// the find
byt3bl33d3r/ItWasAllADream
A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
A Python scanner that checks whether Windows hosts on a subnet are vulnerable to PrintNightmare (CVE-2021-34527) without actually exploiting them. It tests both the MS-PAR and MS-RPRN RPC attack vectors and outputs a CSV report. Built for sysadmins and pentesters who needed a fast way to audit exposure across an entire AD environment in 2021.
Deliberately de-fanged — it calls the same vulnerable RPC paths an exploit would but stops short of exploitation, which makes it safer to run in production environments. Covers both MS-PAR and MS-RPRN vectors plus the UNC bypass, so you get a more complete picture than single-vector tools. Docker support is practical: no fighting with Impacket dependencies on whatever machine you happen to be using. CSV output with timestamps is immediately useful for reporting to non-technical stakeholders.
PrintNightmare was patched in mid-2021; nearly five years on, any unpatched Windows host is a much bigger problem than this specific CVE. The tool's usefulness today is almost entirely archaeological or CTF-adjacent. No authentication-less check — you need valid AD credentials, which means you can't use this in early-stage assessments where you haven't landed credentials yet. With 100 default threads hammering RPC across a subnet, it will trigger IDS/EDR alerts on any halfway-monitored network; there's no rate-limiting or stealth mode. Last meaningful commit was 2021 and the project appears abandoned.