https://github.com/ndr-repo/react2shell
Resources for red team operators to discover & leverage react2shell vulnerabilities
https://github.com/ndr-repo/react2shell
react2shell react2shell-scanner
Last synced: 3 months ago
JSON representation
Resources for red team operators to discover & leverage react2shell vulnerabilities
- Host: GitHub
- URL: https://github.com/ndr-repo/react2shell
- Owner: ndr-repo
- License: mit
- Created: 2025-12-17T19:02:38.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2025-12-17T21:11:48.000Z (6 months ago)
- Last Synced: 2025-12-21T07:24:25.929Z (6 months ago)
- Topics: react2shell, react2shell-scanner
- Homepage:
- Size: 82 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# react2shell
Resources for red team operators to discover & exploit react2shell vulnerabilities. For authorized use only. I am not responsible for your actions.
## Recon Automation Bookmarklet
 
### Related PoCs
- [maple3142 RCE PoC](https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3)
## Related Exploit Chain - Trend Micro Research
### base64 encoding bash one-liners
```
echo “” | base64
```
### Running base64 encoded bash one-liners
```
echo “” | base64 -d | bash
```
### example - creating a host fingerprinting one-liner:
```
echo "uname -a && id && ip address | grep -oP 'inet.*' " | base64
```
### example - running base64 encoded host fingerprinting one-liner:
```
echo "dW5hbWUgLWEgJiYgaWQgJiYgaXAgYWRkcmVzcyB8ICBncmVwIC1vUCAnaW5ldC4qJyAK" | base64 -d | bash
```
## Related Industry Articles
- [SonicWall Capture Labs](https://www.sonicwall.com/blog/react2shell-cve-2025-55182-critical-unauthenticated-rce)
- [Trend Micro Research](https://www.trendmicro.com/en_us/research/25/l/CVE-2025-55182-analysis-poc-itw.html)
- [Splunk Research](https://research.splunk.com/stories/react2shell/)
## Labs
- [TryHackMe](https://tryhackme.com/room/react2shellcve202555182)