Skip to content

ProGamer097/freeadvancefullscanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
advance_find.sh
advance_find.sh
 
 

Repository files navigation

CVE-2025-55182 Scanner

Automated React Server Components RCE Vulnerability Scanner

Version CVE License

📖 What is CVE-2025-55182?

React2Shell is a critical RCE vulnerability in React Server Components allowing remote code execution without authentication.

  • CVSS Score: 10.0 (Critical)
  • Affected: React 19.x, Next.js 14.3+, 15.x, 16.x
  • Impact: Full server compromise

🚀 Quick Start

Installation

Make executable

chmod +x scanner.sh multi_scanner.sh

Basic Usage

bash

Single test

./scanner.sh -d example.com -c "id"

Quick automated scan

./multi_scanner.sh -d example.com --quick

Full comprehensive scan

./multi_scanner.sh -d example.com --full

🛠️ Tools Included

1. scanner.sh - Single Target Scanner

Test one domain with one command.

Syntax: bash ./scanner.sh -d -c

Options:

  • -d, --domain - Target domain (default: localhost:3000)
  • -c, --command - Command to execute (default: id)
  • -h, --help - Show help

Examples: bash ./scanner.sh -d example.com -c "whoami" ./scanner.sh -d api.example.com -c "hostname" ./scanner.sh -d https://example.com/api -c "pwd"

2. multi_scanner.sh - Automated Multi-Test Scanner

Automatically tests multiple commands, subdomains, and paths.

Syntax: bash ./multi_scanner.sh -d [OPTIONS]

Options:

  • -d, --domain - Target domain (required)
  • -q, --quick - Quick scan (4 commands)
  • -f, --full - Full scan (15+ commands, subdomains, paths)
  • -o, --output - Custom output directory
  • -h, --help - Show help

Examples: bash ./multi_scanner.sh -d example.com --quick ./multi_scanner.sh -d example.com --full ./multi_scanner.sh -d example.com -o my_results

📊 Understanding Results

Success ✅

[+] Command executed successfully! ┌─ Command Output ────────────────────────────────┐ │ uid=1000(node) gid=1000(node) groups=1000(node) └─────────────────────────────────────────────────┘

Action: Report via bug bounty program immediately!

500 Error ⚠️

[!] Failed - Server error (500) - Promising!

Action: Try different commands - likely vulnerable!

403 Forbidden ❌

[✗] Failed - WAF/Firewall blocked (403)

Action: Try different subdomains or skip target.

📁 Output Files

Multi-scanner creates organized results:

scan_results_20241208_153045/ ├── successful_tests.txt # 🎉 Vulnerabilities found ├── 500_errors.txt # ⚠️ Promising targets ├── scan_report.txt # 📝 Full summary └── all_tests.log # 📋 All tests

🎯 Bug Bounty Workflow

1. Find Targets

2. Verify Technology

bash

Check if site uses React/Next.js

curl -s https://example.com | grep -i "NEXT_DATA"

3. Test Vulnerability

bash

Quick scan first

./multi_scanner.sh -d example.com --quick

If promising, full scan

./multi_scanner.sh -d example.com --full

4. Report

  • Document affected URL
  • Include proof of concept
  • Show command output
  • Suggest remediation
  • Report via proper channel

🔧 Troubleshooting

Permission Denied

bash chmod +x scanner.sh multi_scanner.sh

curl Not Found

bash

Ubuntu/Debian

sudo apt install curl

CentOS/RHEL

sudo yum install curl

macOS

brew install curl

SSL Errors

bash

Use HTTP instead

Or modify script to add -k flag to curl

All Tests Fail (403)

  • Try different subdomains
  • Test HTTP instead of HTTPS
  • Check if site uses WAF
  • Move to next target

🎓 Advanced Tips

Test Multiple Targets

bash for domain in site1.com site2.com site3.com; do ./multi_scanner.sh -d "$domain" --quick sleep 60 done

Check 500 Errors

bash

After scan, review promising targets

cat scan_results_*/500_errors.txt

👤 Author

unkowneeror

Happy Bug Hunting! 🎯

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages