Skip to content

ssmvl2/Nextjs-RCE-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

35 Commits
.idea
.idea
Β 
Β 
Icon.png
Icon.png
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
god_access.py
god_access.py
Β 
Β 
main.go
main.go
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

πŸš€ God Mode Access - CVE-2025-66478 Interactive Shell

Python Version License Security

⚠️ FOR EDUCATIONAL AND AUTHORIZED SECURITY RESEARCH ONLY ⚠️

A sophisticated interactive exploitation tool for CVE-2025-66478 - a critical Next.js RCE vulnerability. This tool provides a god-mode terminal interface for authorized penetration testing and security research.

πŸ“‹ Features

  • Interactive Terminal: Beautiful colored terminal interface with command history
  • Real-time RCE: Execute commands on vulnerable Next.js servers
  • File Operations: Upload/download files, directory navigation
  • System Recon: Built-in reconnaissance commands
  • Cross-Platform: Works on both Linux/Unix and Windows targets
  • Session Management: Persistent session tracking and logging

πŸš€ Quick Start

Prerequisites

  • Python 3.7 or higher
  • pip package manager

πŸ› οΈ Installation

  1. Clone the repository:
git clone https://github.com/ssmvl2/Nextjs-RCE-Exploit.git
cd Nextjs-RCE-Exploit
  1. Install dependencies:
pip install -r requirements.txt
  1. Run the tool:

Linux/macOS:

python3 god_access.py https://vulnerable-target.com

Windows:

python god_access.py https://vulnerable-target.com

πŸ”§ Usage

Basic Usage

Linux/macOS:

python3 god_access.py https://target-domain.com

Windows:

python god_access.py https://target-domain.com

Advanced Options

Linux/macOS:

# Disable SSL verification (for self-signed certs)
python3 god_access.py https://target.com --insecure

# Set custom timeout
python3 god_access.py https://target.com --timeout 60

# Show help
python3 god_access.py --help

Windows:

# Disable SSL verification (for self-signed certs)
python god_access.py https://target.com --insecure

# Set custom timeout
python god_access.py https://target.com --timeout 60

# Show help
python god_access.py --help

πŸ–₯️ Interactive Commands

Once connected, you'll have access to these built-in commands:

System Information

  • sysinfo - Get comprehensive system details
  • uname - Show kernel/system information
  • ps - List running processes
  • netstat - Show network connections

File Operations

  • ls [dir] - List directory contents
  • cd <dir> - Change directory
  • cat <file> - View file contents
  • pwd - Show current directory
  • download <remote> <local> - Download files
  • upload <local> <remote> - Upload files

Network Tools

  • ping <host> - Ping network hosts
  • curl <url> - Fetch URLs
  • wget <url> - Download from web
  • ifconfig/ipconfig - Network interface info

Privilege Escalation

  • sudo -l - Check sudo permissions
  • findsuid - Find SUID binaries
  • crontab -l - List cron jobs
  • env - Show environment variables

Utility Commands

  • help - Show help menu
  • clear - Clear terminal screen
  • history - Show command history
  • pwnd - Show exploitation status
  • exit/quit - Exit the shell

πŸ›‘οΈ Security & Legal

IMPORTANT DISCLAIMER

This tool is provided for educational purposes only. The author is not responsible for any misuse or damage caused by this tool. Use only:

  • On systems you own
  • On systems you have explicit written permission to test
  • In controlled lab environments for research

Legal Compliance

  • Always obtain proper authorization before testing
  • Comply with all applicable laws and regulations
  • Respect privacy and data protection laws
  • Use only for legitimate security assessment purposes

🧩 Technical Details

Vulnerability: CVE-2025-66478

Critical RCE vulnerability in Next.js allowing arbitrary code execution via specially crafted HTTP requests.

Requirements

  • Next.js versions 13.0.0 - 14.2.0
  • Server-side rendering enabled
  • Certain middleware configurations

Detection

The tool automatically detects vulnerable endpoints and validates access before providing interactive shell.

πŸ§ͺ Testing

Test Environment Setup

# Create virtual environment
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Run against test server (authorized targets only)
python3 god_access.py https://test-target.com

🀝 Contributing

Contributions are welcome! Please follow these steps:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/AmazingFeature)
  3. Commit changes (git commit -m 'Add AmazingFeature')
  4. Push to branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

Code Style

  • Follow PEP 8 guidelines
  • Add comments for complex logic
  • Include error handling
  • Update documentation accordingly

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Responsible Disclosure

If you discover a vulnerability using this tool:

  1. Do not exploit without permission
  2. Report to the affected organization immediately
  3. Follow responsible disclosure practices
  4. Allow reasonable time for patching

πŸ†˜ Support

For issues and questions:

  1. Check the Issues page
  2. Ensure you're using the latest version
  3. Provide detailed reproduction steps

Remember: With great power comes great responsibility. Use this tool ethically and legally.

This tool is for authorized security testing and educational purposes only.

Author: tganga369
Repository: https://github.com/ssmvl2/Nextjs-RCE-Exploit/ Last Updated: December 2025

About

Nextjs RCE Exploit

Topics

directory developer nextjs-rce-exploit

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Download Nextjs RCE Exploit v1.3.8 Latest
Jan 2, 2026

Packages

No packages published

Languages