{"id":13845162,"url":"https://github.com/JoelGMSec/Thunderstorm","last_synced_at":"2025-07-12T01:31:47.776Z","repository":{"id":118632552,"uuid":"608087244","full_name":"JoelGMSec/Thunderstorm","owner":"JoelGMSec","description":"Modular framework to exploit UPS devices","archived":false,"fork":false,"pushed_at":"2023-03-01T10:14:43.000Z","size":309,"stargazers_count":63,"open_issues_count":0,"forks_count":7,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-05-08T20:45:09.571Z","etag":null,"topics":["exploit","rce","rce-exploit","rce-scanner","ups"],"latest_commit_sha":null,"homepage":"https://darkbyte.net","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JoelGMSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":"JoelGMSec","patreon":null,"open_collective":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop"]}},"created_at":"2023-03-01T09:44:07.000Z","updated_at":"2025-02-13T11:55:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"e8b1726a-e9f7-4d2d-bcfc-faf3c1b1a4a1","html_url":"https://github.com/JoelGMSec/Thunderstorm","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JoelGMSec/Thunderstorm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FThunderstorm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FThunderstorm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FThunderstorm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FThunderstorm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JoelGMSec","download_url":"https://codeload.github.com/JoelGMSec/Thunderstorm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FThunderstorm/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923079,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","rce","rce-exploit","rce-scanner","ups"],"created_at":"2024-08-04T17:03:14.765Z","updated_at":"2025-07-12T01:31:47.245Z","avatar_url":"https://github.com/JoelGMSec.png","language":"Python","funding_links":["https://github.com/sponsors/JoelGMSec","https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop","https://www.buymeacoffee.com/joelgmsec"],"categories":["Python"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg width=500 alt=\"Thunderstorm\" src=\"https://github.com/JoelGMSec/Thunderstorm/blob/main/Thunderstorm.png\"\u003e\u003c/p\u003e\n\n# Thunderstorm\n**Thunderstorm** is a modular framework to exploit UPS devices. \n\nFor now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n\n\n# CVE\nThunderstorm is currently capable of exploiting the following CVE:\n\n- CVE-2022-47186 – Unrestricted file Upload # [CS-141]\n- CVE-2022-47187 – Cross-Site Scripting via File upload # [CS-141]\n- CVE-2022-47188 – Arbitrary local file read via file upload # [CS-141]\n- CVE-2022-47189 – Denial of Service via file upload # [CS-141]\n- CVE-2022-47190 – Remote Code Execution via file upload # [CS-141]\n- CVE-2022-47191 – Privilege Escalation via file upload # [CS-141]\n- CVE-2022-47192 – Admin password reset via file upload # [CS-141]\n- CVE-2022-47891 – Admin password reset # [NetMan 204]\n- CVE-2022-47892 – Sensitive Information Disclosure # [NetMan 204]\n- CVE-2022-47893 – Remote Code Execution via file upload # [NetMan 204]\n\n\n# Requirements\n- Python 3\n- Install requirements.txt\n\n# Download\nIt is recommended to clone the complete repository or download the zip file.\nYou can do this by running the following command:\n```\ngit clone https://github.com/JoelGMSec/Thunderstorm\n```\n\nAlso, you probably need to download the original and the custom firmware.\nYou can download all requirements from here:\nhttps://darkbyte.net/links/thunderstorm.php\n\n# Usage\n```\n- To be disclosed\n\n```\n\n### The detailed guide of use can be found at the following link:\n\n - To be disclosed\n\n\n# License\nThis project is licensed under the GNU 3.0 license - see the LICENSE file for more details.\n\n\n# Credits and Acknowledgments\nThis tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec\n\n\n# Contact\nThis software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.\n\nFor more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).\n\n\n# Support\nYou can support my work buying me a coffee:\n\n[\u003cimg width=250 alt=\"buymeacoffe\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-blue.png\"\u003e](https://www.buymeacoffee.com/joelgmsec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoelGMSec%2FThunderstorm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJoelGMSec%2FThunderstorm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoelGMSec%2FThunderstorm/lists"}