Share
## https://sploitus.com/exploit?id=77654FE6-FC00-5AAF-AFDD-05F422F93DFB
# next88 - React Server Components RCE Scanner
High-performance Go implementation for detecting React Server Components RCE vulnerabilities (CVE-2025-55182 & CVE-2025-66478).
## Features
- ๐ **High Performance**: Compiled Go binary with goroutine-based concurrency
- ๐ **Multiple Detection Methods**:
- Safe side-channel detection
- RCE PoC checks
- WAF bypass techniques (junk data, double encoding, semicolon bypass)
- Vercel-specific WAF bypass
- Source code exposure detection via ACTION_ID extraction
- ๐ฏ **Flexible Scanning**: Single host, list of hosts, or custom paths
- ๐ **JSON Output**: Structured results for integration
- ๐จ **Colored Output**: Terminal-friendly colored output
## Installation
### From Source
```bash
go install github.com/h0tak88r/next88@latest
```
### Build Locally
```bash
git clone https://github.com/h0tak88r/next88.git
cd next88
go build -o next88 .
```
## Usage
### Basic Usage
```bash
# Scan single host
next88 -u https://example.com
# Scan from file
next88 -l hosts.txt
# With custom threads
next88 -l hosts.txt -t 50
```
### Advanced Options
```bash
# Safe check (side-channel detection)
next88 -u https://example.com -safe-check
# WAF bypass with custom size
next88 -u https://example.com -waf-bypass -waf-bypass-size 256
# Vercel WAF bypass
next88 -u https://example.com -vercel-waf-bypass
# Double URL encoding bypass
next88 -u https://example.com -double-encode
# Semicolon bypass
next88 -u https://example.com -semicolon-bypass
# Source code exposure check
next88 -u https://example.com -check-source-exposure
# Custom paths
next88 -u https://example.com -path /_next -path /api
# Path file
next88 -u https://example.com -path-file paths.txt
# Windows payload
next88 -u https://example.com -windows
# Output to JSON
next88 -l hosts.txt -o results.json -all-results
```
## Options
```
-u, --url Single URL/host to check
-l, --list File containing list of hosts (one per line)
-t, --threads Number of concurrent threads (default: 10)
--timeout Request timeout in seconds (default: 10)
-o, --output Output file for results (JSON format)
--all-results Save all results to output file, not just vulnerable hosts
-k, --insecure Disable SSL certificate verification (default: true)
-v, --verbose Verbose output (show response snippets for all hosts)
-q, --quiet Quiet mode (only show vulnerable hosts)
--no-color Disable colored output
--safe-check Use safe side-channel detection instead of RCE PoC
--windows Use Windows PowerShell payload instead of Unix shell
--waf-bypass Add junk data to bypass WAF content inspection (default: 128KB)
--waf-bypass-size Size of junk data in KB for WAF bypass (default: 128)
--vercel-waf-bypass Use Vercel WAF bypass payload variant
--path Custom path to test (can be used multiple times)
--path-file File containing list of paths to test (one per line)
--check-source-exposure Check for source code exposure via ACTION_ID extraction from HTML
--double-encode Apply double URL encoding to bypass WAFs
--semicolon-bypass Add semicolons in strategic places to bypass WAFs
```
## Output Format
JSON output structure:
```json
{
"scan_time": "2025-12-13T03:35:53Z",
"total_results": 1,
"results": [
{
"host": "https://example.com",
"vulnerable": true,
"status_code": 303,
"final_url": "https://example.com/",
"tested_url": "https://example.com/",
"timestamp": "2025-12-13T03:35:51Z"
}
]
}
```
## Integration with AutoAR
This tool is integrated into the [AutoAR](https://github.com/h0tak88r/AutoAR) project and can be used via:
```bash
# Via AutoAR main script
./main.sh react2shell_scan run -d example.com
# Via Discord bot
/react2shell_scan domain:example.com
```
## Docker
The tool is automatically built and installed in the AutoAR Docker image:
```dockerfile
RUN go install github.com/h0tak88r/next88@latest
```
## Performance
- **Concurrent Scanning**: Uses goroutines for parallel host scanning
- **Optimized HTTP Client**: Efficient connection pooling and timeouts
- **Low Memory Footprint**: Compiled binary with minimal dependencies
- **Fast Execution**: Typically 5-10x faster than Python implementation
## Credits
Based on research from Assetnote Security Research Team.
## License
See LICENSE file for details.