printerxpl-forge 6.2.0__py3-none-any.whl

nse/lib/printerxpl.lua

@@ -0,0 +1,238 @@
+---
+-- printerxpl.lua — Shared library for PrinterXPL-Forge NSE scripts
+--
+-- Provides: vendor detection, CVE cross-reference, severity formatting,
+-- PrinterXPL-Forge / EmbedXPL-Forge exploit suggestions, and shared
+-- protocol helpers (PJL, IPP, HTTP, SNMP).
+--
+-- Author: André Henrique (@mrhenrike) | União Geek
+-- Repo  : https://github.com/mrhenrike/PrinterXPL-Forge
+-- Docs  : https://github.com/mrhenrike/PrinterXPL-Forge/wiki/NSE
+---
+
+local stdnse   = require "stdnse"
+local string   = require "string"
+local table    = require "table"
+local math     = require "math"
+
+local _M = {}
+
+-- ── Version ──────────────────────────────────────────────────────────────────
+_M.VERSION = "5.0.0"
+
+-- ── Severity colour tags (nmap output) ───────────────────────────────────────
+_M.SEV = {
+  CRITICAL = "CRITICAL",
+  HIGH     = "HIGH",
+  MEDIUM   = "MEDIUM",
+  LOW      = "LOW",
+  INFO     = "INFO",
+}
+
+-- ── Verdict strings ──────────────────────────────────────────────────────────
+_M.VERDICT = {
+  VULN      = "VULNERABLE",
+  POSSIBLE  = "POSSIBLY VULNERABLE",
+  NOT_VULN  = "NOT VULNERABLE",
+  UNKNOWN   = "UNKNOWN",
+}
+
+-- ── Vendor fingerprint table ─────────────────────────────────────────────────
+-- Each entry: { pattern (case-insensitive), vendor, product_hint }
+_M.VENDOR_PATTERNS = {
+  { pat="hewlett.packard|hp laserjet|hp officejet|hp pagewide|jetdirect|hp enterprise",
+    vendor="HP",        family="LaserJet/OfficeJet/PageWide" },
+  { pat="canon imagerunner|canon imagepress|canon imageclass|canon lbp|canon mf",
+    vendor="Canon",     family="imageCLASS/imageRUNNER/LBP" },
+  { pat="ricoh aficio|ricoh mp|ricoh sp|ricoh im|savin|gestetner|lanier|nashuatec|nrg",
+    vendor="Ricoh",     family="Aficio/MP/SP/IM" },
+  { pat="lexmark",
+    vendor="Lexmark",   family="MX/CX/XC/MB/MC series" },
+  { pat="xerox workcentre|xerox versalink|xerox altalink|xerox phaser|xerox colorqube",
+    vendor="Xerox",     family="WorkCentre/VersaLink/AltaLink" },
+  { pat="brother mfc|brother dcp|brother hl|brother fax",
+    vendor="Brother",   family="MFC/DCP/HL" },
+  { pat="epson workforce|epson ecotank|epson expression|epson stylus",
+    vendor="Epson",     family="WorkForce/EcoTank" },
+  { pat="konica minolta|bizhub|konicaminolta",
+    vendor="Konica Minolta", family="bizhub" },
+  { pat="kyocera ecosys|kyocera taskalfa|kyocera fs",
+    vendor="Kyocera",   family="ECOSYS/TASKalfa" },
+  { pat="sharp mx|sharp ar|sharp bp",
+    vendor="Sharp",     family="MX/AR/BP" },
+  { pat="toshiba e.studio|toshiba estudio",
+    vendor="Toshiba",   family="e-STUDIO" },
+  { pat="samsung multifunction|samsung clx|samsung scx|samsung ml",
+    vendor="Samsung",   family="CLX/SCX/ML" },
+  { pat="oki data|okidata|oki mc|oki es",
+    vendor="OKI",       family="ES/MC" },
+  { pat="dell multifunction|dell color",
+    vendor="Dell",      family="Color MFP" },
+  { pat="cups|openprinting",
+    vendor="Linux/CUPS", family="CUPS scheduler" },
+  { pat="zebra technologies|zebra zpl|zpl ii",
+    vendor="Zebra",     family="Label/Industrial" },
+}
+
+-- ── CVE quick-reference table ────────────────────────────────────────────────
+-- Compact: { id, cvss, vendor_pat, desc, xpl_module, check_fn_name }
+_M.CVE_DB = {
+  -- HP
+  { id="CVE-2025-26506", cvss=9.8, sev=_M.SEV.CRITICAL, vendor="HP",
+    desc="HP LaserJet/OfficeJet Enterprise PostScript RCE — unauthenticated RCE via malformed PS job",
+    xpl="xpl/edb-cve-2025-26506", port=9100 },
+  { id="CVE-2023-6018",  cvss=9.8, sev=_M.SEV.CRITICAL, vendor="HP",
+    desc="HP LaserJet Enterprise firmware auth bypass — arbitrary firmware upload",
+    xpl="xpl/research/research-hp-fw-bypass", port=443 },
+  { id="CVE-2023-1707",  cvss=9.1, sev=_M.SEV.CRITICAL, vendor="HP",
+    desc="HP FutureSmart 5.6 scan job data disclosure when IPsec enabled",
+    xpl="xpl/research/research-hp-futuresmart-leak", port=443 },
+  { id="CVE-2017-2741",  cvss=9.8, sev=_M.SEV.CRITICAL, vendor="HP",
+    desc="HP PageWide/OfficeJet PJL path traversal to RCE",
+    xpl="xpl/edb-cve-2017-2741", port=9100 },
+  -- Canon
+  { id="CVE-2022-24673", cvss=9.8, sev=_M.SEV.CRITICAL, vendor="Canon",
+    desc="Canon imageCLASS SLP pre-auth stack buffer overflow → root RCE (ZDI-22-515)",
+    xpl="xpl/edb-cve-2022-24673", port=427 },
+  { id="CVE-2025-14235", cvss=9.8, sev=_M.SEV.CRITICAL, vendor="Canon",
+    desc="Canon imageCLASS PCL buffer overflow → RCE",
+    xpl="xpl/research/research-canon-pcl-bof", port=9100 },
+  -- Lexmark
+  { id="CVE-2023-23560", cvss=9.0, sev=_M.SEV.CRITICAL, vendor="Lexmark",
+    desc="Lexmark SSRF-to-RCE via Web Services interface (Pwn2Own Toronto 2022)",
+    xpl="xpl/edb-51928", port=80 },
+  { id="CVE-2023-50739", cvss=8.8, sev=_M.SEV.HIGH, vendor="Lexmark",
+    desc="Lexmark IPP heap buffer overflow → RCE (ZDI-CAN-22549) — 100+ models",
+    xpl="xpl/edb-cve-2023-50739", port=631 },
+  { id="CVE-2023-50733", cvss=6.5, sev=_M.SEV.MEDIUM, vendor="Lexmark",
+    desc="Lexmark EWS SSRF — printer as pivot to internal network",
+    xpl="xpl/edb-cve-2023-50733", port=80 },
+  { id="CVE-2023-26067", cvss=9.1, sev=_M.SEV.CRITICAL, vendor="Lexmark",
+    desc="Lexmark post-auth RCE via device configuration API",
+    xpl="xpl/edb-cve-2023-26067", port=80 },
+  -- Xerox
+  { id="CVE-2024-6333",  cvss=8.1, sev=_M.SEV.HIGH, vendor="Xerox",
+    desc="Xerox VersaLink OS command injection — authenticated RCE",
+    xpl="xpl/edb-cve-2024-6333", port=80 },
+  { id="CVE-2021-27508", cvss=8.0, sev=_M.SEV.HIGH, vendor="Xerox",
+    desc="Xerox WorkCentre 78xx OS command injection via clone_group param",
+    xpl="xpl/research/research-xerox-workcentre-cmdinject", port=80 },
+  -- Ricoh
+  { id="CVE-2024-34161", cvss=8.8, sev=_M.SEV.HIGH, vendor="Ricoh",
+    desc="Ricoh MP EWS malformed HTTP → RCE",
+    xpl="xpl/research/research-ricoh-ews-rce", port=80 },
+  { id="CVE-2021-33945", cvss=7.5, sev=_M.SEV.HIGH, vendor="Ricoh",
+    desc="Ricoh SP wpa_supplicant stack overflow → DoS/RCE",
+    xpl="xpl/research/research-ricoh-wpa-bof", port=80 },
+  -- Brother
+  { id="CVE-2024-51977", cvss=7.5, sev=_M.SEV.HIGH, vendor="Brother",
+    desc="Brother serial-based admin password derivation — info disclosure",
+    xpl="xpl/research/research-brother-serial-pwd", port=80 },
+  { id="CVE-2024-51978", cvss=9.1, sev=_M.SEV.CRITICAL, vendor="Brother",
+    desc="Brother default credential auth bypass via serial derivation",
+    xpl="xpl/research/research-brother-serial-pwd", port=80 },
+  -- Sharp
+  { id="CVE-2022-45796", cvss=9.8, sev=_M.SEV.CRITICAL, vendor="Sharp",
+    desc="Sharp MX OS command injection → RCE (no auth)",
+    xpl="xpl/research/research-sharp-rce", port=80 },
+  -- Toshiba
+  { id="CVE-2024-21911", cvss=8.8, sev=_M.SEV.HIGH, vendor="Toshiba",
+    desc="Toshiba e-STUDIO TopAccess authentication bypass",
+    xpl="xpl/research/research-toshiba-auth-bypass", port=80 },
+  -- Kyocera
+  { id="CVE-2022-1026",  cvss=7.5, sev=_M.SEV.HIGH, vendor="Kyocera",
+    desc="Kyocera ECOSYS unauthenticated address book / credential dump",
+    xpl="xpl/edb-cve-2022-1026", port=9100 },
+  -- Windows Print Spooler
+  { id="CVE-2021-1675",  cvss=9.8, sev=_M.SEV.CRITICAL, vendor="Microsoft",
+    desc="PrintNightmare — Windows Print Spooler RCE/LPE (unauthenticated network)",
+    xpl="xpl/edb-50498", port=445 },
+  { id="CVE-2022-38028", cvss=7.8, sev=_M.SEV.HIGH, vendor="Microsoft",
+    desc="GooseEgg — APT28 Windows Print Spooler LPE (CISA KEV)",
+    xpl="xpl/research/research-gooseegg-spooler", port=445 },
+  -- CUPS
+  { id="CVE-2024-47176", cvss=9.9, sev=_M.SEV.CRITICAL, vendor="Linux/CUPS",
+    desc="CUPS cups-browsed unauthenticated RCE chain (2024)",
+    xpl="xpl/edb-cve-2024-47176", port=631 },
+  { id="CVE-2026-34980", cvss=9.1, sev=_M.SEV.CRITICAL, vendor="Linux/CUPS",
+    desc="CUPS 2.4.16 unauthenticated RCE via PPD injection (2026)",
+    xpl="xpl/research/research-cups-chain-2026", port=631 },
+  -- HP fax
+  { id="CVE-2018-5924",  cvss=9.8, sev=_M.SEV.CRITICAL, vendor="HP",
+    desc="Faxploit — HP/Samsung fax stack overflow via malformed fax (port 9100 / PSTN)",
+    xpl="xpl/edb-cve-2018-5924", port=9100 },
+}
+
+-- ── Helper: detect vendor from banner string ──────────────────────────────────
+function _M.detect_vendor(banner)
+  if not banner then return nil, nil end
+  local b = banner:lower()
+  for _, entry in ipairs(_M.VENDOR_PATTERNS) do
+    if b:match(entry.pat) then
+      return entry.vendor, entry.family
+    end
+  end
+  return nil, nil
+end
+
+-- ── Helper: match CVEs for a detected vendor (+ optional port filter) ────────
+function _M.match_cves(vendor, port)
+  local matches = {}
+  if not vendor then return matches end
+  local v = vendor:lower()
+  for _, cve in ipairs(_M.CVE_DB) do
+    local cv = (cve.vendor or ""):lower()
+    if cv == v or cv == "generic" then
+      if (not port) or (cve.port == port) or (cve.port == 0) then
+        table.insert(matches, cve)
+      end
+    end
+  end
+  return matches
+end
+
+-- ── Helper: format a single CVE finding for nmap output ──────────────────────
+function _M.fmt_cve(cve, verdict, details)
+  local lines = {}
+  table.insert(lines, string.format("  [%s] %s (CVSS %.1f — %s)",
+    verdict, cve.id, cve.cvss, cve.sev))
+  table.insert(lines, string.format("    Description : %s", cve.desc))
+  table.insert(lines, string.format("    PrinterXPL  : printerxpl-forge run --module %s", cve.xpl))
+  table.insert(lines, string.format("    Reference   : https://nvd.nist.gov/vuln/detail/%s", cve.id))
+  if details then
+    table.insert(lines, string.format("    Evidence    : %s", details))
+  end
+  return table.concat(lines, "\n")
+end
+
+-- ── Helper: build a suggestion block when vendor is confirmed ─────────────────
+function _M.suggest_xpl(vendor, family, cves)
+  local lines = {}
+  table.insert(lines, string.format("\n  Detected: %s — %s", vendor, family or "Unknown model"))
+  table.insert(lines, "  Full exploitation available via:")
+  table.insert(lines, "    printerxpl-forge  →  pip install printerxpl-forge")
+  if vendor and vendor:lower():match("router|embedded|iot|zyxel|dlink|tplink|netgear|mikrotik") then
+    table.insert(lines, "    embedxpl-forge    →  pip install embedxpl-forge")
+  end
+  if #cves > 0 then
+    table.insert(lines, string.format("  %d matching CVE module(s) available:", #cves))
+    for _, c in ipairs(cves) do
+      table.insert(lines, string.format("    printerxpl-forge run --module %s --target <IP>", c.xpl))
+    end
+  end
+  return table.concat(lines, "\n")
+end
+
+-- ── PJL helper: build PJL command with UEL wrapper ───────────────────────────
+function _M.pjl_cmd(cmd)
+  return "\x1b%-12345X@PJL\r\n" .. cmd .. "\r\n\x1b%-12345X"
+end
+
+-- ── Verdict helper ────────────────────────────────────────────────────────────
+function _M.verdict(is_vuln, is_possible)
+  if is_vuln     then return _M.VERDICT.VULN     end
+  if is_possible then return _M.VERDICT.POSSIBLE  end
+  return _M.VERDICT.NOT_VULN
+end
+
+return _M

nse/scripts/cups-info.nse

@@ -0,0 +1,74 @@
+local ipp = require "ipp"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Lists printers managed by the CUPS printing service.
+]]
+
+---
+-- @usage
+-- nmap -p 631 <ip> --script cups-info
+--
+-- @output
+-- PORT    STATE SERVICE
+-- 631/tcp open  ipp
+-- | cups-info:
+-- |   Generic-PostScript-Printer
+-- |     DNS-SD Name: Lexmark S300-S400 Series @ ubu1110
+-- |     Location:
+-- |     Model: Local Raw Printer
+-- |     State: Processing
+-- |     Queue: 0 print jobs
+-- |   Lexmark-S300-S400-Series
+-- |     DNS-SD Name: Lexmark S300-S400 Series @ ubu1110
+-- |     Location:
+-- |     Model: Local Raw Printer
+-- |     State: Stopped
+-- |     Queue: 0 print jobs
+-- |   PDF
+-- |     DNS-SD Name: PDF @ ubu1110
+-- |     Location:
+-- |     Model: Generic CUPS-PDF Printer
+-- |     State: Idle
+-- |_    Queue: 0 print jobs
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"safe", "discovery"}
+
+
+portrule = shortport.port_or_service(631, "ipp", "tcp", "open")
+
+local verbose_states = {
+        [ipp.IPP.PrinterState.IPP_PRINTER_IDLE] = "Idle",
+        [ipp.IPP.PrinterState.IPP_PRINTER_PROCESSING] = "Processing",
+        [ipp.IPP.PrinterState.IPP_PRINTER_STOPPED] = "Stopped",
+      }
+
+action = function(host, port)
+
+  local status, printers = ipp.Helper:new(host, port):getPrinters()
+  if not status then
+    return
+  end
+
+  local output = {}
+  for _, printer in ipairs(printers) do
+    table.insert(output, {
+      name = printer.name,
+      ("DNS-SD Name: %s"):format(printer.dns_sd_name or ""),
+      ("Location: %s"):format(printer.location or ""),
+      ("Model: %s"):format(printer.model or ""),
+      ("State: %s"):format(verbose_states[printer.state] or ""),
+      ("Queue: %s print jobs"):format(tonumber(printer.queue_count) or 0),
+    } )
+  end
+
+  if ( 0 ~= #output ) then
+    return stdnse.format_output(true, output)
+  end
+end
+

nse/scripts/cups-queue-info.nse

@@ -0,0 +1,43 @@
+local ipp = require "ipp"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+
+description = [[
+Lists currently queued print jobs of the remote CUPS service grouped by
+printer.
+]]
+
+---
+-- @usage
+-- nmap -p 631 <ip> --script cups-queue-info
+--
+-- @output
+-- PORT    STATE SERVICE
+-- 631/tcp open  ipp
+-- | cups-queue-info:
+-- |   HP Laserjet
+-- |     id  time                 state  size (kb)  owner            jobname
+-- |     14  2012-04-26 22:01:19  Held   2071k      Patrik Karlsson  Print - CUPS Implementation of IPP - Documentation - CUPS
+-- |   Generic-PostScript-Printer
+-- |     id  time                 state    size (kb)  owner    jobname
+-- |     3   2012-04-16 23:25:47  Pending  11k        Unknown  Unknown
+-- |     4   2012-04-16 23:33:21  Pending  11k        Unknown  Unknown
+-- |_    11  2012-04-24 08:15:14  Pending  13k        Unknown  Unknown
+--
+
+categories = {"safe", "discovery"}
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"safe", "discovery"}
+
+
+portrule = shortport.port_or_service(631, "ipp", "tcp", "open")
+
+action = function(host, port)
+  local output = ipp.Helper:new(host, port):getQueueInfo()
+  if output then
+    return stdnse.format_output(true, output)
+  end
+end
+

nse/scripts/hp-printers-cve-2022-1026.nse

@@ -0,0 +1,121 @@
+description = [[
+Identifies HP printers using SNMP, HTTP(S), and JetDirect (PJL).
+Extracts make/model information for reliable identification.
+]]
+
+---
+-- @usage
+-- nmap -p 161,80,443,9100 --script hp-printers <target>
+--
+-- @output
+-- | hp-printers:
+-- |   Make: HP
+-- |   Model: HP LaserJet Pro M404dn
+--
+
+author = "ThreatWorx"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+local http = require "http"
+local json = require "json"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local comm = require "comm"
+local snmp = require "snmp"
+
+portrule = function(host, port)
+    -- Run if any of these ports are open
+    return port.number == 161 or port.number == 80 or port.number == 443 or port.number == 9100
+end
+
+-- SNMP
+local function try_snmp(host)
+    local ok, session = snmp.Helper:new(host, {number = 161, protocol = "udp"}, "public")
+    if not ok or not session then return nil end
+
+    local sysDescrOID = "1.3.6.1.2.1.1.1.0"
+    local hpModelOID  = "1.3.6.1.2.1.43.5.1.1.16.1"
+
+    local sysDescr = session:get(sysDescrOID)
+    local model = session:get(hpModelOID)
+
+    if sysDescr and sysDescr.value and sysDescr.value:match("HP") then
+	model = model.value or sysDescr.value
+        return model
+    end
+    return nil
+end
+
+-- HTTP(S)
+local function try_http(host, port)
+    local paths = { "/hp/device/DeviceInformation.xml", "/hp/device/this.LCDispatcher?nav=hp.DeviceInfo" }
+    for _, path in ipairs(paths) do
+        local ok, response = http.get(host, port, path)
+        if ok and response and response.body then
+            -- Try <ProductName> first
+            local model = response.body:match("<ProductName>(.-)</ProductName>")
+            if not model then
+                -- Fallback: first <dd> (used on older printer UIs)
+                model = response.body:match("<dd>(.-)</dd>")
+            end
+            if model then
+		model = model:match("^%s*(.-)%s*$")
+	        model = model:gsub("^@PJL INFO ID%s*\"?", ""):gsub("\"?$", ""):gsub("[\r\n]", "")
+                return model
+            end
+        end
+    end
+    return nil
+end
+
+-- JetDirect (PJL)
+local function try_jetdirect(host)
+    local socket = nmap.new_socket()
+    socket:set_timeout(3000)
+    local ok, err = socket:connect(host, 9100)
+    if not ok then return nil end
+    socket:send("\027%-12345X@PJL INFO ID\r\n")
+    local status, response = socket:receive_lines(1)
+    socket:close()
+
+    if status and response and response:match("HP") then
+	response = response:match("^%s*(.-)%s*$")
+	response = response:gsub("^@PJL INFO ID%s*\"?", ""):gsub("\"?$", ""):gsub("[\r\n]", "")
+        return response
+    end
+    return nil
+end
+
+-- Combined action: try all protocols
+action = function(host, port)
+    -- 1. SNMP first
+    local snmp_data = try_snmp(host)
+    if snmp_data then
+        result = stdnse.output_table()
+        result["hp printer"] = snmp_data 
+        return result
+    end
+
+    -- 2. HTTP & HTTPS
+    for _, p in ipairs({80, 443}) do
+        local http_data = try_http(host, {number=p, protocol=(p==443 and "https" or "http")})
+        if http_data then
+            result = stdnse.output_table()
+            result["hp printer"] = http_data 
+            return result
+        end
+    end
+
+    -- 3. JetDirect
+    local jet_data = try_jetdirect(host)
+    if jet_data then
+        result = stdnse.output_table()
+        result["hp printer"] = jet_data 
+        return result
+    end
+
+    return nil
+end
+
+

nse/scripts/http-device-mac.nse

@@ -0,0 +1,107 @@
+local shortport = require "shortport"
+local http = require "http"
+
+description = [[
+Get MAC address from network devices such printers and scanners
+]]
+
+---
+-- @usage
+-- nmap -sS -p 9100 --script http-device-mac <target>
+--
+-- @output
+-- |_http-device-mac: 00:01:02:03:04:AB
+-- <snip>
+--
+
+author = "Esteban Dauksis"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+portrule = shortport.http
+
+action = function(host,port)
+
+	local socket = nmap.new_socket()
+
+	socket:set_timeout(5000)
+
+	local catch = function()
+		socket:close()
+	end
+
+	local try = nmap.new_try(catch)	
+
+	-- I have identified some useful config urls
+	local answer1 = http.get(host, port, "/en/mnt/sysinfo.htm" )
+	local answer2 = http.get(host, port, "/hp/jetdirect/configpage.htm" )
+	local answer3 = http.get(host, port, "/configpage.htm" )
+	local answer4 = http.get(host, port, "/card.asp?Lang=en" )
+	local answer5 = http.get(host, port, "/cgi-bin/admin/management.cgi?_la=4")
+	local answer6 = http.get(host, port, "/web/guest/es/websys/netw/getInterface.cgi")
+	local answer7 = http.get(host, port, "/info_config_network.html?tab=Status&menu=NetConfig")
+	local answer8 = http.get(host, port, "/hp/device/info_configuration.htm")
+	local answer9 = http.get(host, port, "/start/start.htm")
+	local answer10 = http.get(host, port, "/Istatus.htm")
+	
+	if answer1.status ~= 200 
+		and answer2.status ~= 200 
+		and answer3.status ~= 200
+		and answer4.status ~= 200
+		and answer5.status ~= 200
+		and answer6.status ~= 200
+		and answer7.status ~= 200
+		and answer8.status ~= 200
+		and answer9.status ~= 200
+		and answer10.status ~= 200
+					then
+		return nil
+	end
+
+	-- Regex for each url
+	if answer1.status == 200 then
+		return answer1.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end
+
+	if answer2.status == 200 then
+		mac = answer2.body:match("%x%x%x%x%x%x%x%x%x%x%x%x")
+		return string.format("%s:%s:%s:%s:%s:%s",mac:sub(1,2),mac:sub(3,4),mac:sub(5,6),mac:sub(7,8),mac:sub(9,10),mac:sub(11,12))
+		-- return answer2.body:match("%x%x%x%x%x%x%x%x%x%x%x%x")
+	end
+
+	if answer3.status == 200 then
+		mac = answer3.body:match("%x%x%x%x%x%x%x%x%x%x%x%x")
+		return string.format("%s:%s:%s:%s:%s:%s",mac:sub(1,2),mac:sub(3,4),mac:sub(5,6),mac:sub(7,8),mac:sub(9,10),mac:sub(11,12))
+	end
+
+	if answer4.status == 200 then
+		return answer4.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end
+
+	if answer5.status == 200 then
+		return answer5.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end	
+
+	if answer6.status == 200 then
+		return answer6.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end	
+
+	if answer7.status == 200 then
+		return answer7.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end
+
+	if answer8.status == 200 then
+		mac = answer8.body:match("%x%x%x%x%x%x%x%x%x%x%x%x")
+		return string.format("%s:%s:%s:%s:%s:%s",mac:sub(1,2),mac:sub(3,4),mac:sub(5,6),mac:sub(7,8),mac:sub(9,10),mac:sub(11,12))
+	end
+
+	if answer9.status == 200 then
+		return answer9.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end
+
+	if answer10.status == 200 then
+		return answer10.body:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x")
+	end	
+
+end
+