Exploit tool for NextJS
$ npm install -g nextploiter
$ nextploiter COMMAND
running command...
$ nextploiter (--version)
nextploiter/1.0.0 darwin-arm64 node-v24.12.0
$ nextploiter --help [COMMAND]
USAGE
$ nextploiter COMMAND
...nextploiter help [COMMAND]nextploiter pluginsnextploiter plugins add PLUGINnextploiter plugins:inspect PLUGIN...nextploiter plugins install PLUGINnextploiter plugins link PATHnextploiter plugins remove [PLUGIN]nextploiter plugins resetnextploiter plugins uninstall [PLUGIN]nextploiter plugins unlink [PLUGIN]nextploiter plugins updatenextploiter rcenextploiter rce access-filesnextploiter rce kill-servernextploiter rce list-envnextploiter rce list-filesnextploiter rce process-access-filesnextploiter rce spawn-terminal
Display help for nextploiter.
USAGE
$ nextploiter help [COMMAND...] [-n]
ARGUMENTS
[COMMAND...] Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for nextploiter.
See code: @oclif/plugin-help
List installed plugins.
USAGE
$ nextploiter plugins [--json] [--core]
FLAGS
--core Show core plugins.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
List installed plugins.
EXAMPLES
$ nextploiter plugins
See code: @oclif/plugin-plugins
Installs a plugin into nextploiter.
USAGE
$ nextploiter plugins add PLUGIN... [--json] [-f] [-h] [-s | -v]
ARGUMENTS
PLUGIN... Plugin to install.
FLAGS
-f, --force Force npm to fetch remote resources even if a local copy exists on disk.
-h, --help Show CLI help.
-s, --silent Silences npm output.
-v, --verbose Show verbose npm output.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Installs a plugin into nextploiter.
Uses npm to install plugins.
Installation of a user-installed plugin will override a core plugin.
Use the NEXTPLOITER_NPM_LOG_LEVEL environment variable to set the npm loglevel.
Use the NEXTPLOITER_NPM_REGISTRY environment variable to set the npm registry.
ALIASES
$ nextploiter plugins add
EXAMPLES
Install a plugin from npm registry.
$ nextploiter plugins add myplugin
Install a plugin from a github url.
$ nextploiter plugins add https://github.com/someuser/someplugin
Install a plugin from a github slug.
$ nextploiter plugins add someuser/someplugin
Displays installation properties of a plugin.
USAGE
$ nextploiter plugins inspect PLUGIN...
ARGUMENTS
PLUGIN... [default: .] Plugin to inspect.
FLAGS
-h, --help Show CLI help.
-v, --verbose
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Displays installation properties of a plugin.
EXAMPLES
$ nextploiter plugins inspect myplugin
See code: @oclif/plugin-plugins
Installs a plugin into nextploiter.
USAGE
$ nextploiter plugins install PLUGIN... [--json] [-f] [-h] [-s | -v]
ARGUMENTS
PLUGIN... Plugin to install.
FLAGS
-f, --force Force npm to fetch remote resources even if a local copy exists on disk.
-h, --help Show CLI help.
-s, --silent Silences npm output.
-v, --verbose Show verbose npm output.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Installs a plugin into nextploiter.
Uses npm to install plugins.
Installation of a user-installed plugin will override a core plugin.
Use the NEXTPLOITER_NPM_LOG_LEVEL environment variable to set the npm loglevel.
Use the NEXTPLOITER_NPM_REGISTRY environment variable to set the npm registry.
ALIASES
$ nextploiter plugins add
EXAMPLES
Install a plugin from npm registry.
$ nextploiter plugins install myplugin
Install a plugin from a github url.
$ nextploiter plugins install https://github.com/someuser/someplugin
Install a plugin from a github slug.
$ nextploiter plugins install someuser/someplugin
See code: @oclif/plugin-plugins
Links a plugin into the CLI for development.
USAGE
$ nextploiter plugins link PATH [-h] [--install] [-v]
ARGUMENTS
PATH [default: .] path to plugin
FLAGS
-h, --help Show CLI help.
-v, --verbose
--[no-]install Install dependencies after linking the plugin.
DESCRIPTION
Links a plugin into the CLI for development.
Installation of a linked plugin will override a user-installed or core plugin.
e.g. If you have a user-installed or core plugin that has a 'hello' command, installing a linked plugin with a 'hello'
command will override the user-installed or core plugin implementation. This is useful for development work.
EXAMPLES
$ nextploiter plugins link myplugin
See code: @oclif/plugin-plugins
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins remove [PLUGIN...] [-h] [-v]
ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins remove myplugin
Remove all user-installed and linked plugins.
USAGE
$ nextploiter plugins reset [--hard] [--reinstall]
FLAGS
--hard Delete node_modules and package manager related files in addition to uninstalling plugins.
--reinstall Reinstall all plugins after uninstalling.
See code: @oclif/plugin-plugins
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins uninstall [PLUGIN...] [-h] [-v]
ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins uninstall myplugin
See code: @oclif/plugin-plugins
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins unlink [PLUGIN...] [-h] [-v]
ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins unlink myplugin
Update installed plugins.
USAGE
$ nextploiter plugins update [-h] [-v]
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Update installed plugins.
See code: @oclif/plugin-plugins
Used for running javascript code at the remote server.
USAGE
$ nextploiter rce
DESCRIPTION
Used for running javascript code at the remote server.
See code: src/commands/rce/index.ts
Helper to list return files in the server. May not work for serverless systems.
USAGE
$ nextploiter rce access-files --baseURL <value>
FLAGS
--baseURL=<value> (required)
DESCRIPTION
Helper to list return files in the server. May not work for serverless systems.
See code: src/commands/rce/access-files.ts
Helper that uses process.exit to shutdown remote server.
USAGE
$ nextploiter rce kill-server --baseURL <value>
FLAGS
--baseURL=<value> (required)
DESCRIPTION
Helper that uses process.exit to shutdown remote server.
See code: src/commands/rce/kill-server.ts
Helper that iterates through process.env to scrape all environment variables.
USAGE
$ nextploiter rce list-env --baseURL <value>
FLAGS
--baseURL=<value> (required)
DESCRIPTION
Helper that iterates through process.env to scrape all environment variables.
See code: src/commands/rce/list-env.ts
Helper to list all files in the server. May not work for serverless systems.
USAGE
$ nextploiter rce list-files --baseURL <value> [--dir <value>]
FLAGS
--baseURL=<value> (required) Base URL of server to attack
--dir=<value> [default: .] Directory for ls command
DESCRIPTION
Helper to list all files in the server. May not work for serverless systems.
See code: src/commands/rce/list-files.ts
Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
USAGE
$ nextploiter rce process-access-files --baseURL <value> --path <value>
FLAGS
--baseURL=<value> (required)
--path=<value> (required)
DESCRIPTION
Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
See code: src/commands/rce/process-access-files.ts
Helper that spawns a terminal.
USAGE
$ nextploiter rce spawn-terminal --baseURL <value>
FLAGS
--baseURL=<value> (required)
DESCRIPTION
Helper that spawns a terminal.
See code: src/commands/rce/spawn-terminal.ts