Update - 19 AV vendors on VT now detect this. https://www.bleepingcomputer.com/ne...spite-being-uploaded-on-github-two-years-ago/
Was coldroot originally coded to be a legitimate remote session app, or was it always used to show Security vulnerabilities? Regardless I think it should be detected by AVs.
According to VirusTotal Eset, Bitdefender, and Kaspersky is detecting it. There's a lot of AVs that are still not detecting it though, including very well known AVs like Symantec.