flask-werkzeug-attack

Community

Exploit Flask debugger for secret leaks and RCE.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of identifying and exploiting exposed Flask/Werkzeug debuggers in production web applications, which leak sensitive server information and can enable unauthenticated remote code execution when misconfigured.

Core Features & Use Cases

  • Debugger Detection: Identify active Werkzeug debuggers via distinctive error page signatures, SECRET value disclosures, and console mode flags.
  • Sensitive Data Extraction: Pull filesystem paths, source code snippets, framework versions, and debug SECRETs from exposed traceback pages.
  • RCE Assessment: Validate if the debugger console is enabled to execute arbitrary Python commands for full server compromise. Use Case: During a June 2026 penetration test of a health SaaS platform, this Skill was used to identify an exposed debugger on port 8084, extract the server SECRET, and confirm the console was disabled to avoid false RCE assumptions.

Quick Start

Use the flask-werkzeug-attack skill to scan the target host on port 8084 for exposed Werkzeug debuggers, extract any leaked SECRET values, and check if remote code execution via the debugger console is possible.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: flask-werkzeug-attack
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#flask-werkzeug-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.