Share
## https://sploitus.com/exploit?id=F73A8658-2942-5BBD-99F1-8B2DF8E28D94
# react2shell-scanner-rust
Detect CVE-2025-55182 & CVE-2025-66478 in Next.js/RSC applications.
## Install
```bash
cargo build --release
```
## Usage
```bash
./scanner -u https://example.com
./scanner -l hosts.txt -t 20 -o results.json
./scanner -u https://example.com --crawl --max-depth 3
./scanner -u https://example.com --proxy http://127.0.0.1:8080
./scanner -u https://example.com --safe-check
./scanner -u https://example.com --waf-bypass
./scanner -u https://example.com --windows
```
## Options
```
-u, --url Single URL to check
-l, --list File with hosts (one per line)
-t, --threads Concurrent threads (default: 10)
-o, --output Output JSON file
-k, --insecure Skip SSL verification
-H, --header Custom header
-v, --verbose Show response details
-q, --quiet Only show vulnerable hosts
--safe-check Side-channel detection (no RCE)
--windows PowerShell payload
--waf-bypass Add junk data to evade WAF
--waf-bypass-size Junk size in KB (default: 128)
--vercel-waf-bypass Vercel WAF bypass variant
--path Custom path to test
--path-file File with paths
--crawl Crawl site before scanning
--max-depth Crawl depth (default: 2)
--max-pages Max pages to crawl (default: 100)
--ignore-robots Ignore robots.txt
--proxy Proxy URL (http/socks5)
```
## Credits
- [assetnote/react2shell-scanner](https://github.com/assetnote/react2shell-scanner) - Original Python implementation
- [@maple3142](https://x.com/maple3142) - RCE PoC
- [Assetnote](https://x.com/assetnote) - Research Team
- [@xEHLE_](https://x.com/xEHLE_) - Header reflection
- [@Nagli](https://x.com/galnagli)