Update app.py

app.py

@@ -7,7 +7,7 @@ import json
 from urllib.parse import urlparse
 from requests.exceptions import RequestException
 
-# --- Core Scanner Logic (Adapted from Assetnote) ---
+# --- Core Scanner Logic ---
 
 def normalize_host(host: str) -> str:
     """Normalize host to include scheme if missing."""
@@ -157,9 +157,8 @@ def scan_target(url, safe_check, windows_mode, waf_bypass, vercel_bypass, custom
 
     host = normalize_host(url)
     timeout = 10
-    verify_ssl = True # In a public space, maybe better to keep SSL verification on
+    verify_ssl = True 
     
-    # Determine Payload
     if safe_check:
         body, content_type = build_safe_payload()
         check_func = is_vulnerable_safe_check
@@ -193,7 +192,6 @@ def scan_target(url, safe_check, windows_mode, waf_bypass, vercel_bypass, custom
         target_url = f"{host}{path}"
         logs.append(f"\nTesting: {target_url}")
         
-        # Test 1: Direct Path
         resp, error = send_payload(target_url, headers, body, timeout, verify_ssl)
         
         if error:
@@ -208,8 +206,6 @@ def scan_target(url, safe_check, windows_mode, waf_bypass, vercel_bypass, custom
                 return "\n".join(logs)
             else:
                 logs.append("Result: Not Vulnerable")
-                
-                # Test 2: Follow Redirect (if 1st failed)
                 redirect_url = resolve_redirects(target_url, timeout, verify_ssl)
                 if redirect_url != target_url:
                     logs.append(f"\nFollowing redirect to: {redirect_url}")
@@ -229,19 +225,37 @@ def scan_target(url, safe_check, windows_mode, waf_bypass, vercel_bypass, custom
 
 # --- UI Setup ---
 
+# Guide Content in Markdown
+guide_content = """
+### 📋 Recommended Workflow
+1. **Safe Check (Start Here):** Non-destructive. Checks for side-channel indicators without executing code.
+2. **Standard RCE:** If Safe Check is inconclusive, use this to attempt actual code execution (Safe Check must be OFF).
+3. **Windows Mode:** If target is Windows-based and Standard RCE failed.
+4. **WAF Bypass:** If you receive `403 Forbidden` errors.
+
+### ℹ️ Mode Definitions
+* **Safe Check:** Triggers a specific 500 error digest to confirm vulnerability without RCE.
+* **Windows Mode:** Uses PowerShell payload (`powershell -c ...`) instead of Unix shell.
+* **Generic WAF Bypass:** Pads the request with junk data to push payload past WAF inspection limits.
+* **Vercel WAF Bypass:** Uses a specific multipart structure to bypass Vercel-specific defenses.
+"""
+
 with gr.Blocks(title="React2Shell Scanner") as demo:
     gr.Markdown("# React2Shell Scanner (CVE-2025-55182)")
-    gr.Markdown("Web-based scanner for React Server Components / Next.js RCE. Based on the [Assetnote Scanner](https://github.com/assetnote/react2shell-scanner).")
+    gr.Markdown("Web-based scanner for React Server Components / Next.js RCE.")
     
+    with gr.Accordion("📖 Help & Usage Guide", open=False):
+        gr.Markdown(guide_content)
+
     with gr.Row():
         url_input = gr.Textbox(label="Target URL", placeholder="https://example.com")
         path_input = gr.Textbox(label="Custom Path (Optional)", placeholder="/_next", value="")
     
     with gr.Row():
-        safe_check = gr.Checkbox(label="Safe Check (Side-Channel)", value=True, info="Uses non-destructive payload.")
+        safe_check = gr.Checkbox(label="Safe Check", value=True, info="Side-channel check (Non-destructive).")
         windows_mode = gr.Checkbox(label="Windows Mode", value=False, info="Use PowerShell payload.")
-        waf_bypass = gr.Checkbox(label="Generic WAF Bypass", value=False, info="Add junk data.")
-        vercel_bypass = gr.Checkbox(label="Vercel WAF Bypass", value=False)
+        waf_bypass = gr.Checkbox(label="Generic WAF Bypass", value=False, info="Add junk data padding.")
+        vercel_bypass = gr.Checkbox(label="Vercel WAF Bypass", value=False, info="Specific structure for Vercel.")
 
     scan_btn = gr.Button("Scan Target", variant="primary")
     output_box = gr.Textbox(label="Scan Output", lines=10)
@@ -252,6 +266,6 @@ with gr.Blocks(title="React2Shell Scanner") as demo:
         outputs=output_box
     )
 
-    gr.Markdown("**Disclaimer:** This tool is for educational and authorized security testing purposes only. Do not scan targets you do not own or have permission to test.")
+    gr.Markdown("**Disclaimer:** This tool is for educational and authorized security testing purposes only. Do not scan targets you do not own.")
 
 demo.launch()