https://github.com/greycloudss/flail
A repo filled with malware I tinkered into existence
https://github.com/greycloudss/flail
exploit malware pentesting security security-research vulnerability
Last synced: 6 days ago
JSON representation
A repo filled with malware I tinkered into existence
- Host: GitHub
- URL: https://github.com/greycloudss/flail
- Owner: greycloudss
- License: mit
- Created: 2026-05-31T22:45:40.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-06-13T14:32:38.000Z (27 days ago)
- Last Synced: 2026-06-13T16:23:02.563Z (27 days ago)
- Topics: exploit, malware, pentesting, security, security-research, vulnerability
- Language: Shell
- Homepage:
- Size: 8.79 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Awesome Lists containing this project
README
# Flail
This project is part of **The Armourer** series, however this project is more of a dump, a publication-like, repository for what I think is cool tinkering I do.
I would like to note, that this is **purely for educational purposes**, and I do not condone any harm towards any entity - alive or otherwise.
---
## Introduction
Hi, I guess this is just a repo where I drop lightly modified malware because I have sort of this weird interest in it. Each one will have a tiny writeup and a short description ish (...?). I do not know yet.
## The list
### [Sleeper](sleeper/sleeper.md)
[Sleeper](sleeper/sleeper.md) (<- the writeup) is a tiny ish 2 stage malware abusing telnets critical vulnerability ([CVE-2026-24061](https://nvd.nist.gov/vuln/detail/cve-2026-24061)). This vulnerability, once abused, grants the attacker instant root acces, meaning it works as initial access and a privilege escalation vulnerability. As this is a 2 stage software it consists of: a reactive credential harvester and the listener.
### [Dingus](dingus/dingus.md)
[Dingus](dingus/dingus.md) (<- the writeup) is a shellcode injection malware PoC, it has some obfuscation, positional keying, raw syscalls with obfuscated yet hardcoded SSNs etc. It's written in C++, hopefully for the next PoCs I drop they will be written in C.
### [Failures](failures/main.md)
Here I'll document [my failures](failures/main.md) (at least the notable ones), basically tinkering that did not succeed :(
---
## License
MIT License — fork, modify, and contribute freely.