A medium interaction printer honeypot
miniprint acts like a standard networked printer that has been accidentally exposed to the public internet.
It speaks the Printer Job Language (PJL) over the raw network "protocol"
- A fully-featured virtual filesystem in which attackers can read and write files and directories - nothing gets written to the host
- Any PostScript or plaintext print jobs sent to the printer will be saved to the
uploads/
directory - Extensive (probably too much) logging
- Shodan Honeycore: 0
virtualenv venv && source ./venv/bin/activate
(optional)pip3 install -r requirements.txt
python3 ./server.py
usage: miniprint [-b,--bind HOST] [-l,--log-file FILE] [-t,--time-out TIME] [-h]
miniprint - a medium interaction printer honeypot
by Dan Salmon: @BLTjetpack, github.com/sa7mon
optional arguments:
-b, --bind <host> Bind the server to <host> (default: localhost)
-l, --log-file <file> Save all logs to <file> (default: ./miniprint.log)
-t, --timeout <time> Wait up to <time> seconds for commands before disconnecting client (default: 120)
-h, --help show this help message and exit
To interactively attack miniprint
on localhost, you can use PRET with the following command: python ./pret.py localhost pjl
Logs are generated in format: time - loglevel - method - operation - message
and are saved to miniprint.log
by default.
- Python >= 3.5
Protocol | Port | Support |
---|---|---|
Raw | 9100 | Yes |
Web | 80 | No |
IPP | 631 | No |
LPD | 515 | No |
Language | Support |
---|---|
PJL | Yes |
PML | No |
Language | Support |
---|---|
Yes | |
XPS | No |
PostScript | No |
Plaintext | Yes |
PCL | No |
- PostScript files printed that don't contain
%%EOF
at the end will cause the printer to wait indefinitely for the end of the job.
- frbexiga at BinaryEdge
- Jens Müller for the hacking-printers.net wiki