Share
## https://sploitus.com/exploit?id=7785F159-7B60-567F-907A-DF55AB1AA895
# React2Shell Detector

A Chrome extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applications.

![Version](https://img.shields.io/badge/version-0.1.0-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Plasmo](https://img.shields.io/badge/Plasmo-0.90.5-blueviolet.svg)

## Overview

React2Shell Detector is a browser extension that helps security researchers and web developers identify potential React2Shell vulnerabilities in web applications. The extension sends safe detection payloads to target URLs and analyzes the responses to determine if the application is vulnerable.

This project is inspired by and based on the [react2shell-scanner](https://github.com/assetnote/react2shell-scanner) Python script by Assetnote, reimplemented as a Chrome extension for easier browser-based scanning.

## Features

- **One-Click Scanning**: Scan the current tab or any URL with a single click
- **Safe Detection**: Uses non-destructive payloads for vulnerability detection
- **Detailed Results**: View HTTP headers, response bodies, and request details
- **Dark Mode**: Built-in theme toggle for comfortable viewing
- **Modern UI**: Clean, responsive interface built with React and Tailwind CSS
- **Privacy-Focused**: All scanning happens locally - no data is sent to external servers

## Screenshots


  


## Installation

### Option 1: Install from Chrome Web Store (Coming Soon)

The extension will be available on the Chrome Web Store soon.

### Option 2: Install from Source (Developer Mode)

#### Prerequisites

- [Node.js](https://nodejs.org/) (v16 or higher)
- [pnpm](https://pnpm.io/) (v10.19.0 or higher)
- Google Chrome browser

#### Build Steps

1. **Clone the repository**
   ```bash
   git clone https://github.com/xiaopeng-ye/react2shell-detector.git
   cd react2shell-detector
   ```

2. **Install dependencies**
   ```bash
   pnpm install
   ```

3. **Build the extension**

   For development (with hot-reload):
   ```bash
   pnpm dev
   ```

   For production:
   ```bash
   pnpm build
   ```

4. **Load the extension in Chrome**

   1. Open Chrome and navigate to `chrome://extensions/`
   2. Enable **Developer mode** (toggle in the top-right corner)
   3. Click **Load unpacked**
   4. Select the build directory:
      - For development build: `build/chrome-mv3-dev`
      - For production build: `build/chrome-mv3-prod`
   5. The React2Shell Detector extension should now appear in your extensions list

5. **Pin the extension** (optional)
   - Click the puzzle icon in Chrome's toolbar
   - Find "React2Shell Detector" and click the pin icon
   - The extension icon will now appear in your toolbar

## Usage

1. **Open the extension**
   - Click the React2Shell Detector icon in your Chrome toolbar
   - Or use the keyboard shortcut (if configured)

2. **Scan a URL**
   - The current tab's URL will be automatically loaded
   - You can edit the URL or enter a different one
   - Click the **Scan** button

3. **Review results**
   - **Vulnerable**: The application may be vulnerable to React2Shell attacks
   - **Safe**: No vulnerability detected
   - **Error**: The scan encountered an error (network issue, timeout, etc.)

4. **View details**
   - Click on the **Request** or **Response** tabs to see detailed information
   - Review HTTP headers, status codes, and response bodies

## Technology Stack

- **Framework**: [Plasmo](https://www.plasmo.com/) - Modern browser extension framework
- **UI**: React 18 with TypeScript
- **Styling**: Tailwind CSS 4
- **Components**: Radix UI primitives
- **Icons**: Lucide React
- **Theme**: next-themes for dark mode support

## Development

### Project Structure

```
react2shell-detector/
โ”œโ”€โ”€ components/         # React components
โ”‚   โ”œโ”€โ”€ ui/            # Reusable UI components
โ”‚   โ”œโ”€โ”€ ScanForm.tsx   # URL input and scan button
โ”‚   โ”œโ”€โ”€ ScanResult.tsx # Results display
โ”‚   โ””โ”€โ”€ ...
โ”œโ”€โ”€ lib/               # Core logic
โ”‚   โ”œโ”€โ”€ detector.ts    # Vulnerability detection logic
โ”‚   โ”œโ”€โ”€ payload.ts     # Payload generation
โ”‚   โ”œโ”€โ”€ types.ts       # TypeScript type definitions
โ”‚   โ””โ”€โ”€ utils.ts       # Helper functions
โ”œโ”€โ”€ styles/            # Global styles
โ”œโ”€โ”€ popup.tsx          # Extension popup entry point
โ”œโ”€โ”€ background.ts      # Background service worker
โ””โ”€โ”€ package.json       # Project configuration
```

### Available Commands

```bash
# Development mode with hot-reload
pnpm dev

# Production build
pnpm build

# Package for distribution
pnpm package

# Format code
pnpm prettier --write .
```

### Code Style

This project uses Prettier with the following conventions:
- No semicolons
- Double quotes
- 2-space indentation
- Sorted imports (Node.js โ†’ third-party โ†’ Plasmo โ†’ local โ†’ relative)

Always format your code before committing:
```bash
pnpm prettier --write .
```

## Security & Ethics

**IMPORTANT**: This tool is designed for:
- Security research and authorized penetration testing
- Vulnerability assessment with proper authorization
- Educational purposes
- Defensive security measures

**NOT for**:
- Unauthorized testing or scanning of systems you don't own or have permission to test
- Malicious activities or exploitation
- Any illegal activities

Always obtain proper authorization before scanning any web application.

## Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request

## References

- [React2Shell Scanner](https://github.com/assetnote/react2shell-scanner) - Original Python script by Assetnote (this project is based on their work)
- CVE-2025-55182
- CVE-2025-66478

## Acknowledgments

This project is built upon the excellent research and work by [Assetnote](https://github.com/assetnote). The core detection logic is adapted from their [react2shell-scanner](https://github.com/assetnote/react2shell-scanner) Python script.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## Disclaimer

This tool is provided for educational and authorized security testing purposes only. The authors and contributors are not responsible for any misuse or damage caused by this tool. Always ensure you have proper authorization before scanning any web application.

## Support

If you encounter any issues or have questions:
- Open an [issue](https://github.com/xiaopeng-ye/react2shell-detector/issues)