printerxpl-forge 6.2.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- nse/README.md +204 -0
- nse/__init__.py +6 -0
- nse/install_nse.py +412 -0
- nse/lib/printerxpl.lua +238 -0
- nse/scripts/cups-info.nse +74 -0
- nse/scripts/cups-queue-info.nse +43 -0
- nse/scripts/hp-printers-cve-2022-1026.nse +121 -0
- nse/scripts/http-device-mac.nse +107 -0
- nse/scripts/http-hp-ilo-info.nse +121 -0
- nse/scripts/http-info-xerox-enum.nse +101 -0
- nse/scripts/http-vuln-cve2022-1026.nse +158 -0
- nse/scripts/lexmark-config.nse +89 -0
- nse/scripts/pjl-ready-message.nse +106 -0
- nse/scripts/printer-banner.nse +217 -0
- nse/scripts/printer-cups-rce.nse +189 -0
- nse/scripts/printer-cve-detect.nse +279 -0
- nse/scripts/printer-discover.nse +205 -0
- nse/scripts/printer-firmware-exposed.nse +219 -0
- nse/scripts/printer-hp-pjl.nse +192 -0
- nse/scripts/printer-http-ews.nse +293 -0
- nse/scripts/printer-ipp-info.nse +235 -0
- nse/scripts/printer-lexmark-ipp.nse +203 -0
- nse/scripts/printer-passback.nse +204 -0
- nse/scripts/printer-pjl-info.nse +146 -0
- nse/scripts/printer-printnightmare.nse +211 -0
- nse/scripts/printer-snmp-info.nse +176 -0
- nse/scripts/printer-vuln-check.nse +256 -0
- nse/scripts/snmp-device-mac.nse +93 -0
- nse/scripts/snmp-info.nse +146 -0
- nse/scripts/snmp-sysdescr.nse +70 -0
- printerxpl_forge-6.2.0.dist-info/METADATA +919 -0
- printerxpl_forge-6.2.0.dist-info/RECORD +97 -0
- printerxpl_forge-6.2.0.dist-info/WHEEL +5 -0
- printerxpl_forge-6.2.0.dist-info/entry_points.txt +4 -0
- printerxpl_forge-6.2.0.dist-info/licenses/LICENSE +21 -0
- printerxpl_forge-6.2.0.dist-info/top_level.txt +4 -0
- src/assets/fonts/gunplay.pfa +1671 -0
- src/assets/fonts/kshandwrt.pfa +315 -0
- src/assets/fonts/laksoner.pfa +2402 -0
- src/assets/fonts/paintcans.pfa +9699 -0
- src/assets/fonts/stencilod.pfa +4076 -0
- src/assets/fonts/takecover.pfa +26138 -0
- src/assets/fonts/topsecret.pfa +6652 -0
- src/assets/fonts/whoa.pfa +773 -0
- src/assets/mibs/HOST-RESOURCES-MIB +1540 -0
- src/assets/mibs/Printer-MIB +4389 -0
- src/assets/mibs/README.md +9 -0
- src/assets/mibs/SNMPv2-MIB +854 -0
- src/assets/overlays/hacker.eps +596 -0
- src/assets/overlays/smiley.eps +214 -0
- src/assets/overlays/smiley2.eps +240 -0
- src/core/attack_orchestrator.py +1025 -0
- src/core/capabilities.py +323 -0
- src/core/destructive_audit.py +430 -0
- src/core/discovery.py +488 -0
- src/core/osdetect.py +74 -0
- src/core/poly_runner.py +579 -0
- src/core/printer.py +1426 -0
- src/main.py +2134 -0
- src/modules/install_printer.py +318 -0
- src/modules/login_bruteforce.py +852 -0
- src/modules/pcl.py +506 -0
- src/modules/pjl.py +3575 -0
- src/modules/print_job.py +1290 -0
- src/modules/ps.py +1102 -0
- src/payloads/__init__.py +98 -0
- src/payloads/assets/overlays/notice.eps +9 -0
- src/protocols/__init__.py +19 -0
- src/protocols/firmware.py +738 -0
- src/protocols/ipp.py +216 -0
- src/protocols/ipp_attacks.py +609 -0
- src/protocols/lpd.py +141 -0
- src/protocols/network_map.py +1004 -0
- src/protocols/raw.py +173 -0
- src/protocols/smb.py +359 -0
- src/protocols/ssrf_pivot.py +427 -0
- src/protocols/storage.py +587 -0
- src/ui/__init__.py +6 -0
- src/ui/interactive.py +742 -0
- src/ui/spinner.py +112 -0
- src/ui/tables.py +132 -0
- src/utils/banner_grabber.py +852 -0
- src/utils/codebook.py +456 -0
- src/utils/config.py +522 -0
- src/utils/cve_loader.py +158 -0
- src/utils/default_creds.py +134 -0
- src/utils/discovery_online.py +1327 -0
- src/utils/exploit_manager.py +805 -0
- src/utils/fuzzer.py +220 -0
- src/utils/helper.py +732 -0
- src/utils/local_printers.py +307 -0
- src/utils/ml_engine.py +491 -0
- src/utils/operators.py +474 -0
- src/utils/ports.py +234 -0
- src/utils/vuln_scanner.py +823 -0
- src/utils/wordlist_loader.py +412 -0
- src/version.py +36 -0
src/protocols/lpd.py
ADDED
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# -*- coding: utf-8 -*-
|
|
3
|
+
"""
|
|
4
|
+
LPD Protocol Support for PrinterXPL-Forge
|
|
5
|
+
======================================
|
|
6
|
+
Line Printer Daemon protocol (RFC 1179) on port 515
|
|
7
|
+
|
|
8
|
+
Legacy protocol still widely supported by printers.
|
|
9
|
+
"""
|
|
10
|
+
|
|
11
|
+
# Author : Andre Henrique (@mrhenrike)
|
|
12
|
+
# GitHub : https://github.com/mrhenrike
|
|
13
|
+
# LinkedIn : https://linkedin.com/in/mrhenrike
|
|
14
|
+
# X/Twitter : https://x.com/mrhenrike
|
|
15
|
+
|
|
16
|
+
import socket
|
|
17
|
+
import time
|
|
18
|
+
|
|
19
|
+
class LPDProtocol:
|
|
20
|
+
"""
|
|
21
|
+
LPD protocol implementation (Port 515)
|
|
22
|
+
Line Printer Daemon - Legacy but still supported
|
|
23
|
+
"""
|
|
24
|
+
|
|
25
|
+
DEFAULT_PORT = 515
|
|
26
|
+
|
|
27
|
+
def __init__(self, host, port=None, timeout=30, queue="lp"):
|
|
28
|
+
self.host = host
|
|
29
|
+
self.port = port or self.DEFAULT_PORT
|
|
30
|
+
self.timeout = timeout
|
|
31
|
+
self.queue = queue # Printer queue name
|
|
32
|
+
self.sock = None
|
|
33
|
+
self.job_number = 1
|
|
34
|
+
|
|
35
|
+
def connect(self):
|
|
36
|
+
"""Establish LPD connection"""
|
|
37
|
+
try:
|
|
38
|
+
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
39
|
+
self.sock.settimeout(self.timeout)
|
|
40
|
+
self.sock.connect((self.host, self.port))
|
|
41
|
+
return True
|
|
42
|
+
except Exception as e:
|
|
43
|
+
return False
|
|
44
|
+
|
|
45
|
+
def send_control_file(self, hostname, username, filename):
|
|
46
|
+
"""Send LPD control file"""
|
|
47
|
+
control = (
|
|
48
|
+
f"H{hostname}\n"
|
|
49
|
+
f"P{username}\n"
|
|
50
|
+
f"fdfA{self.job_number:03d}{hostname}\n"
|
|
51
|
+
f"UdfA{self.job_number:03d}{hostname}\n"
|
|
52
|
+
f"N{filename}\n"
|
|
53
|
+
)
|
|
54
|
+
return control.encode()
|
|
55
|
+
|
|
56
|
+
def print_job(self, data, hostname="PrinterXPL-Forge", username="root", filename="job.txt"):
|
|
57
|
+
"""
|
|
58
|
+
Send print job via LPD protocol
|
|
59
|
+
|
|
60
|
+
LPD Protocol Format:
|
|
61
|
+
1. Receive job: \\x02<queue>\\n
|
|
62
|
+
2. Receive control file: \\x02<size> cfA<job><host>\\n
|
|
63
|
+
3. Send control file data
|
|
64
|
+
4. Receive data file: \\x03<size> dfA<job><host>\\n
|
|
65
|
+
5. Send data file
|
|
66
|
+
"""
|
|
67
|
+
if not self.sock:
|
|
68
|
+
if not self.connect():
|
|
69
|
+
raise ConnectionError("Failed to connect")
|
|
70
|
+
|
|
71
|
+
try:
|
|
72
|
+
# Step 1: Receive job command
|
|
73
|
+
cmd = f"\\x02{self.queue}\\n".encode()
|
|
74
|
+
self.sock.send(cmd)
|
|
75
|
+
response = self.sock.recv(1)
|
|
76
|
+
if response != b'\\x00':
|
|
77
|
+
raise Exception("Queue refused job")
|
|
78
|
+
|
|
79
|
+
# Step 2: Send control file
|
|
80
|
+
control_data = self.send_control_file(hostname, username, filename)
|
|
81
|
+
cmd = f"\\x02{len(control_data)} cfA{self.job_number:03d}{hostname}\\n".encode()
|
|
82
|
+
self.sock.send(cmd)
|
|
83
|
+
response = self.sock.recv(1)
|
|
84
|
+
if response != b'\\x00':
|
|
85
|
+
raise Exception("Control file refused")
|
|
86
|
+
|
|
87
|
+
self.sock.send(control_data + b'\\x00')
|
|
88
|
+
response = self.sock.recv(1)
|
|
89
|
+
|
|
90
|
+
# Step 3: Send data file
|
|
91
|
+
if isinstance(data, str):
|
|
92
|
+
data = data.encode()
|
|
93
|
+
|
|
94
|
+
cmd = f"\\x03{len(data)} dfA{self.job_number:03d}{hostname}\\n".encode()
|
|
95
|
+
self.sock.send(cmd)
|
|
96
|
+
response = self.sock.recv(1)
|
|
97
|
+
if response != b'\\x00':
|
|
98
|
+
raise Exception("Data file refused")
|
|
99
|
+
|
|
100
|
+
self.sock.send(data + b'\\x00')
|
|
101
|
+
response = self.sock.recv(1)
|
|
102
|
+
|
|
103
|
+
self.job_number += 1
|
|
104
|
+
return True
|
|
105
|
+
|
|
106
|
+
except Exception as e:
|
|
107
|
+
raise Exception(f"LPD print failed: {e}")
|
|
108
|
+
|
|
109
|
+
def get_queue_status(self):
|
|
110
|
+
"""Get printer queue status"""
|
|
111
|
+
if not self.sock:
|
|
112
|
+
if not self.connect():
|
|
113
|
+
raise ConnectionError("Failed to connect")
|
|
114
|
+
|
|
115
|
+
# Send queue status command
|
|
116
|
+
cmd = f"\\x04{self.queue}\\n".encode()
|
|
117
|
+
self.sock.send(cmd)
|
|
118
|
+
|
|
119
|
+
# Receive status
|
|
120
|
+
status = b""
|
|
121
|
+
while True:
|
|
122
|
+
chunk = self.sock.recv(1024)
|
|
123
|
+
if not chunk:
|
|
124
|
+
break
|
|
125
|
+
status += chunk
|
|
126
|
+
|
|
127
|
+
return status.decode('latin-1', errors='ignore')
|
|
128
|
+
|
|
129
|
+
def close(self):
|
|
130
|
+
"""Close LPD connection"""
|
|
131
|
+
if self.sock:
|
|
132
|
+
self.sock.close()
|
|
133
|
+
self.sock = None
|
|
134
|
+
|
|
135
|
+
def __enter__(self):
|
|
136
|
+
self.connect()
|
|
137
|
+
return self
|
|
138
|
+
|
|
139
|
+
def __exit__(self, *args):
|
|
140
|
+
self.close()
|
|
141
|
+
|