PROBABLY_PENTEST (1) campaign cataloged at 2025-03-02(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-03-marinff

Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing

Abuse categories

obfuscation

Campaign uses obfuscation.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

revshell

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Packages in the campaign

campaign:2025-03-marinff

• ctf-aio-tool
• marinff-test