Skip to content

vaniag-7/Ghostcode

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

GhostCode

This project shows how visually identical code can hide backdoors and trick human reviewers. It’s based on CVE-2021-42574.

Why It Matters:

Code review is supposed to stop bad code, but reviewers mostly read with their eyes. Yes, automated tools like linters, CI/CD exist but they don’t catch invisible Unicode tricks.

Open-source is trust-based: anyone can submit a PR, and a sneaky character could slip in without anyone noticing. That’s what this demo shows.

How It Works poc_clean.py: normal users, normal roles. poc_obfuscated.py: guest can get admin access because of a hidden Cyrillic а. ghostcode.py: detects hidden Unicode like zero-width chars, bidirectional overrides, and homoglyphs.

Run the PoC to see how easy it is to hide something in plain sight.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages