For educational purposes only, samples of stealer builders including screenshots.
-
Updated
Jul 1, 2026
For educational purposes only, samples of stealer builders including screenshots.
Your locale files are an unscanned attack surface. Evidence + i18n-security-lint, a CI scanner for the four security defect classes hiding in translated strings.
Scan code for invisible bidirectional Unicode characters (Trojan Source attack prevention, CVE-2021-42574)
Catches hidden and invisible-unicode instructions smuggled into AI coding-agent config and skill files. Zero-config CI check.
a modular offensive security framework designed for executing Unicode-based attacks, like those seen in the "GlassWorm" compromises
Reveal & remove invisible, dangerous & confusable characters in your text — zero-width spaces, BOMs, bidi (Trojan Source), homoglyphs, smart quotes. 100% local. Web app + library + CLI.
Desktop scanner for hidden marks and threats in Python code — invisible Unicode, steganography, homoglyphs, secrets and obfuscated code. PyQt6, RU/EN.
AI code security scanner MCP server — detects invisible Unicode, Trojan Source, homoglyphs, Glassworm steganography, rules file backdoors, and dependency attacks in AI-generated code. Static analysis + CodeBERT deep learning. Runs locally.
Detect, decode and strip invisible/dangerous Unicode (ASCII smuggling, zero-width, bidi Trojan Source, homoglyphs) in LLM text — zero-dep CLI + library.
Before you run AI-generated or downloaded code: a local-first Windows scanner that flags hidden Unicode payloads, auto-run scripts, and malicious AI-agent configs — with a 🔴/🟡/🟢 verdict. No install, nothing leaves your PC.
A linter for the documents your AI agents read. Catches invisible Unicode, hidden HTML-comment injections, prompt overrides, leaked secrets, and OOB-host markdown image exfil.
A security scanner designed to detect invisible Unicode vulnerabilities, BiDi overrides, and homoglyph attacks in source code to prevent Trojan Source exploits.
Deterministic offline scanner for repositories and package artifacts, detecting prompt injection, refusal bait, Trojan Source, obfuscation, and supply-chain anti-analysis before AI code review.
Pre-commit hook to detect and fix non-ASCII Unicode characters (smart quotes, invisible chars, Trojan Source attacks)
Detect and sanitize dangerous Unicode in user-supplied text, without breaking real RTL text or emoji
Reveal and safely remove invisible Unicode, hidden watermarks, and AI typography from pasted text. Runs entirely in your browser.
HIBERIUS — free, offline, single-file Unicode toolkit. Detect & remove invisible zero-width and bidirectional characters, watermark text, and browse a searchable special-character library. 100% client-side, zero network. Built with Claude Fable 5.
Add a description, image, and links to the trojan-source topic page so that developers can more easily learn about it.
To associate your repository with the trojan-source topic, visit your repo's landing page and select "manage topics."