The recent disclosure of CVE-2025-55182 and CVE-2025-66478, dubbed « React2Shell », has triggered a global race between defenders patching Next.js/React Server Components and threat actors weaponizing the flaw. While initial Proof-of-Concepts (PoCs) were simple scripts, a new generation of tooling has emerged. So i made React2You, a sophisticated Python-based scanner and exploitation suite, moving beyond simple verification to full interactive (kinda) shell with advanced evasion capabilities. git repo: https://doesbadthings.online/doesbadthings/react-2-you Technical Analysis: Beyond Simple Scanning React2You builds upon the foundational research of Assetnote…
