PROBABLY_PENTEST (1) campaign cataloged at 2024-07-26(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

GENERIC-standard-pypi-install-pentest

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

Abuse categories

basic_exfiltration

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• oast.fun

• oast.pro

• oast.live

• oast.site

• oast.online

• oast.me

• oast.cz

• oastify.com

• burpcollaborator.net

• hxxps://hooks.slack.com/services/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

• tiktakdomain.com

• updatelap.org

• 164.90.176.41

• mcp-metrics-collection.s3.us-east-2.amazonaws.com

Packages in the campaign

campaign:GENERIC-standard-pypi-install-pentest

• 0x000testqwe
• 123bla
• accesspdp
• acpi-tables
• adafruit-display-text
• adafruit-imageload
• adent-core-api
• aiopbotocore
• airbnb-identity
• akatest
• akh-py
• alksdjpureranser
• amd-taichi
• amplify-python-logging
• anduril-lattice-sdk-grpc-python
• appetize-cli
• appsec-script-py
• appsec-utils
• arnold-toolbox
• arrayvec
• atlasctf-21-prod-22
• atlassian-exp
• atlassian-praz
• awareness-demo-pkg
• base-local-planner
• bigip
• binance-sdk-ebate
• blab111
• blabb111
• blabutt
• bladebit
• blobhunter-depconf-poc
• blz-test-package
• brotli-python
• c8test
• c8tks94kspjghtb
• c8tks94kspjyhtb
• c8tsdk
• caas-jupyter-tools
• canvas-crawler
• ccxt-bullish
• cdf-clients
• ceiec
• chain00x
• check-codeowners
• chosenrce18
• ci-metadata-python-logging
• cicd-ppe-redteam-test01
• cicd-ppe-redteam-test02
• cicd-ppe-test
• cittronn
• cloudx-auth
• cloudx-base
• cmdb-worker-pckg
• comfyui-node-pkg
• comfyui-node-test
• companyx-metaflow
• confirmedbywaseem
• coremsft
• crc32fast
• crpto
• crypo
• ctf-pipline-test
• ctftestsowwy
• ctosec-appsec-wb-xray-adapter
• ctosec-appsec-wb-xray-adapters
• cugraph-dgl
• cugraph-service-client
• cugraph-service-server
• d5e54nc32y1337
• d5e54ncy1337
• debug-toolbar
• deepseeek
• deepseek-fake
• deepseekai
• dell-recovery
• dell-restore-system
• dependency-confusion-test-666
• dependency133434fr43437
• dependency908
• dev-pipline-test
• dev-server-python
• dexat2
• dify-api
• discord-boteasy
• displaydoc
• django-aerospike-sessions
• donotinstallthisistest5
• donotinstallthisistest6
• edx-salesforce
• egarcia-poc
• elbloadmonitor
• evil-pkk
• example-vizsla-tutorial
• f5-logger
• f5rest
• faker-py123123thon
• faker-python
• flaask
• flashinfer
• flask-hookserver
• flatfox-api
• flatfox-api-python
• flexssl
• gatr
• geocommunes-geoportal
• get-incorrect-name-bob
• globrex
• gnosis-py
• goftvagoo
• golden-gates
• google-appengine-ext
• google-cloud-datacatalog-lineage-producer-client
• google-cloud-iam-credentials
• googleapis-googleapis-grpc-python
• gptall
• gpu-discovery
• gradio-videotimeline
• graphcore-cloud-tools
• graphemer
• greensadway
• greeter-pro-test
• groq-mcp
• groq-ppe-pkg
• gwpythonsectt1
• gwpythonsectt2
• hackerone-app-sdk
• hawzebisdzazf
• hello-from-shiphero
• hello-wordl
• hello-world-installer-test
• helloharry123c
• helloharry123p
• home-robot
• http-notifier-test
• initialtestingdonotpull1235
• interasdasdnal-data-parser
• is-number-object
• jamasp
• jd-mlops
• kms-tls-sdk
• krisp-audio
• lacucaracha
• lanchain-openai
• langraph
• layoutspecs
• lbank-connector-pythons
• libc-dev
• libgomp
• libopenblas
• libspatialindex
• littelbitx0
• livekit-agents-hedra
• mac12manoj
• manoj3121pip
• manojmacpy
• masirkhan
• matlibplot
• matplotlibp
• mcp-xyz
• medifile
• merbe
• merpe
• minemeld-core
• mkdocs-with-pdfs
• mkdsli
• moveworks-pipeline-test
• mulaptested-pakname
• multiutils
• murkh1111
• musl-dev
• muxf
• my-first-pypi-demo
• myhexsender
• mytonctrl
• netsec-monitor
• neural-compressor-jax
• nifty-cli
• noonutil
• notary-client
• oaieval
• oe-extract-ids
• oe-extract-idss
• opengrep
• optimux
• oracle-tools
• orion-algo-extrapol
• osanlizer
• osopackagepy
• otc-metadata
• p7zip-full
• packagemurder
• packed-w3shi
• pckaging
• pd-py-cli
• peptest
• peptest2
• pinloggertest
• pipeline-poision-test
• pipelinepoision-test
• piprce
• platform-harness-ecr-configmap
• poc-suppentest
• pokemon-app-sdk
• postgresql-connector-python
• private-test-1
• private-test-2
• private-test-4
• propeller-solver-core
• ptxcompiler
• puffioner131
• puffionerlolpo2131
• pxdbench
• py-sys-utils
• pydevd-inject
• pydiolag6688
• pylibcugraph
• pylibcugraphops
• pyqubee
• pysbark
• pytelegramapi
• python-amazon-doc-utils
• python-dateutil-malicious
• python-doenv
• python-drgn-commons-all
• python-drgn-commons-kafka
• python-drgn-commons-metrics
• python-drgn-commons-notebooks
• python-drgn-commons-pandas
• python-drgn-commons-spark
• python-ledgercommon
• python-requirements-inspector
• python3-autopep8
• pytorch-mutex
• qassabi
• qt-main
• quizdom
• r-irkernel
• radishwxm5
• raft-dask
• rapyd-logger
• requests-rapid
• requests-rapidl
• requests-rapidly
• rippling-cli
• robustinfer
• route-search
• rqeuets
• rtpoc1
• rtxt-dep2
• rtxt-dep3
• rtxt-dep4
• ruamel-poc
• runway-python
• rwimodeling
• rzr-home
• s4transfer
• saml-helper
• search-python-common
• securedrop-workstation-dom0-config
• security-automation-job
• sensadway
• serpapi-python
• sfnt2woff-zopfli
• shinchina
• shiva123456
• sitoogether
• sketchfab-spinner
• sklearns
• solana-program
• some-random-package-33
• someeebbb
• springboot
• st-py-de-cli
• stackstorm-runner-action-chain
• stationschedule
• statsapi
• story-mcp-hub
• strands-agents-anthropic
• subdomainer
• sumo-py-cli
• supersafecalc
• supersafereverse
• swiv
• szn-rain-client
• szn-sasanka
• szn-search-mlops-common
• szn-search-mlops-serp-downloader
• szn-url
• szn-zbozi-ab-testing-fulltext
• tchap-bot
• telstra
• terraformness
• test-for-ppe
• test-test-asd-1
• testcatplzignore
• testing123kk
• testospkg
• testpackageroietest2
• testpackageroietest3
• testpackageroietest4
• testppe-pkg
• testpurpleteaming
• testpysecure
• testresearchpackagedc
• testt-abc
• testt-test
• thecorrectjames
• this-is-poc-fortesting-dontinstall-12345
• thisisthedaventest
• thisisthedaventestz
• thread-pipeline-test
• threading-helper
• titifel-pyip
• titifel-pypi
• tokyo-ppe-test
• tomli-dzw
• torchflow-experimental
• tosa-serialization-lib
• totallysafe
• transitive-req
• treeherder-submitter
• trunket-dev-driver
• ttam-ploy
• umap
• userver-requires-at-least-python-3-10
• usvr-agent
• vcdiff-py
• vfsrce18
• vfsrcetest
• voto3
• vsc-accountpage-clients
• vsc-config
• w3shi-h1
• w7-poc
• w722-poc
• wandb-widget
• waseem4321
• wasi8787878
• wasig4321
• wave-opensdk
• wr-test
• xadauiom
• xsltproc
• xx-ent-wiki-sm
• your-module-name
• yt-yson-bindings