Share
## https://sploitus.com/exploit?id=77654FE6-FC00-5AAF-AFDD-05F422F93DFB
# next88 - React Server Components RCE Scanner

High-performance Go implementation for detecting React Server Components RCE vulnerabilities (CVE-2025-55182 & CVE-2025-66478).

## Features

- ๐Ÿš€ **High Performance**: Compiled Go binary with goroutine-based concurrency
- ๐Ÿ” **Multiple Detection Methods**: 
  - Safe side-channel detection
  - RCE PoC checks
  - WAF bypass techniques (junk data, double encoding, semicolon bypass)
  - Vercel-specific WAF bypass
  - Source code exposure detection via ACTION_ID extraction
- ๐ŸŽฏ **Flexible Scanning**: Single host, list of hosts, or custom paths
- ๐Ÿ“Š **JSON Output**: Structured results for integration
- ๐ŸŽจ **Colored Output**: Terminal-friendly colored output

## Installation

### From Source

```bash
go install github.com/h0tak88r/next88@latest
```

### Build Locally

```bash
git clone https://github.com/h0tak88r/next88.git
cd next88
go build -o next88 .
```

## Usage

### Basic Usage

```bash
# Scan single host
next88 -u https://example.com

# Scan from file
next88 -l hosts.txt

# With custom threads
next88 -l hosts.txt -t 50
```

### Advanced Options

```bash
# Safe check (side-channel detection)
next88 -u https://example.com -safe-check

# WAF bypass with custom size
next88 -u https://example.com -waf-bypass -waf-bypass-size 256

# Vercel WAF bypass
next88 -u https://example.com -vercel-waf-bypass

# Double URL encoding bypass
next88 -u https://example.com -double-encode

# Semicolon bypass
next88 -u https://example.com -semicolon-bypass

# Source code exposure check
next88 -u https://example.com -check-source-exposure

# Custom paths
next88 -u https://example.com -path /_next -path /api

# Path file
next88 -u https://example.com -path-file paths.txt

# Windows payload
next88 -u https://example.com -windows

# Output to JSON
next88 -l hosts.txt -o results.json -all-results
```

## Options

```
  -u, --url               Single URL/host to check
  -l, --list             File containing list of hosts (one per line)
  -t, --threads           Number of concurrent threads (default: 10)
  --timeout           Request timeout in seconds (default: 10)
  -o, --output           Output file for results (JSON format)
  --all-results                Save all results to output file, not just vulnerable hosts
  -k, --insecure               Disable SSL certificate verification (default: true)
  -v, --verbose                Verbose output (show response snippets for all hosts)
  -q, --quiet                  Quiet mode (only show vulnerable hosts)
  --no-color                   Disable colored output
  --safe-check                 Use safe side-channel detection instead of RCE PoC
  --windows                    Use Windows PowerShell payload instead of Unix shell
  --waf-bypass                 Add junk data to bypass WAF content inspection (default: 128KB)
  --waf-bypass-size        Size of junk data in KB for WAF bypass (default: 128)
  --vercel-waf-bypass          Use Vercel WAF bypass payload variant
  --path                 Custom path to test (can be used multiple times)
  --path-file             File containing list of paths to test (one per line)
  --check-source-exposure      Check for source code exposure via ACTION_ID extraction from HTML
  --double-encode              Apply double URL encoding to bypass WAFs
  --semicolon-bypass           Add semicolons in strategic places to bypass WAFs
```

## Output Format

JSON output structure:

```json
{
  "scan_time": "2025-12-13T03:35:53Z",
  "total_results": 1,
  "results": [
    {
      "host": "https://example.com",
      "vulnerable": true,
      "status_code": 303,
      "final_url": "https://example.com/",
      "tested_url": "https://example.com/",
      "timestamp": "2025-12-13T03:35:51Z"
    }
  ]
}
```

## Integration with AutoAR

This tool is integrated into the [AutoAR](https://github.com/h0tak88r/AutoAR) project and can be used via:

```bash
# Via AutoAR main script
./main.sh react2shell_scan run -d example.com

# Via Discord bot
/react2shell_scan domain:example.com
```

## Docker

The tool is automatically built and installed in the AutoAR Docker image:

```dockerfile
RUN go install github.com/h0tak88r/next88@latest
```

## Performance

- **Concurrent Scanning**: Uses goroutines for parallel host scanning
- **Optimized HTTP Client**: Efficient connection pooling and timeouts
- **Low Memory Footprint**: Compiled binary with minimal dependencies
- **Fast Execution**: Typically 5-10x faster than Python implementation

## Credits

Based on research from Assetnote Security Research Team.

## License

See LICENSE file for details.