PROBABLY_PENTEST (1) campaign cataloged at 2025-06-07(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-06-atlasctf

On installation or importing, the package attempts to exfiltrate some basic information, e.g. /etc/passwd

Abuse categories

basic_exfiltration

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

exfiltration_generic

Campaign uses exfiltration_generic.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

Packages in the campaign

campaign:2025-06-atlasctf

• atlasctf-21-prod-00
• atlasctf-21-prod-01
• atlasctf-21-prod-02
• atlasctf-21-prod-03
• atlasctf-21-prod-04
• atlasctf-21-prod-05
• atlasctf-21-prod-06
• atlasctf-21-prod-07
• atlasctf-21-prod-08
• atlasctf-21-prod-09
• atlasctf-21-prod-10
• atlasctf-21-prod-11
• atlasctf-21-prod-12
• atlasctf-21-prod-13
• atlasctf-21-prod-14
• atlasctf-21-prod-15
• atlasctf-21-prod-16
• atlasctf-21-prod-17
• atlasctf-21-prod-18
• atlasctf-21-prod-19
• atlasctf-21-prod-20
• atlasctf-21-prod-21
• atlasctf-21-prod-29