P7Ping7 security tools

Local read-only detector

Find NGINX Rift exposure before closing the patch ticket

A Bash self-check for CVE-2026-42945. It reviews local NGINX version data, rewrite configuration, ASLR state, worker privilege, and log signals that need operator review.

Open repository View script Read guide All Ping7 tools Repair help
9.2CVSS critical
0 writeslocal read-only checks
Bashno external scanner needed
Run this only on NGINX systems you own or are approved to review. No payloads. No broad scanning. No exploitation steps.
# inspect before running
curl -fsSLO https://raw.githubusercontent.com/limo57640-crypto/nginx-rift-detector/main/detect.sh
less detect.sh

# run on the server
sudo bash detect.sh

# expected status words
CLEAN | VULNERABLE | SUSPICIOUS

What the detector reviews

It is built for the first triage pass after a patch window, not for proving that exploitation never happened.

Version and build

Compares local NGINX version strings with the fixed release markers documented in the Ping7 guide.

Rewrite exposure

Highlights rewrite-heavy configuration that should be reviewed by the server owner before the ticket is closed.

Runtime signals

Checks ASLR, worker user, long request paths, encoded traffic spikes, and worker crash logs.

Result states

The script gives a compact status so it can be pasted into a ticket or repair handoff.

CLEAN

No obvious version, config, or log signal was found with current local access.

SUSPICIOUS

One or more signals need manual review, usually rewrite config, logs, or runtime hardening.

VULNERABLE

Version or configuration suggests exposure. Patch and review the advisory window before closing.

Issue or repair

Open a GitHub issue for tool bugs, false positives, distro version handling, or non-sensitive documentation fixes.

Use Ping7 repair when the result is VULNERABLE or SUSPICIOUS, or when live domains, private logs, crash timestamps, or config lines should not be posted in public.

Evidence to keep

  • Detector output and version.
  • NGINX version and package source.
  • Sanitized rewrite config lines.
  • First suspicious timestamp from access or error logs.
  • Whether logs were rotated, deleted, or stored off-host.

Repair handoff

Send version, result, first suspicious timestamp, and whether access/error logs still exist. Do not send passwords in the first message.

Request Ping7 repair help