wyreup
inspect

Text Confusable

Detect Unicode homoglyph attacks. Flags non-Latin lookalikes (Cyrillic а, Greek ο, fullwidth Latin, mathematical alphanumeric) and tokens that mix scripts — exactly the patterns used in domain spoofing, fake usernames, and prompt-injection text.

Loading…

About Text Confusable

Text Confusable scans text for Unicode homoglyph tricks: characters that look like ordinary Latin letters but aren't, such as a Cyrillic а, a Greek ο, fullwidth Latin, or mathematical alphanumeric glyphs. It also flags tokens that mix scripts within a single word, the exact pattern behind domain spoofing, fake usernames, and sneaky prompt-injection text. It runs in your browser, so you can inspect suspicious strings without handing them to a third party.

Category
inspect
Input
Accepts: text/plain.
Output
Outputs: application/json.
Cost
Free, runs in your browser
Memory
low
Privacy: Text Confusable runs entirely on your device. Files you provide never leave your browser — no uploads, no server, no tracking. The page works offline once loaded.

Common uses

  • Check whether a login or domain like аpple.com uses a Cyrillic letter to impersonate a real brand
  • Screen new usernames or display names for lookalike characters before approving them
  • Audit pasted text for hidden mixed-script tokens that may be a prompt-injection attempt
  • Inspect an email sender or link label that looks legitimate but renders subtly off
  • Review imported data for fullwidth or mathematical letters that will break exact-match lookups
  • Teach a team what an IDN homograph attack actually looks like with live examples

Frequently asked questions

What kinds of lookalikes does it catch?

Non-Latin homoglyphs (Cyrillic, Greek), fullwidth Latin, mathematical alphanumeric variants, and tokens that mix scripts within one word.

Does it work on whole paragraphs or just single words?

It accepts any plain text and analyzes it token by token, so you can paste a full message and see which pieces are suspect.

Is my text uploaded for analysis?

No. The confusable detection runs entirely client-side in your browser; the text you paste never leaves your device.

What format is the output?

It returns JSON listing the flagged tokens and the reasons they were flagged, so you can act on or log the findings.

Will it flag normal multilingual text as an attack?

It flags mixed-script tokens and known confusables; legitimately multilingual text spread across separate words is far less likely to trip it than a single word that blends scripts.

Keywords

  • confusable
  • homoglyph
  • unicode
  • security
  • phishing
  • spoofing
  • idn
  • mixed-script

Try next

Text Redact
privacy

Once you've vetted suspicious text, strip any PII it contains before sharing.
HTML Extract Links
text

Pull links out of a suspicious page, then run their domains through confusable detection.
URL Encoder
convert

Decode percent-encoded URLs to reveal the real characters hiding in a link.
Color Palette
inspect

Extract dominant colors from an image as hex codes.
Image Diff
inspect

Pixel-level diff between two images of the same dimensions.
Image Info
inspect

Extract dimensions, format, and metadata from an image.
PDF Info
inspect

Extract page count and metadata from a PDF.
Hash
inspect

Compute SHA-256, SHA-1, or SHA-512 hashes of files.
JSON Formatter
inspect

Parse and pretty-print JSON with configurable indentation.
Extract PDF Tables
export

Extract tabular data from a PDF as JSON or CSV. Works well for simple tables with aligned columns and no merged cells. Complex tables, rotated text, and scanned PDFs (images) will not extract cleanly.
Topic Keywords
text

Pull the topic-bearing nouns and noun phrases out of any text. Answers "what is this about" — not "what words appear most" (try Text Frequency for that). Runs entirely in your browser.