Cyrillic Lookalike Converter

Swap Latin letters for near-identical Cyrillic homoglyphs (a→а, o→о, p→р) to demonstrate spoofing.

Free Cyrillic homoglyph converter. Replace Latin letters with visually identical Cyrillic characters to demonstrate and understand homoglyph and IDN spoofing attacks. Counts how many characters were swapped. Runs in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is a homoglyph?

A homoglyph is a character from one script that looks identical, or nearly identical, to a character from another. The Cyrillic а (U+0430) and the Latin a (U+0061) render the same in most fonts but are completely different code points, which is what makes them useful for spoofing and confusing for security.

This converter replaces Latin letters with visually identical Cyrillic homoglyphs, the trick behind homoglyph and IDN spoofing attacks. The output looks like ordinary Latin text but is built from entirely different Unicode code points. It is provided as a security-awareness and detection tool — so you can see, count, and recognise the swap, not so you can deceive anyone. Everything runs locally in your browser.

Why homoglyph attacks work

The root cause is that Unicode contains thousands of code points, many of which were standardised from existing scripts that independently developed the same letterforms. Cyrillic and Latin both trace their origins partly to Greek, so a Cyrillic lowercase а (U+0430) and a Latin lowercase a (U+0061) look identical in virtually every screen font. Operating systems, DNS resolvers, and email clients all treat them as different strings, but a human eye cannot tell them apart.

This is the basis of IDN homoglyph attacks: a bad actor registers pаypal.com where the a is Cyrillic, then sends phishing emails with that link. The rendered URL looks legitimate; the destination is not.

How it works

Many Cyrillic letters were designed to share shapes with Latin ones, so in most fonts they are indistinguishable. The converter maps each Latin character to its closest Cyrillic counterpart:

a -> а (U+0430)   e -> е (U+0435)   o -> о (U+043E)
p -> р (U+0440)   c -> с (U+0441)   x -> х (U+0445)
A -> А (U+0410)   E -> Е (U+0415)   H -> Н (U+041D)

Only letters with a convincing match are swapped; the rest stay Latin. A live counter reports how many characters were replaced, which is exactly the signal a homoglyph detector looks for — mixed scripts within a single token.

Worked example: a domain name

Input: apple.com

After conversion, the a becomes Cyrillic а, the two p letters become Cyrillic р, and the e becomes Cyrillic е. The result still renders as apple.com in a typical font, but a Unicode inspector reports four Cyrillic code points mixed in. In a real browser, registrars that enforce IDNA2008 would display the Punycode form (xn--...) for this domain, revealing the substitution. The swap count here is four — the signal any homoglyph filter would catch.

Practical defence tips

  • Paste suspicious links into a Unicode inspector before clicking. Any legitimate domain should contain only Basic Latin characters (U+0000–U+007F) in the hostname.
  • Look for Punycode. Browsers show xn-- forms in the address bar for mixed-script domains; an xn-- in a domain hostname is a reason to pause.
  • Email filters and brand protection tools scan display names and link text for Cyrillic/Latin mixing. Test yours against the output of this tool to confirm the rule fires.
  • For developers, normalise and compare domain strings with IDNA libraries and run a confusable-character check against your brand name in brand-monitoring pipelines.

Use this tool to train your eye and your filters. Using homoglyphs to impersonate brands or phish users is illegal under fraud and computer-misuse laws in most countries.