Share
## https://sploitus.com/exploit?id=913A7263-7FA7-5BDA-8873-00CFD1C2AFE6
# Next.js RCE Scanner

Fast vulnerability scanner for Next.js Server Actions RCE (CVE-2024-46982).

## Install
```bash
git clone https://github.com/yourusername/nextjs-rce-scanner.git
cd nextjs-rce-scanner
go build -o scanner main.go
```

## Usage
```bash
# Single URL
./scanner -url https://target.com

# Multiple URLs from file
./scanner -file targets.txt

# With RCE confirmation
./scanner -url https://target.com -confirm-rce

# Fast scan with 50 threads
./scanner -file targets.txt -threads 50
```

## Options
```
-url            Single target URL
-file           File with URLs (one per line)
-c              Command to execute (default: id)
-threads        Number of threads (default: 10)
-confirm-rce    Confirm RCE execution
-check-only     Safe check mode
-v              Verbose output
-t              Timeout in seconds (default: 10)
```

## Example
```bash
./scanner -file targets.txt -threads 20 -confirm-rce

[SCANNER] Loaded 100 URLs
[SCANNER] [VULNERABLE + RCE CONFIRMED] https://site1.com - Status: 303 (0.18s)
[SCANNER] [NOT VULNERABLE] https://site2.com - Status: 200 (0.15s)

Scanned 100 targets: 5 vulnerable, 5 RCE confirmed, 95 secure, 0 errors

Vulnerable targets:
  - https://site1.com [RCE CONFIRMED]
  - https://site3.com [RCE CONFIRMED]
```

## Disclaimer

For authorized testing only. Illegal use is prohibited.