miniprint
A medium interaction printer honeypot
About
miniprint acts like a standard networked printer that has been accidentally exposed to the public internet.
It speaks the Printer Job Language (PJL) over the raw network "protocol"
Features
- A fully-featured virtual filesystem in which attackers can read and write files and directories - nothing gets written to the host
- Any PostScript or plaintext print jobs sent to the printer will be saved to the
uploads/directory - Extensive (probably too much) logging
- Shodan Honeycore: 0
Installation
virtualenv venv && source ./venv/bin/activate(optional)pip3 install -r requirements.txtpython3 ./server.py
Usage
usage: miniprint [-b,--bind HOST] [-l,--log-file FILE] [-t,--time-out TIME] [-h]
miniprint - a medium interaction printer honeypot
by Dan Salmon: @BLTjetpack, github.com/sa7mon
optional arguments:
-b, --bind <host> Bind the server to <host> (default: localhost)
-l, --log-file <file> Save all logs to <file> (default: ./miniprint.log)
-t, --timeout <time> Wait up to <time> seconds for commands before disconnecting client (default: 120)
-h, --help show this help message and exit
To interactively attack miniprint on localhost, you can use PRET with the following command: python ./pret.py localhost pjl
Logs are generated in format: time - loglevel - method - operation - message and are saved to miniprint.log by default.
Requirements
- Python >= 3.5
Printer Protocol Support
| Protocol | Port | Support |
|---|---|---|
| Raw | 9100 | Yes |
| Web | 80 | No |
| IPP | 631 | No |
| LPD | 515 | No |
Printer Control Language Support
| Language | Support |
|---|---|
| PJL | Yes |
| PML | No |
Page Description Language Support
| Language | Support |
|---|---|
| Yes | |
| XPS | No |
| PostScript | No |
| Plaintext | Yes |
| PCL | No |
Known Issues
- PostScript files printed that don't contain
%%EOFat the end will cause the printer to wait indefinitely for the end of the job.
Thanks
- frbexiga at BinaryEdge
- Jens Mรผller for the hacking-printers.net wiki