🚀 React2Shell Exploiter

Advanced Exploitation & Server Intelligence for CVE-2025-55182 / CVE-2025-66478

⚠️ For authorized security testing only.
This tool exploits a critical RCE vulnerability in unpatched Next.js applications. Use responsibly and legally.

---

🔍 Overview

react2shell-exploit.py is a precision weapon for confirmed exploitation of the React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478). Unlike basic scanners, it:

• ✅ Executes arbitrary OS commands on vulnerable Next.js servers.
• ✅ Dumps comprehensive server intelligence (OS, user, env vars, processes, etc.).
• ✅ Detects and extracts outputs via the X-Action-Redirect side-channel.
• ✅ Supports Linux and Windows targets.
• ✅ Saves full forensic data to react2shell_dump.json.

Perfect for penetration testers, bug bounty hunters, and red teams needing proof-of-compromise and post-exploitation context.

---

📦 Setup

Prerequisites

• Python 3.9+
• git (to clone the repo)

Installation

git clone https://github.com/your-username/react2shell-exploiter.git
cd react2shell-exploiter
./setup.sh

📝 The setup.sh script:

• Creates a virtual environment (venv/)
• Installs dependencies from requirements.txt

requirements.txt

requests>=2.28.0

---

▶️ Usage

Use the included run.sh wrapper to automatically activate the virtual environment and execute the script.

Basic Command Execution

./run.sh react2shell-exploit.py http://target.com -c "id"

Full Server Intelligence (Default Behavior)

./run.sh react2shell-exploit.py http://target.com
# Executes `id` and dumps full server info

Windows Target

./run.sh react2shell-exploit.py http://win-target.com --windows -c "whoami"

Custom Paths

./run.sh react2shell-exploit.py http://target.com --path /_next --path /api

Direct Python Execution (Advanced)

./run.sh ./react2shell-exploit.py http://target.com -c "cat /etc/passwd"

---

🛠️ Included Scripts

setup.sh

#!/bin/bash
echo "🔧 Setting up VulnQuest virtual environment..."
python3 -/m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
echo "✅ VulnQuest environment ready!"

run.sh

#!/bin/bash
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
VENV_DIR="$PROJECT_DIR/venv"

if [ ! -d "$VENV_DIR" ]; then
    echo "❌ Run ./setup.sh first!"
    exit 1
fi

cleanup() {
    echo -e "\n🔒 Deactivating environment..."
    deactivate 2>/dev/null
    exit 0
}
trap cleanup EXIT INT TERM

source "$VENV_DIR/bin/activate"

if [[ "$1" == *"/"* ]] || [[ "$1" == *.py ]]; then
    python "$@"
else
    python -m "$@"
fi

💡 Why run.sh?
Ensures consistent execution within the isolated virtual environment—no more ModuleNotFoundError!

---

📁 Output

On successful exploitation, the tool:

• Prints real-time command output.
• Displays a structured server intelligence dump.
• Saves all data to react2shell_dump.json for reporting.

Example output:

✅ Command executed successfully on: http://target.com:3000/
[OUTPUT]
ip-http://target.com.compute.internal

🖥️  SERVER INFORMATION DUMP
...
💾 Full dump saved to: react2shell_dump.json

---

⚠️ Ethical & Legal Notice

This tool is strictly for educational and authorized security testing purposes.
Unauthorized use against systems you do not own or lack explicit permission to test is illegal and violates cybersecurity laws worldwide.

By using this software, you agree to:

• Comply with all applicable laws and regulations.
• Obtain explicit written permission before testing any system.
• Use findings responsibly and report them to the appropriate stakeholders.

---

📞 Support

For issues or feature requests, open an issue in the repository.

---

🔐 Stay sharp. Stay ethical.
— The React2Shell Exploiter Team

---