This is a python script for exploiting werkzeug debug to achieve RCE. It can execute command on the remote system.
git clone https://github.com/its0x08/werkzeug-debug.git
cd werkzeug-debug
pip3 install --user -r requirements.txt
python3 main.py example.com whoamiTo test it locally you can start the mock Flask server by executing the command below.
WERKZEUG_DEBUG_PIN=off python3.10 mock_flask.py- Add PIN bruteforce
-
Add arg parser -
Add support forclearandexitcommands - Add support for autocompletion
- Add read file functionality
- Add reverse shell functionality
If you decide to make a pull request to suggest your changes to the project, please don't forget to add your name to the CONTRIBUTING.md file.
You have a new feature in mind?
The code is buggy, wont run as expected and you happen to know python?
Please make a Pull Request (PR) suggesting you changes.
Otherwise you can always open an Issue to help improve this project.