Skip to content

PROBABLY_PENTEST (1) campaign cataloged at 2026-01-31(2).

  1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

GENERIC-beacon-dependency-confusion

Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated.

Abuse categories

dependency-confusion

An attempt to exploit dependency confusion

typosquatting

The package name is an typosquatting variant of a popular package.

Packages in the campaign

campaign:GENERIC-beacon-dependency-confusion