Skip to content
/ ShatteredFTP Public

Shattered is a tool and POC for the new CrushedFTP vulns, CVE Exploit Script: CVE-2025-2825 vs CVE-2025-31161

12 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ghostsec420/ShatteredFTP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Shattered.py
Shattered.py
 
 
readme.md
readme.md
 
 

Repository files navigation

ShatteredFTP Dual exploiter

Overview

This exploit script targets vulnerabilities in CrushFTP’s user creation/authentication process, offering dual mode support:

  • CVE-2025-2825
    Exploits a flaw in XML payload handling during user creation. Use this when your target’s web interface responds per the Rapid7 analysis.
  • CVE-2025-31161
    Exploits a variant in the authentication mechanism with subtle differences. Use this if targets are filtering the CVE-2025-2825 payload.

Key Features

  • Dual-CVE Modes: Switch modes with --cve (2825 or 31161).
  • Mass Testing: Test multiple hosts concurrently using multi-threading.
  • CSV Logging: Optionally save the test results into a CSV file.
  • ASCII Art Banner in Help: When run without arguments (or with --help), the help menu shows a custom ASCII art banner.

Prerequisites

  • Python 3.x
  • requests library (pip install requests)

Usage Examples

Single Target

python3 exploit.py --target_host <TARGET_IP> --port 8080 --cve 2825

About

Shattered is a tool and POC for the new CrushedFTP vulns, CVE Exploit Script: CVE-2025-2825 vs CVE-2025-31161

Resources

Readme
Activity

Stars

12 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages