Share
## https://sploitus.com/exploit?id=6C67AE13-1E24-5AC9-AFB0-9A0F5EFF4DEB
````markdown
## Summary

CVE-2025-55182 Scanner is a high-performance tool for detecting vulnerable Next.js Server Action endpoints.  
It uses multi-threaded scanning, confidence-based detection, and multiple response indicators to identify potential Remote Code Execution (RCE) vulnerabilities.

### Features

- High-speed concurrent scanning
- Confidence-based vulnerability scoring
- WAF bypass payload generation
- Header & response pattern analysis
- Real-time progress tracking
- Automatic saving of vulnerable targets

---

## How It Works

The scanner follows these steps:

1. Load target URLs from file
2. Generate specially crafted payload
3. Send HTTP request to target
4. Analyze response headers and body
5. Calculate vulnerability confidence score
6. Mark target as vulnerable if score โ‰ฅ 40%
7. Save vulnerable targets to file

Detection is based on:

- Next.js specific headers
- React Server Component responses
- Error message patterns
- HTTP 500 status codes
- Payload reflection in response
- Response behavior anomalies

---

## How To Run

### 1. Install Dependencies

```bash
pip3 install -r requirements.txt
````

### 2. Create Targets File

```
https://example.com
https://target.com
http://127.0.0.1:3000
```

### 3. Run Scanner

Basic scan:

```bash
python3 scanner.py -l targets.txt
```

With threads:

```bash
python3 scanner.py -l targets.txt -t 30
```

Verbose mode:

```bash
python3 scanner.py -l targets.txt -v
```

Fast scan:

```bash
python3 scanner.py -l targets.txt -t 50 --timeout 5
```

---

## Output

Vulnerable targets will be saved to:

```
vulnerable.txt
```

Example output:

```
[VULN] https://target.com - Confidence: 85%
[VULN] https://app.vercel.app - Confidence: 72%
```

```
```