Skip to main content

Detect confusable usage of unicode homoglyphs, prevent homograph attacks.

Project description

a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar wikipedia:Homoglyph

Unicode homoglyphs can be a nuisance on the web. Your most popular client, AlaskaJazz, might be upset to be impersonated by a trickster who deliberately chose the username ΑlaskaJazz.

  • AlaskaJazz is single script: only Latin characters.

  • ΑlaskaJazz is mixed-script: the first character is a greek letter.

You might also want to avoid people being tricked into entering their password on www.microsо or www.faϲ instead of or Here is a utility to play with these confusable homoglyphs.

Not all mixed-script strings have to be ruled out though, you could only exclude mixed-script strings containing characters that might be confused with a character from some unicode blocks of your choosing.

  • Allo and ρττ are fine: single script.

  • Alloτ is fine: mixed script, but τ is not confusable.

  • Alloρ is dangerous: mixed script and ρ could be confused with p.



from confusable_homoglyphs import confusables



Boolean: is unicode_string mixed-script.


confusables.is_confusable(unicode_string, greedy=False, preferred_aliases=[])

Takes a character or string and returns each character present in unicode’s confusable characters list.

If greedy=False, it will only return the first confusable character found without looking at the rest of the string, greedy=True returns all of them.

preferred_aliases=[] can take an array of unicode block aliases to be considered as your ‘base’ unicode blocks:

  • considering paρa,

    • with preferred_aliases=['latin'], the 3rd character ρ would be returned because this greek letter can be confused with latin p.

    • with preferred_aliases=['greek'], the 1st character p would be returned because this latin letter can be confused with greek ρ.

    • with preferred_aliases=[] and greedy=True, you’ll discover the 29 characters that can be confused with p, the 23 characters that look like a, and the one that looks like ρ (which is, of course, p aka LATIN SMALL LETTER P).


confusables.is_dangerous(unicode_string, preferred_aliases=[])

Boolean: True if is_mixed_script(unicode_string) and is_confusable(unicode_string).

The preferred_aliases argument is simply passed to is_confusable.

Is the data up to date?


The unicode blocks aliases and names for each character are extracted from this file provided by the unicode consortium.

The matrix of which character can be confused with which other characters is built using this file provided by the unicode consortium.

This data is stored in two JSON files: categories.json and confusables.json. If you delete them, they will both be recreated by downloading and parsing the two abovementioned files and stored as JSON files again.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

confusable_homoglyphs-1.0.tar.gz (30.0 kB view hashes)

Uploaded source

Built Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page