Available on crate feature
react2shell only.Expand description
§React2Shell — CVE-2025-55182 Scanner, Attacker & Report Generator
Enterprise-grade React Server Components vulnerability toolkit.
This module provides a complete Rust implementation of the React2Shell toolchain:
§Scanner
- Static JS bundle analysis (React & Next.js version detection)
- RSC/Server Action endpoint discovery
- HTTP header analysis for framework fingerprinting
- Sensitive file fuzzing (
.env,.git/config, etc.) - Secret/API key pattern detection in JS bundles
- Vulnerability evaluation against known-vulnerable version lists
§Attacker
- Phase 1 — Reconnaissance: Technology stack fingerprinting & version extraction
- Phase 2 — Source Leak (CVE-2025-55183): Flight protocol source code exfiltration
- Phase 3 — DoS (CVE-2025-55184): Memory/CPU exhaustion via self-referencing payloads
- Phase 4 — RCE (CVE-2025-55182): Remote code execution via blob handler exploitation
- Phase 5 — Full Chain: Orchestrated multi-phase attack with optional Tor proxying
§Report Generator
- Structured JSON reports for all scan/attack phases
- Colored console output with severity indicators
- Aggregate attack report combining all phases
Structs§
- Attack
Phase Result - Result of a single attack phase.
- Attack
Report - Aggregate attack report combining scan + attack results.
- Dependency
Info - A discovered software dependency with version.
- DosResult
- DoS test result.
- Exposed
File - An exposed sensitive file discovered during fuzzing.
- Full
Chain Result - Combined full-chain attack result.
- RceCommand
Output - Output from a single RCE command execution.
- RceResult
- RCE execution result.
- React2
Shell Scanner - React2Shell vulnerability scanner for detecting CVE-2025-55182.
- Recon
Result - Reconnaissance phase result.
- Report
Summary - RscEndpoint
- A discovered RSC/Server Action endpoint.
- Scan
Result - Full results from a React2Shell vulnerability scan.
- Secret
Info - A detected secret/credential.
- Source
Leak Finding - A finding from source code leak analysis.
- Source
Leak Result - Source leak attack result.
- Version
Info - Version information detected from a source.
Functions§
- build_
rce_ payload - Build an RCE payload for the Flight protocol.
- craft_
leak_ payload - Craft a Flight-format source leak payload.
- execute_
dos - Execute the DoS attack against the target.
- execute_
rce - Execute the full RCE attack phase (recon cmds + PoC file creation).
- execute_
rce_ command - Execute a command via RCE (demo/educational mode).
- execute_
source_ leak - Execute the source leak attack against a target.
- extract_
sensitive_ data - Extract sensitive data from leaked source code using regex patterns.
- generate_
report - Generate a structured JSON report combining scan and attack results.
- is_
nextjs_ vulnerable - Check if a Next.js version is in the known-vulnerable list.
- is_
react_ vulnerable - Check if a React version is in the known-vulnerable list.
- measure_
baseline - Measure baseline response time for the target.
- print_
dos_ result - Print a DoS result to console.
- print_
full_ chain_ result - Print a full-chain attack result to console.
- print_
rce_ result - Print an RCE result to console.
- print_
recon_ result - Print a reconnaissance result to console.
- print_
scan_ result - Print a scan result to the console with ANSI colors.
- print_
source_ leak_ result - Print a source leak result to console.
- report_
to_ json - Serialize a report to a JSON string.
- run_
full_ chain - Run the full attack chain (Recon → Source Leak → DoS → RCE) against a target.
- run_
recon - Reconnaissance attack — technology stack fingerprinting.
- save_
report - Save a report to a JSON file.
- scan_
and_ attack - Run the full attack chain (scan + all phases) and generate a report.
- scan_
and_ report - Run a full vulnerability scan and generate a console report.
- test_
memory_ exhaustion - Test memory exhaustion via self-referencing DoS payload.