Share
## https://sploitus.com/exploit?id=74138780-920C-596D-B00E-28709D031337
# ๐Ÿ” React2Shell Dork Scanner


  
  
  



  
  
  
  


---

## ๐Ÿšจ Tentang Kerentanan

**React2Shell** adalah kerentanan **Remote Code Execution (RCE)** kritikal yang mempengaruhi:

| Target                        | Versi Vulnerable               |
| ----------------------------- | ------------------------------ |
| โš›๏ธ react-server-dom-webpack   | 19.0.0, 19.1.0, 19.1.1, 19.2.0 |
| โš›๏ธ react-server-dom-turbopack | 19.0.0, 19.1.0, 19.1.1, 19.2.0 |
| โš›๏ธ react-server-dom-parcel    | 19.1.0, 19.1.1, 19.2.0         |
| ๐Ÿ”บ Next.js                    | 15.0.0-15.0.4, 16.0.0-16.0.6   |

**โš ๏ธ CVSS Score: 10.0 (CRITICAL)** - Unauthenticated RCE!

---

## โœจ Features

| Feature                | Description                                   |
| ---------------------- | --------------------------------------------- |
| ๐Ÿ” **Google Dorking**  | Cari target Next.js/React otomatis via Google |
| ๐Ÿ’พ **Save Targets**    | Simpan hasil pencarian ke `targets.txt`       |
| ๐ŸŽฏ **Vuln Scanning**   | Test vulnerability pada setiap target         |
| ๐Ÿ“ **Vuln Report**     | Simpan target vulnerable ke `vulnerable.txt`  |
| โšก **Multi-threading** | Scan cepat dengan concurrent requests         |
| ๐Ÿ›ก๏ธ **Safe Detection**  | Side-channel detection (tanpa eksploitasi)    |

---

## ๐Ÿ“ฆ Installation

```bash
# Clone repository
git clone https://github.com/yourusername/react2shell-dork-scanner.git
cd react2shell-dork-scanner

# Install dependencies
pip install -r requirements.txt
```

---

## ๐Ÿš€ Quick Start

### 1๏ธโƒฃ Test Single URL

```bash
python3 dork_scanner.py --test-url https://target.com
```

### 2๏ธโƒฃ Google Dork Search

```bash
# Custom dork
python3 dork_scanner.py --dork "inurl:/_next site:example.com"

# Template bawaan
python3 dork_scanner.py --template nextjs --limit 50
```

### 3๏ธโƒฃ Scan dari File

```bash
python3 dork_scanner.py --scan-file targets.txt
```

### 4๏ธโƒฃ Full Auto (Dork + Scan)

```bash
python3 dork_scanner.py --dork "inurl:/_next" --auto-scan
```

---

## ๐Ÿ“– CLI Options

```
Google Dork Options:
  --dork, -d          Custom Google dork query
  --template, -t      Template: nextjs, react, rsc
  --limit, -l         Max results (default: 50)
  --delay             Delay antar request (default: 3.0s)

Scanning Options:
  --scan-file, -f     Scan dari file
  --test-url, -u      Test single URL
  --auto-scan         Auto scan setelah dorking
  --threads           Concurrent threads (default: 5)
  --timeout           Request timeout (default: 10s)

Output Options:
  --output-targets    File untuk targets (default: targets.txt)
  --output-vuln       File untuk vulns (default: vulnerable.txt)
```

---

## ๐ŸŽฏ Dork Templates

| Template | Dorks                                             |
| -------- | ------------------------------------------------- |
| `nextjs` | `inurl:"/_next/static"`, `intext:"__NEXT_DATA__"` |
| `react`  | `inurl:"/static/js/main" intext:"react"`          |
| `rsc`    | `inurl:"/api/" intext:"server-action"`            |

---

## ๐Ÿ“Š Output Files

| File                | Isi                        |
| ------------------- | -------------------------- |
| ๐Ÿ“„ `targets.txt`    | Semua URL dari Google dork |
| ๐Ÿ”ด `vulnerable.txt` | URL yang vulnerable        |

---

## โš ๏ธ Disclaimer

> **โš ๏ธ LEGAL WARNING**
>
> Tool ini **HANYA** untuk security testing pada target yang memiliki **izin resmi**.
> Penggunaan tanpa otorisasi adalah **ILEGAL**.

---

## ๐Ÿ”— References

- ๐Ÿ“‹ [CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
- ๐Ÿ“‹ [CVE-2025-66478](https://nvd.nist.gov/vuln/detail/CVE-2025-66478)
- ๐Ÿ”ฌ [Assetnote Research](https://www.assetnote.io/resources/research)

---


  ๐Ÿ”’ Stay Secure. Scan Responsibly. ๐Ÿ”’