{"id":13877884,"url":"https://github.com/basecamp/homographic_spoofing","last_synced_at":"2026-03-16T11:31:07.202Z","repository":{"id":245232278,"uuid":"604237921","full_name":"basecamp/homographic_spoofing","owner":"basecamp","description":"Toolkit to both detect and sanitize homographic spoofing attacks in URLs and Email addresses","archived":false,"fork":false,"pushed_at":"2025-06-05T05:24:54.000Z","size":289,"stargazers_count":113,"open_issues_count":4,"forks_count":4,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-07-18T05:34:46.250Z","etag":null,"topics":["homograph-attack"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/basecamp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-02-20T16:16:59.000Z","updated_at":"2025-06-05T22:24:09.000Z","dependencies_parsed_at":"2024-06-20T18:52:06.445Z","dependency_job_id":"e516f83d-b9c6-4dd4-88c3-d6be687d6d2b","html_url":"https://github.com/basecamp/homographic_spoofing","commit_stats":null,"previous_names":["basecamp/homographic_spoofing"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/basecamp/homographic_spoofing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecamp%2Fhomographic_spoofing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecamp%2Fhomographic_spoofing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecamp%2Fhomographic_spoofing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecamp%2Fhomographic_spoofing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/basecamp","download_url":"https://codeload.github.com/basecamp/homographic_spoofing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecamp%2Fhomographic_spoofing/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265721660,"owners_count":23817480,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["homograph-attack"],"created_at":"2024-08-06T08:01:33.957Z","updated_at":"2026-03-16T11:31:02.179Z","avatar_url":"https://github.com/basecamp.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# HomographicSpoofing\n\nToolkit to both detect and sanitize [homographic spoofing attacks](https://en.wikipedia.org/wiki/IDN_homograph_attack) in URLs and Email addresses.\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem \"homographic_spoofing\"\n```\n\nAnd then execute:\n\n```bash\n$ bundle\n```\n\nOr install it yourself as:\n\n```bash\n$ gem install homographic_spoofing\n```\n## Configuration\n\nIf `HomographicSpoofing.logger` is set to a Logger instance, the gem will log all the violations found. If you're using Rails,\nit is automatically configured to use `Rails.logger`, otheriwse you can set it manually:\n\n```ruby\nHomographicSpoofing.logger = Logger.new(\"log/homographic_spoofing.log\")\n```\n\n## Usage\n\n### IDN\n\n[What is an IDN](https://en.wikipedia.org/wiki/Internationalized_domain_name)\n\n**Check if an IDN is an homographic spoof**\n\n```ruby\nHomographicSpoofing.idn_spoof?(\"www.basecаmp.com\")\n# =\u003e true, uses cyrillic 'а' instead of latin 'a'\nHomographicSpoofing.idn_spoof?(\"www.basecamp.com\")\n# =\u003e false\n```\n\n**Sanitize an IDN**\n\nThe library can also sanitize an IDN by converting all confusable characters to their punycode representation.\n\n```ruby\nHomographicSpoofing.sanitize_idn(\"www.basecаmp.com\")\n# =\u003e \"www.xn--basecmp-6fg.com\"\nHomographicSpoofing.sanitize_idn(\"www.basecamp.com\")\n# =\u003e \"www.basecamp.com\"\n```\n\n### Email addresses\n\nAn email address is formed from three main parts:\n\n\"Jacopo Beschi\" \u003c\u003cjacopo.beschi@basecamp.com\u003e\u003e\n\n- The domain-part is \"basecamp.com\"\n- The local-part is \"jacopo.beschi\"\n- The quoted-string-part is \"Jacopo Beschi\"\n\n**Check if an email_address is an homographic spoof**\n\n```ruby\nHomographicSpoofing.email_address_spoof?(%{\"Jacopo Beschi\" \u003cjacopo.beschi@basecаmp.com\u003e})\n# =\u003e true, uses cyrillic 'а' instead of latin 'a'\n```\n\n**Sanitize an email_address**\n\n```ruby\n\u003e\u003e HomographicSpoofing.sanitize_email_address(%{\"Jacopo Beschi\" \u003cjacopo.beschi@basecаmp.com\u003e})\n# =\u003e \"\\\"Jacopo Beschi\\\" \u003cjacopo.beschi@xn--basecmp-6fg.com\u003e\"\n```\n\n**Check if an email_address local-part is an homographic spoof**\n\n```ruby\nHomographicSpoofing.email_local_spoof?(\"jacopo.beschi\")\n# =\u003e false\n```\n\n**Check if an email_address quoted-string-part is an homographic spoof**\n\n```ruby\nHomographicSpoofing.email_name_spoof?(\"Jacopo Beschi\")\n# =\u003e false\n```\n\n**Sanitize an email_address quoted-string-part**\n\n```ruby\nHomographicSpoofing.sanitize_email_name(\"Jacopo Beschi\")\n# =\u003e \"Jacopo Beschi\"\n```\n\n## Development\n\nTo experiment, start the console with `bin/console`.\nRun the test via `bin/test`.\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/basecamp/homographic_spoofing.\n\n## License\n\nThe IDN spoof detection algorithms are inspired by Chromium's [spoof_check](https://source.chromium.org/chromium/chromium/src/+/main:components/url_formatter/spoof_checks/) source code.\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecamp%2Fhomographic_spoofing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbasecamp%2Fhomographic_spoofing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecamp%2Fhomographic_spoofing/lists"}