Nmap Development mailing list archives
Re: pjl script updates
From: David Fifield <david () bamsoftware com>
Date: Mon, 17 Aug 2009 14:33:03 -0600
On Mon, Aug 17, 2009 at 08:13:21AM -0700, rilian4 rilian4 wrote:
Hi Aaron, sorry for the late response. Please do post the scripts to the list. For the particular purpose of printer model identification, I think the PJL queries make more sense as -sV service probes than as NSE scripts. I am curious to see the exact syntax that you used and compare it to probes that Brandon Enright has prepared.My turn to apologize for the delayed response. I have been on vacation. Attached is pjl-model.nse. It is a simple script that sends the PJL model command and displays any response.
Brandon, I would like you to comment on this script and the PJL version probes you posted in http://seclists.org/nmap-dev/2009/q1/0560.html. Aaron's query string is "@PJL INFO ID\n" while yours is "\x1b%-12345X@PJL INFO ID\x0d\x0a\x1b%-12345X\x0d\x0a". What is the difference in meaning between these? I think this particular function of PJL is a better fit for version detection than NSE, which is why I'm asking. I would like to get these probes in at least a branch so people can test them out.
Apart from the limited scope of determining the model or version number, which I think should be in nmap-service-probes, I would be interested in seeing what other information you can get from printers.I have another basic script that is not fully hashed out that returns the page count on the printer. My PJL documentation shows several other interesting possibilities as well. An Example is the INFO command which is invoked for my model script. It can display model, memory, configuration variables, page count, etc. You can send PJL commands to read the file system on the printer, if any, and monkey w/ it. You can send the ECHO command which is like a PJL ping. It sends a string to the printer and the printer is supposed to return the same string back if it is working correctly. Basically you can monkey w/ just about any setting on an HP laserjet printer through PJL(and some of the commands work on non HP printers as well) and we know NSE can send PJL so that leaves it open.
What do you think about combining all these useful functions into one script? Each query and response is pretty cheap, and we can get a lot of information at once. I'm thinking it can be like the output of smb-system-info.nse. | smb-system-info: | OS Details | |_ Microsoft Windows Server 2003 Service Pack 2 (ServerNT 5.2 build 3790) | |_ Installed on 2007-11-26 23:40:40 | |_ Registered to Ron Bowes (organization: MYCOMPANY) | |_ Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program %Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\IBM\Rational %AppScan\ | |_ Systemroot: C:\WINDOWS | |_ Page files: C:\pagefile.sys 2046 4092 (cleared at shutdown => 0) David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- pjl script updates rilian4 rilian4 (Jul 17)
- Re: pjl script updates David Fifield (Aug 03)
- Re: pjl script updates rilian4 rilian4 (Aug 17)
- Re: pjl script updates David Fifield (Aug 17)
- Re: pjl script updates Brandon Enright (Aug 17)
- Re: pjl script updates rilian4 rilian4 (Aug 17)
- Re: pjl script updates David Fifield (Aug 03)