.
Installation
Install Tirith with your favorite package manager.
brew install sheeki03/tap/tirith
Shell Activation
# Add to your shell config (~/.bashrc, ~/.zshrc) eval "$(tirith init)"