An open API service indexing awesome lists of open source software.

https://github.com/greycloudss/flail

A repo filled with malware I tinkered into existence
https://github.com/greycloudss/flail

exploit malware pentesting security security-research vulnerability

Last synced: 6 days ago
JSON representation

A repo filled with malware I tinkered into existence

Awesome Lists containing this project

README

          

# Flail

This project is part of **The Armourer** series, however this project is more of a dump, a publication-like, repository for what I think is cool tinkering I do.
I would like to note, that this is **purely for educational purposes**, and I do not condone any harm towards any entity - alive or otherwise.

---
## Introduction
Hi, I guess this is just a repo where I drop lightly modified malware because I have sort of this weird interest in it. Each one will have a tiny writeup and a short description ish (...?). I do not know yet.

## The list

### [Sleeper](sleeper/sleeper.md)
[Sleeper](sleeper/sleeper.md) (<- the writeup) is a tiny ish 2 stage malware abusing telnets critical vulnerability ([CVE-2026-24061](https://nvd.nist.gov/vuln/detail/cve-2026-24061)). This vulnerability, once abused, grants the attacker instant root acces, meaning it works as initial access and a privilege escalation vulnerability. As this is a 2 stage software it consists of: a reactive credential harvester and the listener.

### [Dingus](dingus/dingus.md)
[Dingus](dingus/dingus.md) (<- the writeup) is a shellcode injection malware PoC, it has some obfuscation, positional keying, raw syscalls with obfuscated yet hardcoded SSNs etc. It's written in C++, hopefully for the next PoCs I drop they will be written in C.

### [Failures](failures/main.md)
Here I'll document [my failures](failures/main.md) (at least the notable ones), basically tinkering that did not succeed :(

---
## License
MIT License — fork, modify, and contribute freely.