Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
cloudflyer
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.0.5
- Maintainers
- 1
Cloudflyer
Cloudflyer is a Python service that helps solve various web security challenges including Cloudflare challenges, Turnstile captchas, and reCAPTCHA Invisible.
Features
- Cloudflare challenge solver
- Turnstile captcha solver
- reCAPTCHA Invisible solver
- Proxy support (HTTP/SOCKS)
- Concurrent task processing
- RESTful API server
Installation
pip install cloudflyer
Quick Start
Example Script
# Run example cloudflare solving with proxy
python test.py cloudflare -x socks5://127.0.0.1:1080
# Run example turnstile solving
python test.py turnstile
# Run example recaptcha invisible solving
python test.py recaptcha
Solver Server
cloudflyer -K YOUR_CLIENT_KEY
Options:
-K, --clientKey: Client API key (required)-M, --maxTasks: Maximum concurrent tasks (default: 1)-P, --port: Server listen port (default: 3000)-H, --host: Server listen host (default: localhost)-T, --timeout: Maximum task timeout in seconds (default: 120)
Docker
Docker:
docker run -it --rm -p 3000:3000 jackzzs/cloudflyer -K YOUR_CLIENT_KEY
Docker Compose:
version: 3
services:
cloudflyer:
image: jackzzs/cloudflyer
container_name: cloudflyer
restart: unless-stopped
ports:
- 3000:3000
API Endpoints for Server
Create Task
Request:
POST /createTask
Content-Type: application/json
{
"clientKey": "your_client_key",
"type": "CloudflareChallenge",
"url": "https://example.com",
"userAgent": "...",
"proxy": {
"scheme": "socks5",
"host": "127.0.0.1",
"port": 1080
},
"content": false
}
- Field
userAgentandproxyis optional. - Supported task types:
CloudflareChallenge,Turnstile,RecaptchaInvisible - For
Turnstiletask,siteKeyis required. - For
RecaptchaInvisibletask,siteKeyandactionis required. - For
CloudflareChallengetask, setcontentto true to get page html inresponse.
Response:
{
"taskId": "21dfdca6-fbf5-4313-8ffa-cfc4b8483cc7"
}
Get Task Result
Request:
POST /getTaskResult
Content-Type: application/json
{
"clientKey": "your_client_key",
"taskId": "21dfdca6-fbf5-4313-8ffa-cfc4b8483cc7"
}
Response:
{
"status": "completed",
"result": {
"success": true,
"code": 200,
"response": {
...
},
"data": {
"type": "CloudflareChallenge",
...(input)
}
}
}
For Turnstile task:
"response": {
"token": "..."
}
For CloudflareChallenge tasks:
"response": {
"cookies": {
"cf_clearance": "..."
},
"headers": {
"User-Agent": "..."
},
"content": "..."
}
For RecaptchaInvisible tasks:
"response": {
"token": "..."
}
WSSocks
WSSocks is a socks proxy agent for intranet penetration via websocket. It can be used for connecting to the user's network.
For agent proxy:
wssocks server -r -t example_token -a -dd
For user side (using proxy):
wssocks client -u https://ws.zetx.tech -r -t example_token -T 1 -c example_connector_token -dd -E -x socks5://127.0.0.1:1080
For solver side:
POST /createTask
Content-Type: application/json
{
"clientKey": "your_client_key",
"type": "CloudflareChallenge",
"url": "https://example.com",
"userAgent": "...",
"wssocks": {
"url": "https://ws.zetx.tech",
"token": "example_connector_token"
}
}
FAQs
A Cloudflare/Turnstile captcha bypass API server.
We found that cloudflyer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025