kqjy/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nextcheck.sh

Browse Source
This commit is contained in:
kqjy
2025-12-07 05:28:30 +00:00
parent 52b407994c
commit 3418bcaffd
1 changed files with 55 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
nextcheck.sh
View File

@@ -1,57 +1,81 @@
#!/bin/bash #!/bin/bash
# 1. PRE-FLIGHT CHECK: Ensure Docker is running and accessible # 1. PRE-FLIGHT CHECK
if ! docker ps >/dev/null 2>&1; then if ! docker ps >/dev/null 2>&1; then
echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon." echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon. Use 'sudo'."
echo " Try running this script with 'sudo'."
exit 1 exit 1
fi fi
# Counters # Counters
TOTAL_SCANNED=0 TOTAL_SCANNED=0
NODE_CONTAINERS=0 NODE_CONTAINERS=0
VULNERABLE_COUNT=0 VULN_RCE=0 # React2Shell (RCE)
VULN_AUTH=0 # Middleware Bypass
echo "========================================================" echo "=============================================================================="
echo " Next.js Vulnerability Scanner (CVE-2025-55182) " echo " Next.js & React Vulnerability Scanner (CVE-2025-55182 / 66478 / 29927) "
echo "========================================================" echo "=============================================================================="
echo "TARGET: RCE (Next.js 15+, React 19+) & Auth Bypass (Next.js <14.2.25)"
echo "------------------------------------------------------------------------------"
# We use Process Substitution < <(...) instead of a pipe |
# This ensures the loop runs in the current shell, preserving variables.
while IFS='|' read -r id name; do while IFS='|' read -r id name; do
((TOTAL_SCANNED++)) ((TOTAL_SCANNED++))
# Optional: Progress indicator (uncomment if you have many containers)
# echo -ne "Scanning: $name\r"
# 2. HEURISTIC: Is this a Node environment? # 2. HEURISTIC: Is this a Node environment?
# We check for package.json in standard paths or the 'node' binary
is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no") is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
if [ "$is_node" == "yes" ]; then if [ "$is_node" == "yes" ]; then
((NODE_CONTAINERS++)) ((NODE_CONTAINERS++))
# 3. VERSION CHECK # 3. VERSION EXTRACTION
# Method A: Grep package.json # We try to grep versions from package.json output (more reliable than npm list in some containers)
version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null) # We read the file once to a variable to save docker exec calls
pkg_content=$(docker exec "$id" cat /app/package.json /usr/src/app/package.json 2>/dev/null)
# Method B: Check for Standalone server # Extract versions using grep (matches "next": "^14.2.21" -> 14.2.21)
is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null) next_ver=$(echo "$pkg_content" | grep -Po '"next":\s*"\^?\K[0-9.]+' | head -n1)
react_ver=$(echo "$pkg_content" | grep -Po '"react":\s*"\^?\K[0-9.]+' | head -n1)
if [[ ! -z "$version_check" ]]; then # 4. VULNERABILITY LOGIC
echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check" status=""
((VULNERABLE_COUNT++))
elif [[ ! -z "$is_standalone" ]]; then # CHECK 1: RCE (React2Shell) - Next.js 15+ OR React 19+
echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually" if [[ "$next_ver" =~ ^15\. ]] || [[ "$next_ver" =~ ^16\. ]] || [[ "$react_ver" =~ ^19\. ]]; then
((VULNERABLE_COUNT++)) status="\033[31m[CRITICAL RCE]\033[0m"
((VULN_RCE++))
# CHECK 2: Middleware Auth Bypass - Next.js 14.x < 14.2.25
# Logic: Starts with 14., and subversion comparison (simplified for bash)
elif [[ "$next_ver" =~ ^14\. ]]; then
# Extract minor and patch: 14.2.21 -> minor=2, patch=21
minor=$(echo "$next_ver" | cut -d. -f2)
patch=$(echo "$next_ver" | cut -d. -f3)
# Vulnerable if 14.0.x - 14.1.x OR (14.2.x AND patch < 25)
if [ "$minor" -lt 2 ] || { [ "$minor" -eq 2 ] && [ "$patch" -lt 25 ]; }; then
status="\033[33m[HIGH AUTH BYPASS]\033[0m"
((VULN_AUTH++))
else
status="\033[32m[SAFE]\033[0m"
fi
elif [[ ! -z "$next_ver" ]]; then
status="\033[32m[SAFE]\033[0m" # Older versions (13, 12) usually safe from these specific CVEs
fi
# 5. OUTPUT
if [[ ! -z "$next_ver" ]]; then
echo -e "$status $name"
echo -e " Next.js: $next_ver | React: ${react_ver:-Unknown}"
fi fi
fi fi
done < <(docker ps --format '{{.ID}}|{{.Names}}') done < <(docker ps --format '{{.ID}}|{{.Names}}')
echo -e "\n========================================================" echo "=============================================================================="
echo "SCAN COMPLETE" echo "SCAN SUMMARY"
echo "--------------------------------------------------------" echo "------------------------------------------------------------------------------"
echo "Total Containers Scanned: $TOTAL_SCANNED" echo "Containers Scanned: $TOTAL_SCANNED"
echo "Node/JS Environments: $NODE_CONTAINERS" echo "Node Environments: $NODE_CONTAINERS"
echo "Next.js Apps Found: $VULNERABLE_COUNT" echo "RCE Vulnerable: $VULN_RCE (React2Shell)"
echo "========================================================" echo "Auth Vulnerable: $VULN_AUTH (Middleware Bypass)"
echo "=============================================================================="