Skip to content

Ju0x/React2Catch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.slsa-goreleaser.yml
.slsa-goreleaser.yml
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
log.go
log.go
 
 
main.go
main.go
 
 
tarpit.go
tarpit.go
 
 
utils.go
utils.go
 
 

Repository files navigation

React2Catch

A simple honeypot which passively logs any attempt to exploit React2Shell.

Setup

You can download the latest release.

Adding execute permissions:

chmod +x react2catch-linux-amd64

Running React2Catch:

./react2catch-linux-amd64

You might also want to use the command line options, depending on your setup:

./react2catch-linux-amd64 --addr :1337 --trusted 127.0.0.1,::1 --tarpit --output ./logs/react2catch.jsonl

--addr

Sets the address to listen on. (e.g. :8080, localhost:1337, ...)

--trusted

Adds trusted IPs which will be accepted for X-Forwarded-For or X-Real-IP headers, if you're using a Reverse-Proxy

--output

Sets the output file for the log. (Default: catches.jsonl)

--tarpit

Enables the tarpit. Every requester that sends the exploit will get random data every few seconds, so the connection keeps open for hosts that aren't properly checking the response.

Build

To build from source, you need an installation of the Go language. It's tested on version 1.25.5, but other versions might also work well. If you installed go, you can clone the project:

git clone https://github.com/Ju0x/React2Catch

And build it:

go build .

About

Simple React2Shell honeypot

Topics

golang honeypot websecurity react2shell

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.1.2 Update Latest
Dec 15, 2025
+ 2 releases

Packages

No packages published

Languages