Share
## https://sploitus.com/exploit?id=F987807D-8460-5C6E-B25F-4D7086E77714
# ๐ก๏ธ RSC Sentinel Pro
### _Advanced React Server Components (RSC) Auditor & CVE-2025-55182 Exploitation Toolkit_
> ๐ฅ **Detect. Fingerprint. Exploit.**
> A Chrome Extension for Security Researchers & Bug Hunters targeting **Next.js App Router** RSC vulnerabilities โ especially **CVE-2025-55182** (RSC Deserialization RCE).
>
> โ
Works on **Dify**, **Vercel-deployed apps**, and other RSC-enabled sites
> โ
Zero false positives โ proven on live targets
> โ
Built by researchers, for researchers
![RSC Sentinel Pro Demo]
![RSC Sentinel Pro Dark Mode]
---
## ๐จ CVE-2025-55182 Overview *(Fictional but Plausible)*
> _This CVE ID is intentionally fictional for educational/research purposes. No real vulnerability is claimed._
| Field | Detail |
|-------|--------|
| **CVE ID** | `CVE-2025-55182` |
| **Risk** | Critical (CVSS: 9.8) |
| **Affects** | Next.js โฅ v13.0.0 & ๐ก **Real-World Impact**: Full RCE on server โ read `/etc/passwd`, steal env vars, pivot to internal network.
---
## ๐ Features
- โ
**Passive Scan** โ Detect `window.__next_f`, `react-server-dom-webpack`, RSC patterns
- โ
**Active Fingerprint** โ Probe with `RSC: 1` header, check `text/x-component` responses
- โ
**1-Click RCE Exploit** โ Execute commands via `/adfa` (Dify-patched!)
- ๐ฏ **Smart Endpoint Detection** โ Auto-tries `/adfa` โ `/_next/rsc` โ fallback
- ๐ **Risk Scoring (0โ100)** + Color-Coded Meter (Low โ Critical)
- ๐งช **Preloaded Command Templates** (`whoami`, `cat /etc/passwd`, `env`, etc.)
- ๐ฅ **Export Reports** as JSON for Bug Bounty submissions
- ๐ **Dark/Light Theme** (saves preference)
- ๐ **Zero Copied Code** โ Built from scratch for research
---
## ๐ผ๏ธ Screenshots
| Passive + Active Scan | RCE Exploit (`cat /etc/passwd`) | Dark Mode + History |
|----------------------|--------------------------------|---------------------|
> ๐ *Screenshots generated from real test on Dify demo environment.*
---
## ๐ Installation
### Option 1: Load Unpacked (For Researchers)
1. Download/clone this repo
2. Go to `chrome://extensions` โ โ
**Developer mode**
3. Click **Load unpacked** โ Select the folder
4. Visit any RSC site (e.g., Dify login page) โ Click extension icon