doesbadthings/react-2-you
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
React2You is a powerful Scanner & Exploitation Tool designed for CVE-2025-55182 and CVE-2025-66478. It combines mass scanning capabilities with an interactive RCE (Remote Code Execution) exploitation shell. https://blog.doesbadthings.online/2025/12/09/react2you-the-evolution-of-react2shell-exploitation-and-waf-evasion/
3 commits 1 branch 0 tags 33 KiB
Find a file
Exact
doesbadthings 5446a5fc26 removed the python badge because useless
2025-12-09 12:58:28 +00:00
react2you.py Téléverser les fichiers vers "/" 2025-12-09 12:53:49 +00:00
README.md removed the python badge because useless 2025-12-09 12:58:28 +00:00

README.md

React2You

React2You is a powerful Scanner & Exploitation Tool designed for CVE-2025-55182 and CVE-2025-66478. It combines mass scanning capabilities with an interactive RCE (Remote Code Execution) exploitation shell.

Warning

Disclaimer: This tool is for educational purposes and authorized security testing only. Assessing targets without prior mutual consent is illegal. The author assumes no liability for any misuse of this tool.

Features

  • Mass Scanning: Multi-threaded scanning of a list of URLs.
  • Interactive Shell: specific RCE exploitation mode giving you a pseudo-shell on the target.
  • WAF Bypass: Generates random junk data to evade Web Application Firewalls.
  • Stealth Mode: Uses UTF-16LE encoding and JSON obfuscation to bypass strong WAFs.
  • Customizable: Support for custom headers, proxies, and timeout settings.
  • Verification: Uses safe non-destructive payloads for vulnerability checking.

Installation

React2You requires Python 3. Install the dependencies using pip:

pip install requests

Optional (but recommended) dependencies for better output:

pip install tqdm pyfiglet

Usage

1. Mass Scanning

Scan a list of URLs from a file to find vulnerable hosts.

python react2you.py -l urls.txt -t 20
  • -l, --list: File containing list of URLs.
  • -t, --threads: Number of concurrent threads (default: 10).

2. Single Target Scan

Check if a specific single URL is vulnerable.

python react2you.py -u http://example.com

3. Interactive Shell (RCE)

Open an interactive shell on a vulnerable target.

python react2you.py -u http://example.com -i
  • -i, --interactive: Enables the interactive shell mode.

4. Execute Single Command

Run a single command on the target without entering the interactive shell.

python react2you.py -u http://example.com -c "id"
  • -c, --command: Command to execute.

5. Advanced Options & Evasion

WAF Bypass: Add random junk data to the payload to bypass size-based or signature-based WAF rules.

python react2you.py -u http://example.com -i --waf-bypass --waf-bypass-size 512
  • --waf-bypass: Enable junk data generation.
  • --waf-bypass-size: Size of junk data in KB (default: 128).

Stealth Mode (Strong WAF Bypass): Use UTF-16LE encoding and JSON key obfuscation to evade sophisticated WAF rules.

python react2you.py -u http://example.com --stealth
  • --stealth: Enable UTF-16LE encoding & JSON Obfuscation.

Proxy & Headers: Use a proxy (e.g., Burp Suite) and add custom headers (e.g., cookies).

python react2you.py -u http://example.com -p http://127.0.0.1:8080 -H "Cookie: session=xyz"

Help

To see all available options:

python react2you.py -h

Credits

Based on research and tools by:

Bugs

--stealth seems to be a little buggy and not working will fix it maybe this week :)