PROBABLY_PENTEST (1) campaign cataloged at 2025-09-07(2).
- Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-08-netmanagement¶
The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the implementation that a) logs every request to a file (but no external exfiltration, this may also be expected in some situations); b) after every 5 requests, opens the calculator app. The second shows clearly that the intention is to present a security risk, not create a real package.
Abuse categories¶
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
other
Campaign uses other.