explaingit

oseasfr/scanner_cve_2026-42945

16PythonAudience · ops devopsComplexity · 3/5ActiveSetup · moderate

TLDR

Python scanner that checks IPs, CIDR ranges, or ASNs for Nginx versions older than 1.30.1 (CVE-2026-42945 NGINX RIFT) and writes vulnerable, safe, and warning hosts to logs.

Mindmap

mindmap
  root((Scanner_CVE_2026-42945))
    Inputs
      IP address
      CIDR range
      ASN
      Input file
    Outputs
      Full log file
      Vulnerable hosts list
      Detailed CSV
    Use Cases
      Audit your own infra
      Check fleet for CVE
      Bulk ASN scan
    Tech Stack
      Python
      requests
      dnspython
      packaging
      urllib3

Things people build with this

USE CASE 1

Audit a company's own IP ranges for outdated Nginx versions affected by CVE-2026-42945

USE CASE 2

Resolve an ASN to its announced prefixes and scan them for the Nginx RIFT bug

USE CASE 3

Produce a CSV report of vulnerable, safe, and undetermined hosts for a remediation ticket

Tech stack

Pythonrequestsdnspythonpackagingurllib3

Getting it running

Difficulty · moderate Time to first run · 30min

Pip install requests, packaging, urllib3, dnspython; only scan infrastructure you own or have written permission to test.

In plain English

This repository is a Python script that scans servers on the internet to find ones running an old, vulnerable version of Nginx, the popular web server software. The specific issue it looks for is CVE-2026-42945, which the README also calls NGINX RIFT and which affects every Nginx release older than version 1.30.1. The README is written in Portuguese and is aimed at administrators who want to check whether their own infrastructure is exposed. The scanner accepts three kinds of input. It can take a single IP address, one or more CIDR ranges (which represent blocks of IP addresses), or an autonomous system number such as AS15169, in which case it looks up the prefixes that the ASN announces using RIPE Stat with a fallback to bgp.tools. Inputs can also be combined or read from a text file with one entry per line. For each target host, the tool sends an HTTP and HTTPS request on the standard ports, reads the Server header from the response, and decides whether the host is vulnerable, safe, hidden, or could not be classified. Results are saved into a logs directory. There is a full log file with a timestamp in its name, a plain text list of just the vulnerable hosts, and a detailed CSV file containing every host along with its status. The four possible status values are vulnerable when the version is below 1.30.1, safe when the version is 1.30.1 or higher, a warning when Nginx is detected but the version is hidden in the headers, and undetermined when the version string could not be parsed. Optional command line flags adjust the number of HTTP worker threads, the request timeout, the number of reverse DNS workers, the DNS timeout, and a flag to skip the confirmation prompt for use in automation. DNS resolution is batched before the HTTP scan so that slow lookups do not slow down the main pass. Installation requires installing four Python packages with pip: requests, packaging, urllib3, and dnspython. The README also includes a remediation section showing how to add the official Nginx repository on Ubuntu or Debian and upgrade to a fixed version, with links to the NVD entry and the Nginx changelog. There is a clear notice that the script should only be used against infrastructure the operator owns or has explicit permission to test, since unauthorized scanning may violate the law.

Copy-paste prompts

Prompt 1
Run Scanner_CVE_2026-42945 against a CIDR I own and explain each status value in the CSV
Prompt 2
Tune worker threads and timeouts in Scanner_CVE_2026-42945 for a 65536-host scan without rate-limiting
Prompt 3
Extend Scanner_CVE_2026-42945 to also check Nginx Plus version banners and add a new status type
Prompt 4
Translate the Portuguese README of Scanner_CVE_2026-42945 to English and list every CLI flag
Open on GitHub → Explain another repo

Generated 2026-05-22 · Model: sonnet-4-6 · Verify against the repo before relying on details.