Werkzeug Debug-enabled RCE v0.1.2-beta

This is a python script for exploiting werkzeug debug to achieve RCE. It can execute command on the remote system.

Usage

git clone https://github.com/its0x08/werkzeug-debug.git
cd werkzeug-debug
pip3 install --user -r requirements.txt
python3 main.py example.com whoami

Testing locally

To test it locally you can start the mock Flask server by executing the command below.

WERKZEUG_DEBUG_PIN=off python3.10 mock_flask.py

TODO

• Add PIN bruteforce
• Add arg parser
• Add support for clear and exit commands
• Add support for autocompletion
• Add read file functionality
• Add reverse shell functionality

Contributors

If you decide to make a pull request to suggest your changes to the project, please don't forget to add your name to the CONTRIBUTING.md file.

Pull Requests & Issues

You have a new feature in mind?

The code is buggy, wont run as expected and you happen to know python?

Please make a Pull Request (PR) suggesting you changes.

Otherwise you can always open an Issue to help improve this project.

Enjoy it !