Share
## https://sploitus.com/exploit?id=F1B77394-B99D-5914-95CF-A5A6F060AAD4
![Image Alt](https://github.com/AsadAhmad-1337/React-2-Shell/blob/main/React2Shell.PNG)

This is a security exploit tool targeting CVE-2025-55182.
  It exploits a Remote Code Execution (RCE) vulnerability in React Server Components
  
   🔥 CVE-2025-55182 Background

  CVE-2025-55182 (also widely referred to as “React2Shell”) is a critical remote code execution (RCE) vulnerability found in React Server Components (RSC) — part of the modern React.js ecosystem. It was publicly disclosed on December 3, 2025 and quickly added to the U.S. CISA Known Exploited Vulnerabilities Catalog, meaning active   exploitation has been observed in the wild.

External Source : https://www.thehackerwire.com/vulnerability/CVE-2025-55182
  

 # 🎨Usage

   python react-2-shell-ultimate.py   -h   (For Help Menu)
   
   python react-2-shell-ultimate.py  -t http://target.com  -c "echo Testing" 
  
   python react-2-shell-ultimate.py  -t http://target.com  -c "hostname" 

   python react-2-shell-ultimate.py  -t http://target.com  -c "whoami" -v



# 🧠Key Features

# 1. Multiple Exploitation Techniques (6 methods)
   
   Multipart POST          (Original exploitation method)
   
   JSON POST               (JSON-formatted payload)
   
   GET with Query Params   (URL-based exploitation)
   
   Windows-optimized       (Windows-specific payloads)
   
   File Output Method      (Writes output to temporary files)
   
   Form-urlencoded POST    (Traditional form submission)

# 2. Advanced Payload Generation

   Dynamic payload construction with anti-detection measures

   Command sanitization and escaping

   Platform-specific payloads (Windows/Linux)

   Multiple output extraction methods

# 3. Sophisticated Output Processing

   Decodes encoded responses (URL encoding, escape sequences)

   Extracts output from redirects, headers, and response bodies

   Handles different error conditions 

# 4. Evasion & Stealth Features

   Random User-Agent rotation

   SSL certificate verification bypass

   Minimal/controlled verbose output

# 5. Testing Mode

   Unique test string generation for vulnerability confirmation

   Non-destructive testing option


#  💻System Requirements

Python 3.6 and above

Operating System: Cross-platform (Windows/Linux/macOS)

# 🔧Installation Requirements

pip install requests

pip install urllib3