## https://sploitus.com/exploit?id=98E7AB86-9BCF-5DDA-A9E2-B5655D2A230C
# CVE-2025-55182 Hybrid Security Scanner
[](https://t.me/Trixsec)
A professional, hybrid security scanner designed to bridge static analysis and dynamic exploitation capabilities for CVE-2025-55182. This tool serves both developers (shift-left security) and security professionals (production testing).
## Features
- **Static Analysis**: Scans `package.json` and source code for vulnerable Next.js/Waku versions and dangerous RSC patterns.
- **Dynamic Validation**: Safely tests live endpoints for RSC vulnerability exposure without executing harmful payloads.
- **Hybrid Mode**: Combines both static and dynamic checks for comprehensive risk assessment.
- **Reporting**: Outputs detailed findings in JSON format and provides color-coded CLI feedback.
- **CI/CD Ready**: Supports non-interactive modes and exit codes for pipeline integration.
## Installation
1. **Prerequisites**: Python 3.8+
2. **Install Dependencies**:
```bash
pip install -r requirements.txt
```
## Usage
### Basic Scans
**Static Analysis (Codebase)**
Scan a local project directory for vulnerable dependencies and code patterns.
```bash
python cve_2025_55182_scan.py --static /path/to/project
```
**Dynamic Analysis (Live Site)**
Safely test a running application URL.
```bash
python cve_2025_55182_scan.py --dynamic http://localhost:3000
```
### Advanced Usage
**Hybrid Scan**
Combine static and dynamic results for a full report.
```bash
python cve_2025_55182_scan.py --hybrid /path/to/project --url http://localhost:3000
```
**CI/CD Pipeline Mode**
Run in non-interactive mode and fail the build if Critical or High issues are found.
```bash
python cve_2025_55182_scan.py --ci --fail-on high --static .
```
## Application Logic
- **Static Module**: Checks `dependencies` in `package.json` for vulnerable Next.js (< 14.1.1) and Waku versions. Scans `.js/.ts` files for "use server", dynamic imports, and Flight protocol markers.
- **Dynamic Module**: Sends non-destructive Flight protocol payloads to detect if the target parses RSC headers (`Next-Action`, `Next-Router-State-Tree`).
- **Reporting**: Generates `report.json` with a summary of findings and specific details for remediation.
## Disclaimer
This tool is for educational and authorized security testing purposes only. Ensure you have permission before scanning any target.