Share
## https://sploitus.com/exploit?id=9156A222-89FC-5401-BA78-203400707800
# Next.js RSC Vulnerability Scanner (CVE-2025-66478)

A lightweight, multi-threaded Proof of Concept (PoC) tool designed to detect and demonstrate the Next.js React Server Components (RSC) Remote Code Execution vulnerability. This tool allows for both single-target verification and high-concurrency mass scanning.

## Features

- **Precise Detection**: Identifies vulnerable instances by verifying strict root-level execution access.
- **Mass Scanning**: Multi-threaded engine capable of scanning large lists of targets efficiently.
- **Live Dashboard**: Real-time status display tracking progress, vulnerable hosts, offline targets, and safe instances.
- **Resume Capability**: Ability to resume interrupted scans from a specific index.
- **Interactive Shell**: Built-in pseudo-shell for executing arbitrary code on vulnerable targets (authorized use only).
- **False Positive Filtering**: Distinguishes between critical root-context vulnerabilities and other potential issues ("Suspected"), filtering noise from the console output.

## Installation

1. Clone this repository or download the source code.
2. Install the required dependencies:

```bash
pip install -r requirements.txt
```

## Usage

The script `simple_poc.py` supports two main modes: Single URL mode and List mode.

### Single Target Mode
Scan a single URL. If the target is vulnerable, the tool will drop into an interactive shell.

```bash
python simple_poc.py -u 
```

### Mass Scan Mode
Scan a list of URLs from a file. This mode uses threading for performance and displays a status dashboard.

```bash
python simple_poc.py -i  [-t THREADS] [--start INDEX]
```

#### Arguments

- `-u, --url`: Specify a single target URL (e.g., `http://example.com`).
- `-i, --input`: Specify a text file containing a list of URLs to scan (one per line).
- `-t, --threads`: Set the number of concurrent threads for mass scanning (default: 20).
- `--start`: Resume scanning from a specific line number (0-based index) in the input file.

## Examples

**Scan a single site:**
```bash
python simple_poc.py -u https://vulnerable-site.com
```

**Scan a list with 50 threads:**
```bash
python simple_poc.py -i targets.txt -t 50
```

**Resume a scan from line 1000:**
```bash
python simple_poc.py -i targets.txt -t 50 --start 1000
```

## Disclaimer

This software is provided for educational and authorized security testing purposes only. The author accepts no liability for any misuse of this software or for any damage caused by its use. ensure you have implicit authorization before scanning any targets.