## https://sploitus.com/exploit?id=CBA18AB2-47C0-52C4-84F0-0F5DA9FA71D3
# ShatteredFTP Dual exploiter
## Overview
This exploit script targets vulnerabilities in CrushFTP’s user creation/authentication process, offering dual mode support:
- **CVE-2025-2825**
Exploits a flaw in XML payload handling during user creation. Use this when your target’s web interface responds per the Rapid7 analysis.
- **CVE-2025-31161**
Exploits a variant in the authentication mechanism with subtle differences. Use this if targets are filtering the CVE-2025-2825 payload.
## Key Features
- **Dual-CVE Modes:** Switch modes with `--cve` (`2825` or `31161`).
- **Mass Testing:** Test multiple hosts concurrently using multi-threading.
- **CSV Logging:** Optionally save the test results into a CSV file.
- **ASCII Art Banner in Help:** When run without arguments (or with `--help`), the help menu shows a custom ASCII art banner.
## Prerequisites
- Python 3.x
- `requests` library (`pip install requests`)
## Usage Examples
### Single Target
```bash
python3 exploit.py --target_host <TARGET_IP> --port 8080 --cve 2825