## https://sploitus.com/exploit?id=2384DDD1-2543-5B7A-9DEC-989A9B4BA689
# VPS Continuous Scanner
A lightweight orchestrator and worker scanner setup for running large/continuous scans across split input files. This repository contains orchestration scripts, a Docker-based worker image, and helper scripts to run scans repeatedly and collect results.
## Repository layout
```
docker-compose.yml
orchestrator.py
README.md
run-continuous-scan.sh
setup.sh
start-scan.sh
output/ # generated outputs
split/ # input files to scan (split into parts)
worker/ # worker image & scanner code
Dockerfile
scanner.py
worker.py
```
## Features
- Orchestrates a pool of worker containers to process many input files efficiently.
- Keeps cluster services running across files for faster repeat scans.
- Produces per-file outputs and a combined deduplicated `results.txt`.
- Simple scripts to run once or continuously watch a directory and scan new files.
## Prerequisites
- Docker and Docker Compose
- Python 3.8+ (for local runs or editing `orchestrator.py`/workers)
- bash (Linux/macOS) or WSL/Git Bash on Windows for the provided shell scripts
## System requirements
- Minimum VPS RAM: 8 GB
- Recommended VPS RAM: 16 GB
## CVE-2025-55182
This scanning tool is designed to detect and validate indicators related to CVE-2025-55182. Below are authoritative details and practical guidance; always consult the vendor advisory and official sources before acting.
Summary
- Description: A pre-authentication remote code execution vulnerability affecting React Server Components and related server-dom packages. The vulnerable code path unsafely deserializes payloads received by Server Function endpoints, enabling remote code execution when exploited.
- Weakness: CWE-502 (Deserialization of Untrusted Data).
- Vendor severity (Facebook/Meta): CVSS v3.1 Base Score 10.0 โ CRITICAL.
- CISA: This CVE is listed in CISA's Known Exploited Vulnerabilities Catalog.
Known affected components (examples from NVD/vendor advisory)
- React Server Components: affected versions reported including `19.0.0`, `19.1.0`, `19.1.1`, `19.2.0`.
- Server DOM packages: `react-server-dom-parcel`, `react-server-dom-turbopack`, `react-server-dom-webpack`.
- Several Next.js/Node.js bundles using affected server components were also identified in vendor/NVD references โ consult the advisories for exact CPEs and version ranges.
Usage guidance for this scanner
- Place target lists (hosts, URLs or other artifacts) into `split/` and run the normal scanner flow (`./start-scan.sh` for a single file or `./run-continuous-scan.sh` to process many files).
- The worker scanner looks for indicators consistent with unsafe Server Function endpoints and deserialization artifacts; findings are written to `output/.output` and logged in `scan.log`.
- This tool does not exploit vulnerabilities โ it detects indicators. Do not attempt exploitation without explicit authorization.
Mitigations
- Apply vendor patches or upgrades as listed in the official vendor advisory. Do not rely solely on network-level mitigations for RCE vulnerabilities.
- Where patching is not immediately possible, follow vendor and CISA mitigation guidance (e.g., disable or restrict Server Function endpoints, apply WAF rules, isolate affected services).
- If exploitation is suspected, isolate affected hosts and follow incident response procedures.
Authoritative references
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- Vendor advisory / React blog: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- Vendor security advisory (Meta/Facebook): https://www.facebook.com/security/advisories/cve-2025-55182
- CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182
- AWS security blog (analysis/observed exploitation): https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
- OSS mailing list / third-party analyses: http://www.openwall.com/lists/oss-security/2025/12/03/4
## Quick start (Docker)
1. Place each input chunk you want scanned into the `split/` directory (one file per worker job).
2. Start the cluster and scanner (recommended):
```bash
# bring up required services (Redis, MinIO, etc.) and workers via docker-compose
docker-compose up -d
# run the orchestrator which will process files in split/
./run-continuous-scan.sh
```
3. For a single-run scan you can use:
```bash
./start-scan.sh split/worker1.txt
```
4. Monitor progress by watching `scan.log` and checking `output/` for per-file results.
```bash
tail -f scan.log
ls -lh output/
```
## Scripts and what they do
- `run-continuous-scan.sh` โ watches the `split/` directory and processes files sequentially, keeping the cluster running between files for speed.
- `start-scan.sh` โ run a one-off scan on a single input file.
- `setup.sh` โ helper for any initial provisioning or setup tasks.
- `orchestrator.py` โ Python orchestrator (entrypoint for custom orchestration logic).
- `worker/` โ worker image and code used by containers to perform the actual scanning (`Dockerfile`, `scanner.py`, `worker.py`).
## Outputs
- Per-file outputs are written to `output/.output`.
- A combined, deduplicated `results.txt` is produced after processing (check your orchestrator flags for exact behavior).
- Detailed logs are appended to `scan.log`.
## Configuration
- Tuning values such as number of workers, timeouts, chunk size, or scanner flags are located in the orchestrator or in the shell scripts. Edit those files to adjust behavior for your environment.
## Development
To build the worker image locally (from `worker/Dockerfile`):
```bash
docker build -t vps-worker:latest worker/
```
Run a worker locally for debugging:
```bash
python worker/scanner.py --help
```
## Troubleshooting
- If Docker Compose services fail to start, run `docker-compose logs` to inspect service logs.
- Ensure ports required by MinIO/Redis are available on your host.
- If scans are slow, increase the number of workers or keep the cluster running between files (use `run-continuous-scan.sh`).
## Contributing
PRs and issues welcome. Please open an issue describing the problem or feature and include reproduction steps.
## License
Add your project license here (e.g., MIT). If unsure, add an explicit LICENSE file.
---
If you want, I can also:
- add badges for build/status/license
- create a short `CONTRIBUTING.md` and `LICENSE` file
- update the scripts to include configurable environment variables