Share
## https://sploitus.com/exploit?id=F6012F6A-FB48-5D40-B793-7CBD23306102
# CVE-2025-55182 Advanced Scanner

A comprehensive command-line tool for detecting and exploiting CVE-2025-55182 (React Server Components Remote Code Execution) in Next.js applications.

## ๐ŸŽฏ Features

- **Single Target Scanning** - Scan individual URLs
- **Batch Scanning** - Scan multiple targets from a file
- **Command Execution** - Execute arbitrary commands on vulnerable hosts
- **Safe Check Mode** - Detect vulnerability without executing code
- **WAF Bypass** - Evade Web Application Firewall protections
- **JSON Export** - Save scan results to JSON format
- **Multi-threading** - Concurrent scanning for faster results
- **Verbose Output** - Detailed scan information
- **Quiet Mode** - Show only vulnerable hosts

## ๐Ÿ“‹ Requirements

- Bash 4.0+
- curl
- openssl (for random ID generation)
- Unix-like system (Linux, macOS, WSL)

## ๐Ÿš€ Installation

```bash
git clone 
cd CVE-2025-55182-advanced-scanner
chmod +x scanner.sh
```

## ๐Ÿ’ป Usage

### Basic Usage

```bash
# Scan a single target
./scanner.sh -u https://example.com

# Scan with custom command
./scanner.sh -u https://example.com -c "whoami"

# Scan from file
./scanner.sh -l targets.txt

# Save results to JSON
./scanner.sh -l targets.txt -o results.json
```

### Advanced Options

```bash
# Safe check mode (no RCE execution)
./scanner.sh -u https://example.com --safe-check

# Enable WAF bypass
./scanner.sh -u https://example.com --waf-bypass

# Custom WAF bypass size
./scanner.sh -u https://example.com --waf-bypass --waf-bypass-size 256

# Verbose output
./scanner.sh -u https://example.com -v

# Quiet mode (only vulnerable hosts)
./scanner.sh -l targets.txt -q

# Multi-threaded scanning
./scanner.sh -l targets.txt -t 20

# Custom timeout
./scanner.sh -u https://example.com --timeout 30
```

## ๐Ÿ“– Options

| Option | Description | Default |
|--------|-------------|---------|
| `-u, --url ` | Single target URL to scan | - |
| `-l, --list ` | File containing targets (one per line) | - |
| `-c, --command ` | Command to execute | `id` |
| `-o, --output ` | Save results to JSON file | - |
| `-t, --threads ` | Number of concurrent threads | `10` |
| `--timeout ` | Request timeout | `15` |
| `--safe-check` | Use safe detection (no RCE execution) | `false` |
| `--waf-bypass` | Enable WAF bypass mode | `false` |
| `--waf-bypass-size ` | WAF bypass junk data size | `128` |
| `-v, --verbose` | Verbose output | `false` |
| `-q, --quiet` | Only show vulnerable hosts | `false` |
| `-h, --help` | Show help message | - |

## ๐Ÿ“ Examples

### Example 1: Single Target Scan

```bash
./scanner.sh -u https://vulnerable-app.com
```

**Output:**
```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘     CVE-2025-55182 Advanced Scanner v1.0.0              โ•‘
โ•‘     React Server Components RCE Scanner                    โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

Starting scan...
Command: id
Threads: 10
Timeout: 15s

[VULNERABLE] https://vulnerable-app.com - Status: 303 - Method: RCE_EXECUTION
```

### Example 2: Batch Scanning

```bash
./scanner.sh -l targets.txt -o results.json -t 20
```

**targets.txt:**
```
https://example1.com
https://example2.com
https://example3.com
```

### Example 3: Command Execution

```bash
./scanner.sh -u https://vulnerable-app.com -c "uname -a" -v
```

**Output:**
```
[VULNERABLE] https://vulnerable-app.com - Status: 303 - Method: RCE_EXECUTION
  Command Output:
    Linux hostname 5.4.0-74-generic #83-Ubuntu SMP x86_64 GNU/Linux
```

### Example 4: Safe Check Mode

```bash
./scanner.sh -u https://example.com --safe-check
```

This mode detects the vulnerability without executing code, useful for:
- Compliance scanning
- Non-destructive testing
- WAF-protected environments

### Example 5: WAF Bypass

```bash
./scanner.sh -u https://waf-protected.com --waf-bypass --waf-bypass-size 256
```

Adds random junk data to bypass WAF content inspection.

## ๐Ÿ“Š Output Formats

### Console Output

- **Green `[VULNERABLE]`** - Target is vulnerable
- **Red `[NOT VULNERABLE]`** - Target is not vulnerable (verbose mode only)
- **Yellow** - Command output (verbose mode)

### JSON Output

When using `-o results.json`, results are saved in JSON format:

```json
[
  {
    "url": "https://vulnerable-app.com",
    "vulnerable": true,
    "status_code": "303",
    "detection_method": "RCE_EXECUTION",
    "command_output": "uid=1000(user) gid=1000(user) groups=1000(user)",
    "error": ""
  }
]
```

## ๐Ÿ” Detection Methods

The scanner uses multiple detection methods:

1. **RCE_EXECUTION** - Command execution successful, output in redirect header
2. **SAFE_CHECK** - Error-based detection without code execution
3. **REDIRECT_HEADER** - Redirect header present (indicates vulnerability)

## โš ๏ธ Legal Disclaimer

This tool is provided for **educational and authorized security testing purposes only**.

- **DO NOT** use this tool against systems you don't own or have explicit permission to test
- **DO NOT** use this tool for malicious purposes
- **DO** use this tool only in controlled environments or with written authorization
- **DO** respect responsible disclosure practices

Unauthorized access to computer systems is illegal and may result in criminal prosecution.

## ๐Ÿ›ก๏ธ Responsible Disclosure

If you discover a vulnerable system:

1. **Do not** exploit it beyond verification
2. **Do** notify the organization responsibly
3. **Do** follow responsible disclosure guidelines
4. **Do not** publicly disclose without permission

## ๐Ÿ“š References

- [CVE-2025-55182 Details](https://cloud.projectdiscovery.io/library/CVE-2025-55182)
- [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [Next.js Security Advisory](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)
- [react2shell-scanner](https://github.com/assetnote/react2shell-scanner)

## ๐Ÿค Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

## ๐Ÿ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

## ๐Ÿ™ Credits

- **Assetnote Security Research Team** - Original vulnerability research
- **maple3142** - Original RCE PoC
- **ProjectDiscovery** - Nuclei template reference

---

**Remember:** Use responsibly and only on systems you own or have explicit permission to test.