The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as ‘Dead’ and will not scan it.
#TRUSTED 2b8dabb74bd1399bb4a8a145defc42563b74a06bffe9d0ad6a49a682dbc8ba44477b18b35898efb4800c53bf3ba51ba4a344d00c39a789a20d3e5380ab21182232f3b6f808337407ee712f9c35100e48f4525aa3325d833d46456ba8d38d3e8f575fa17ab90ce6834b8b85c447291563c123b8a1d8dca084e018aa9a73f0c4d725b8f9c745c8786c2c6723966fb971ee007e5326d00ef8321d90e12e88fcc4dba8af45340199791aa2b8c1078ad765b88427bb4d8213e4beb0b5f58fcc2eec21770878c187ac4b423909ffd8604b4f52f3f2a54cb9798c2c37b1d1cda5d9ca47714abd6b34d10e10074b3ee8fe7d31d19cbd56508618705acf5699d24f13f5cf24c35803c1176e009798b084dcb6aabd324c3bb4b096b5ecca67ccfed24ee7daad8f8865d44e9757dae42e5e9674a3d13ffa3207f9a7b843f4a34b57325604a1ea3166014fe8420146a2210d8b8991ebfb5978ca23f18f4f3861ad5540dc87c96d669c9042846d56a14a44fa35923b8dc0622397ca0a28f723f1a211dcc1b8e686ffd1991b374a69cb8f6386ae5701bcdef9431613b3761b12e6588fc72743092253521646fb9032c8d3792eb0c30ca7e7fb2e67a83800ecf412533908e431f8677748fe2b0ec8f403425685e28cac3a5b5e8d8b0ed0c30b61779e6893c1a75f38dd31bb954341ec7f56797a1feaef89ab7ebe6e4e90f994b3d87b058e70967e
#TRUST-RSA-SHA256 76b01d935be55fcec683e1dc352405f561d194bb0584ea8a4dc8d879c69da322cedccf0e8bc13e9e317a0142d3658a4e4d38d1adc6b1470ff9fc73cad0c94707fbe7cb0782319c1a280ddda582e83f5bd5278dd48320d852571861c85e27b7ce554e86d3f00d06aef305ffd419fb3b5cc524deb88122781ba27113eabacaad2f3f10d87869438b4997c1d376b8758c89f50cb72406d7c2eb611c6d74b3d33770d4f1e97a076244630cae4f465af14de0909bd798059eadf9a119f6572dc5443d372246a2293706591d923a1e233a59d5935eca68e4cfc325bc5533ae9fec6b404ddad5340564b5bf44bd3f4b2f3fa29d12b797ddd487f3048cd95c18d3707b9d38faf3fea17b44e9916e9741f510580d4c86e848dc4c86e7d2da1e78ae41a1cb5307bb1221966cacb32ee76c0d59b50d058d000c03415176cbc7327a0d38b17e6e2f1123809aa4673cd6b8aab84db9cdc8ff8b7eb257c0c054daf7aa658c29253874a123700cda9cf757c98c6ef78793b1c235d707685b03c21626a5800c0167ddfb596bcd1c093be9b26e91a795201cf58ed6d6f85f063b5e422e0cd460071cd2e1975515d7b4010c1e148d797377132576ce1cf5099269c89a1f2566c95df5dce90d5e00f6dca21c2759459fe030f2f6816644be554eb368fc341214134d9e4b6b1d5dd434fefb208fd9ecea349ec9bac5841a7547f68aabbca6c2c5ccc162
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(11933);
script_version("1.151");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");
script_xref(name:"IAVB", value:"0001-B-0525");
script_name(english:"Do not scan printers");
script_summary(english:"Exclude printers from scan");
script_set_attribute(attribute:"synopsis", value:
"The remote host appears to be a fragile device and will not be
scanned.");
script_set_attribute(attribute:"description", value:
"The remote host appears to be a network printer, multi-function
device, or other fragile device. Such devices often react very poorly
when scanned. To avoid problems, Nessus has marked the remote host as
'Dead' and will not scan it.");
script_set_attribute(attribute:"solution", value:
"If you are not concerned about such behavior, enable the 'Scan
Network Printers' setting under the 'Do not scan fragile devices'
advanced settings block and re-run the scan. Or if using Nessus 6,
enable 'Scan Network Printers' under 'Fragile Devices' in the Host
Discovery section and then re-run the scan.");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/12/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_SETTINGS);
# script_add_preference(name:"Exclude printers from scan", type:"checkbox", value:"no");
script_copyright(english:"This script is Copyright (C) 2003-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Settings");
# Or maybe a "scan option" family?
script_dependencies("dont_scan_settings.nasl", "fqdn_sys.nasl", "snmp_settings.nasl");
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("ftp_func.inc");
include("telnet_func.inc");
# We have to keep the old HTTP API
include("http_func.inc");
include("snmp_func.inc");
include("debug.inc");
global_var tcp_sockets;
# Make minimum timeout the same as for find_service.nasl (10 retries with 5 sec timeout each there)
var MIN_TIMEOUT = 50;
if ((!get_kb_item("Test_Plans/lcx/islocalhost_overwrite") ) && ( islocalhost() )) audit(AUDIT_LOCALHOST);
function init_tcp()
{
local_var i;
local_var soc;
local_var limit;
local_var flag;
local_var keys;
local_var timeout, e;
if ( NASL_LEVEL >= 3005 )
{
for ( i = 0 ; i < max_index(_FCT_ANON_ARGS) ; i ++ )
{
if ( ! get_port_state(_FCT_ANON_ARGS[i]) ) continue;
soc = open_sock_tcp(_FCT_ANON_ARGS[i], nonblocking:TRUE);
if ( soc ) tcp_sockets[_FCT_ANON_ARGS[i]] = soc;
}
timeout = get_read_timeout();
if (timeout < MIN_TIMEOUT)
timeout = MIN_TIMEOUT;
limit = unixtime() + timeout;
keys = keys(tcp_sockets);
while ( unixtime() < limit )
{
flag = 0;
for ( i = 0 ; i < max_index(keys) ; i ++ )
{
e = socket_ready(tcp_sockets[keys[i]]);
if ( e <= 0 ) flag ++;
if ( e < 0 )
{
close(tcp_sockets[keys[i]]);
tcp_sockets[keys[i]] = open_sock_tcp(keys[i], nonblocking:TRUE);
}
}
if ( flag == 0 ) break;
usleep(5000);
}
for ( i = 0 ; i < max_index(keys) ; i ++ )
{
if ( socket_ready(tcp_sockets[keys[i]]) <= 0 || socket_get_error(tcp_sockets[keys[i]]) != NOERR ) {
dbg::detailed_log(lvl:2, src:FUNCTION_NAME, msg:
'Unable to connect to port ' + keys[i]);
close(tcp_sockets[keys[i]]);
tcp_sockets[keys[i]] = NULL;
}
}
}
else
{
# Nessus 2.x
for ( i = 0 ; i < max_index(_FCT_ANON_ARGS) ; i ++ )
tcp_sockets[keys[i]] = open_sock_tcp(_FCT_ANON_ARGS[i]);
}
}
if ( get_kb_item("Scan/Do_Scan_Printers" ) ) exit(0, "The 'Scan/Do_Scan_Printers' KB item is set.");
var printers = [];
var i = 0;
printers[i++] = "Brother NC";
printers[i++] = "Canon LBP";
printers[i++] = "Canon iR";
printers[i++] = "Epson";
printers[i++] = "FAST-KYO-TX";
printers[i++] = "FastPort II Model MIL-P3720";
printers[i++] = "Fiery";
printers[i++] = "Generic 28C-1";
printers[i++] = "Generic 30C-1";
printers[i++] = "HP ETHERNET MULTI-ENVIRONMENT";
printers[i++] = "IBM Infoprint";
printers[i++] = "JETDIRECT";
printers[i++] = "KONICA MINOLTA bizhub ";
printers[i++] = "KYOCERA Document Solutions Printing System";
printers[i++] = "KYOCERA MITA Printing";
printers[i++] = "KYOCERA Printer";
printers[i++] = "Konica IP Controller";
printers[i++] = "Lantronix EPS1";
printers[i++] = "Lantronix MSS100";
printers[i++] = "Lantronix MPS100";
printers[i++] = "LaserJet";
printers[i++] = "Lexmark";
printers[i++] = "Muratec F-";
printers[i++] = "Muratec MFX-";
printers[i++] = "NetQue";
printers[i++] = "Network Printer";
printers[i++] = "OKI OkiLAN";
printers[i++] = "PrintNet Enterprise";
printers[i++] = "Printek Network Interface";
printers[i++] = "RICOH Network Printer";
printers[i++] = "Samsung 9330";
printers[i++] = "TGNet";
printers[i++] = "TOSHIBA e-STUDIO";
printers[i++] = "TallyGenicom";
printers[i++] = "WorkCentre Pro";
printers[i++] = "XEROX";
printers[i++] = "ZebraNet PrintServer";
printers[i++] = "ZebraNet Wired PS";
printers[i++] = "Zebra Wired";
# Note: not a printer, but a one off fragile device
printers[i++] = "APC Web/SNMP Management Card";
printers[i++] = "Integrated PrintNet Enterprise Version";
# A manageable switch
printers[i++] = "DGS-1210-48";
i = 0;
var oids = [];
oids[i++] = "1.3.6.1.2.1.1.1.0"; # sysDescr.0
oids[i++] = "1.3.6.1.2.1.1.4.0"; # sysContact.0
printers_re = make_array();
printers_re["^AXIS ([0-9][^ ]+) Network Print Server"] = "an AXIS $1 Printer";
printers_re["^Canon Network Multi-PDL Printer Board.*"] = "a Canon Network Multi-PDL Printer Board";
printers_re["^Canon (MF[0-9][^ ]+) Series"] = "a Canon $1 Series Printer";
printers_re["^MF series printer"] = "a Canon MF Series Printer";
printers_re["(Dell (Color )?Laser Printer)"] = "a $1";
printers_re["^(Dell [0-9]+(cn?|cdn|cnw))[; ].+Engine"] = "a $1 Color Laser Printer";
printers_re["^(Dell [0-9]+dn?)[; ].+Engine"] = "a $1 Laser Printer";
printers_re["^D-Link (DP-[0-9][^ ]+) Print Server"] = "a D-Link $1 print server";
printers_re["^KYOCERA .*(MFP|Print(er|ing))"] = "a KYOCERA printer";
printers_re["^Panasonic (DP-[A-Z0-9]+)"] = "a Panasonic $1 Digital Imaging System";
printers_re["^Samsung ((CL[PX]|ML|SCX)-[0-9][0-9_]+)( Series|; OS )"] = "a Samsung $1 Series Printer";
printers_re["^SHARP ((AR|MX)-[^ ]+)$"] = "a Sharp $1 Printer";
printers_re["^Thermal Label Printer Intermec ((EasyCoder )?\S+)"] = "an Intermec $1 Printer";
sysobjids = make_array();
sysobjids["1.3.6.1.4.1.11.2.3.9.1"] = "an HP JetDirect printer";
sysobjids["1.3.6.1.4.1.11.2.3.9.2"] = "an HP plotter";
sysobjids["1.3.6.1.4.1.11.2.3.9.4"] = "an HP LaserJet printer";
sysobjids["1.3.6.1.4.1.171.11.10.1"] = "a D-Link print server";
sysobjids["1.3.6.1.4.1.236.11.5.1"] = "a Dell or Samsung printer";
sysobjids["1.3.6.1.4.1.4322.1.1"] = "a Muratec printer";
sysobjids["1.3.6.1.4.1.1347.41"] = " a KYOCERA printer";
sysobjids["1.3.6.1.4.1.10642.1.1"] = "a Zebra Printer";
community = get_kb_item("SNMP/community");
port = get_kb_item("SNMP/port");
if ( community && port )
{
soc = open_sock_udp (port);
if ( soc )
{
foreach oid ( oids )
{
desc = snmp_request(socket:soc, community:community, oid:oid);
if ( desc )
{
foreach printer (printers)
{
if ( tolower(printer) >< tolower(desc) )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nSNMP reports it as ' + printer + '.\n');
exit(0);
}
}
foreach regex (keys(printers_re))
{
match = pregmatch(pattern:regex, string:desc);
if ( match )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
name = printers_re[regex];
if ("$1" >< name && match[1])
name = str_replace(find:"$1", replace:match[1], string:name);
security_note(port: 0, extra:'\nSNMP reports it as ' + name + '.\n');
exit(0);
}
}
}
}
# Check sysObjectID (1.3.6.1.2.1.1.2.0)
desc = snmp_request(socket:soc, community:community, oid:"1.3.6.1.2.1.1.2.0");
if ( desc )
{
foreach sysobjid (keys(sysobjids))
{
if ( sysobjid == desc )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nSNMP reports it as ' + sysobjids[sysobjid] + '.\n');
exit(0);
}
}
}
close(soc);
}
}
# First try UDP AppSocket
port = 9101;
if (get_udp_port_state(port))
{
soc = open_sock_udp(port);
if ( soc )
{
send(socket: soc, data: '\r\n');
r = recv(socket: soc, length: 512);
if (r)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('UDP AppSocket on port ', port, '\n');
security_note(port: 0, extra:'\nUDP AppSocket on port ' + port + '.\n');
exit(0);
}
}
}
# Next, BJNP
port = 8611;
if (get_udp_port_state(port))
{
soc = open_sock_udp(port);
if ( soc )
{
r = 'BJNP' +
raw_string(0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
send(socket:soc, data:r);
r = recv(socket: soc, length: 32);
if (r && 'BJNP' + raw_string(0x81, 0x01, 0x00, 0x00, 0x00, 0x01) >< r)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nA Canon-related print service (BJNP) is listening on UDP port ' + port + '.\n');
exit(0);
}
}
}
init_tcp(21, 23, 2002, 9000, 9200, 10000, 79, 80, 280, 443, 631, 7627, 9100);
port = 21;
if( tcp_sockets[port] )
{
soc = tcp_sockets[port];
banner = recv_line(socket:soc, length:4096);
dbg::detailed_log(lvl:2,msg:banner);
if("JD FTP Server Ready" >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('JD FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nJD FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 [A-Za-z0-9]+ Network Management Card AOS v",string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('APC UPS Management Card FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nAPC UPS Management Card FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 AXIS .* FTP Network Print Server .+ ready", string:banner))
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('AXIS printer FTP server on port ', port, '\n');
security_note(port:0, extra:'\nAXIS printer FTP server on port ' + port + '.\n');
exit(0);
}
else if ("220 Dell Laser Printer " >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Dell FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nDell FTP server on port ' + port + '.\n');
exit(0);
}
else if ( banner =~ "^220 Dell .* Laser" )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Dell FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nDell FTP server on port ' + port + '.\n');
exit(0);
}
else if ( pgrep(pattern:"^220 DPO-[0-9]+ FTP Server", string:banner) )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Toshiba Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nToshiba Printer FTP server on port ' + port + '.\n');
exit(0);
}
else if ( pgrep(pattern:"^220 .* Lexmark.* FTP Server", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Lexmark Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nLexmark Printer FTP server on port ' + port + '.\n');
exit(0);
}
else if ( pgrep(pattern:"^220 LANIER .* FTP server", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('LANIER Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nLANIER Printer FTP server on port ' + port + '.\n');
exit(0);
}
else if ("220 Print Server Ready." >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nGeneric printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 FS-[0-9]+(DN|MFP) FTP server", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port:0, extra:'\nKyocera FTP server on port ' + port + '.\n');
exit(0);
}
else if (
"220 KONICA MINOLTA FTP server ready" >< banner ||
"220 KONICAMINOLTA FTP server ready" >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nKonica Minolta FTP server on port ' + port + '.\n');
exit(0);
}
else if ( pgrep(pattern:"^220 RICOH .* FTP server", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('RICOH Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nRICOH Printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 SHARP (MX|AR)- .* FTP server", string:banner))
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Sharp printer FTP server on port ', port, '\n');
security_note(port:0, extra:'\nSharp printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 ZBR-[0-9]+ Version V", string:banner))
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('ZebraNet printer FTP server on port ', port, '\n');
security_note(port:0, extra:'\nZebraNet printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 +IB-[0-9]+ Ver [0-9.]+ FTP server", string:banner))
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Kyocera printer FTP server on port ', port, '\n');
security_note(port:0, extra:'\nKyocera printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 +EFI.*FTP Print server ready", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('EFI Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nEFI Printer FTP server on port ' + port + '.\n');
exit(0);
}
else if (pgrep(pattern:"^220 ECOSYS \S+ FTP server", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Kyocera Printer FTP server on port ', port, '\n');
security_note(port: 0, extra:'\nKyocera Printer FTP server on port ' + port + '.\n');
exit(0);
}
}
port = 23;
if( tcp_sockets[port] )
{
soc = tcp_sockets[port];
banner = telnet_negotiate(socket:soc);
if ("Network Printer Server Version " >< banner )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Printronix telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nPrintronix Printer telnet server on port ' + port + '.\n');
exit(0);
}
if("HP JetDirect" >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('HP JetDirect telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nHP JetDirect telnet server on port ' + port + '.\n');
exit(0);
}
if("RICOH Maintenance Shell" >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('RICOH Printer telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nRICOH Printer telnet server on port ' + port + '.\n');
exit(0);
}
if (pgrep(pattern:"SHARP (AR|MX)-.+ TELNET server", string:banner))
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Sharp printer telnet server on port ', port, '\n');
security_note(port:0, extra:'\nSharp printer telnet server on port ' + port + '.\n');
exit(0);
}
if ("Copyright (C) 2001-2002 KYOCERA MITA CORPORATION" >< banner )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Kyocera Printer telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nKyocera Printer telnet server on port ' + port + '.\n');
exit(0);
}
if ("LANIER Maintenance Shell" >< banner )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('LANIER telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nLANIER Printer telnet server on port ' + port + '.\n');
exit(0);
}
if ('\n\n\nDGS-1210-48 login: ' >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('DGS-1210-48 telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nD-Link DGS-1210-48 management interface on port ' + port + '.\n');
exit(0);
}
if (
'\r\nThis session allows you to set the TCPIP parameters for your\r\nDell Laser Printer' >< banner &&
'Network Firmware Version is' >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Dell Laser Printer telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nDell Laser Printer telnet server on port ' + port + '.\n');
exit(0);
}
if ('ZebraNet' >< banner)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('ZebraNet telnet server on port ', port, '\n');
security_note(port: 0, extra:'\nZebraNet Printer telnet management interface on port ' + port + '.\n');
exit(0);
}
}
# Xerox DocuPrint
port = 2002;
if ( get_port_state(port) )
{
soc = tcp_sockets[port];
if ( soc )
{
banner = recv(socket:soc, length:23);
if ( banner && 'Please enter a password' >< banner ) {
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nXerox DocuPrint service on port ' + port + '.\n');
exit(0);
}
}
}
# Lexmark
port = 9000;
if ( get_port_state(port) )
{
soc = tcp_sockets[port];
if ( soc )
{
send(socket:soc, data: '\r\n');
banner = recv(socket:soc, length:1024);
if (
banner &&
(
'************************************************************\r\n\r\nThis session allows you to set the TCPIP parameters for your\r\nLexmark ' >< banner
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nLexmark Telnet session on port ' + port + '.\n');
exit(0);
}
}
}
# Dell laser printers (5310n at least).
port = 9200;
if (get_port_state(port))
{
soc = tcp_sockets[port];
if (soc)
{
banner = recv(socket:soc, length:48, min:31);
if (banner)
{
if (
stridx(banner, raw_string(0x00, 0x00, 0x00, 0x00, "Dell Laser Printer ")) == 1 ||
stridx(banner, raw_string(0x00, 0x00, 0x00, 0x00, "Lexmark ")) == 1
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
model = substr(banner, 5, strlen(banner) - 2);
security_note(port:0, extra:'\nA '+model+' is listening on port ' + port + ' for raw\nconnections.\n');
exit(0);
}
else if (stridx(banner, raw_string(0x00, 0x00, 0x00, 0x00, "ML-1630 Series")) == 1)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port:0, extra:'\nPrint Server Identification service on port ' + port + ' (Samsung laser printer).\n');
exit(0);
}
}
}
}
# Lexmark
port = 10000;
if ( get_port_state(port) )
{
soc = tcp_sockets[port];
if ( soc )
{
banner = recv(socket:soc, length:16);
if (banner && banner == 'LXK: ')
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nLexmark NDMP service on port ' + port + '.\n');
exit(0);
}
}
}
# Lexmark Optra returns on finger port:
# Parallel port 1
# Printer Type: Lexmark Optra LaserPrinter
# Print Job Status: No Job Currently Active
# Printer Status: 0 Ready
port = 79;
if (get_port_state(port))
{
soc = tcp_sockets[port];
if (soc)
{
banner = recv(socket:soc, length: 512);
if (strlen(banner) == 0)
{
send(socket: soc, data: 'HELP\r\n');
banner = recv(socket:soc, length: 512);
}
if (banner && 'printer type:' >< tolower(banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nProbable Lexmark printer service on port ' + port + '.\n');
exit(0);
}
}
}
dlink_html1 =
'<html>
<title>Login</title>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<link rel=stylesheet href="/login_css.css" type="text/css" >
<style type="text/css">
<!--
.portSel { width:145; font-family: Arial}
-->';
dlink_html2 =
'</head>
<body onload=\'document.formLogin.Password.focus();\'>
<script language="Javascript">
if(window.screen.width == 1280){
document.write("<div name=tabBigTitleLogin id=tabBigTitleLogin class=tabBigTitleLogin style=\'left:500;\'>");
}else {
document.write("<div name=tabBigTitleLogin id=tabBigTitleLogin class=tabBigTitleLogin>");
}
document.write("<table><tr><div class=imgBigTitle><td valign=top noWrap> <font class=tdBigTitle>Connect to "+deviceIP+"</font>");
</script>
<img name=imgBigTitleLogin id=imgBigTitleLogin class=imgBigTitleLogin src=\'/lightblue.jpg\'>
<img name=imgBigTitleLoginKey id=imgBigTitleLoginKey class=imgBigTitleLoginKey src=\'/login_key.jpg\'></td></div></tr>
</table></div>
<form name=formLogin id=formLogin method=post action="/" target=\'_top\'>
<table name=tabLoginContent id=tabLoginContent class=tabLoginContent>
<tr><td colspan=2>Enter your password</td>
<tr><td colspan=2> </td>
<tr><td width=100>Password</td>
<td><input class=flatL type="password" name="Password" id=Password maxlength=20></td>' ;
# Patch by Laurent Facq
ports = make_list(80, 280, 443, 631, 7627);
foreach port (ports)
{
if(get_port_state(port))
{
soc = tcp_sockets[port];
if (!get_kb_item("Test_Plans/lcx/islocalhost_overwrite") && !soc ) continue;
send(socket:soc, data:'GET / HTTP/1.1\r\nHost: ' + get_host_name() + '\r\n\r\n');
banner = http_recv(socket:soc);
if(empty_or_null(banner)) continue;
# Check to see if the device redirected us to another page, and follow
if ( "301 Moved Permanently" >< banner ||
"302 Found" >< banner
)
{
goHere = pregmatch(pattern:"Location[ \t]*:[ \t]*([^\r\n]*)($|[\r\n]+)", string:banner);
if(empty_or_null(goHere)) continue;
goHereNow = goHere[1];
send(socket:soc, data:'GET ' + goHereNow + ' HTTP/1.1\r\nHost: ' + get_host_name() + '\r\n\r\n');
banner = http_recv(socket:soc);
}
if(
"Dell Laser Printer " >< banner ||
(
"Server: EWS-NIC4/" >< banner &&
"Dell MFP Laser" >< banner
) ||
(
"<title>Dell Laser MFP</title>" >< banner &&
"//GXI_FAX_INSTALL" >< banner
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Dell printer-related web server on port ', port, '\n');
security_note(port: 0, extra:'\nDell printer-related web server on port '+ port + '.\n');
exit(0);
}
else if (
# eg,
# Server: EWS-NIC4/11.68
# ...
# <title>DocuPrint C3290 FS - FX80FE5E</title>
"Server: EWS-NIC4/" >< banner &&
"<title>DocuPrint " >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A DocuPrint-related web server is listening on port ', port, '.\n');
security_note(port: 0, extra:'\nA DocuPrint-related web server is listening on port '+ port + '.\n');
exit(0);
}
else if (
banner &&
"SERVER: EPSON_Linux UPnP" >< banner &&
"<title>Epson Stylus" >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('An Epson-related web server on port ', port, '\n');
security_note(port: 0, extra:'\nAn Epson related web server on port '+ port + '.\n');
exit(0);
}
else if (
banner &&
(
"<title>Integrated PrintNet Enterprise Home Page</title>" >< banner ||
(
'COT Interface Adapter System 2' >< banner &&
'<tr><td><a href="STATUS"><img src="btn_play.gif" alt="Execute" border="0"></a></td><td>Status page</td></tr>' >< banner
)
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Printronix related web server on port ', port, '\n');
security_note(port: 0, extra:'\nPrintronix related web server on port '+ port + '.\n');
exit(0);
}
else if (banner &&
'WWW-Authenticate: Basic realm="APC Management Card"' >< banner &&
pgrep(pattern:"^Server: Allegro-Software-RomPager/", string:banner))
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('APC UPS Management Card on port ', port, '\n');
security_note(port: 0, extra:'\nAPC UPS Management Card on port '+ port+ '.\n');
exit(0);
}
else if (
(
"Server: $ProjectRevision: " >< banner &&
'<title>HP LaserJet' &&
'<td><div class="mastheadPhoto"><img src="/Images/masthead.jpg" alt="Printer Cartridges">'
) ||
("<title>Hewlett Packard</title>" >< banner) ||
pgrep(pattern:"<title>.*LaserJet.*</title>", string:banner, icase:TRUE) ||
("SERVER: HP-ChaiSOE/" >< banner) ||
("Server: HP-ChaiSOE/" >< banner) ||
("Server: HP-ChaiServer/" >< banner) ||
(
"Server: Virata-EmWeb/" >< banner &&
(
"<title> HP Color LaserJet " >< banner ||
"<title>HP Photosmart" >< banner ||
"window.top.location.href='./index.htm?cat=info&page=printerInfo'" >< banner ||
(
"document.writeln('"+'<frame src="" name="PhoneHome"' >< banner &&
'At the middle is <a href="index_top_2.htm"> Tabs Frame.</a><br />' >< banner
)
)
) ||
(
(
"SERVER: HP-ChaiSOE/" >< banner ||
"Server: HP-ChaiSOE/" >< banner
) &&
"/hp/device/this.LCDispatcher" >< banner
) ||
("Server: HP_Compact_Server" >< banner) ||
("HP HTTP Server" >< banner && banner =~ "HP (Design|Office)jet")
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('HP printer-related web server on port ', port, '\n');
security_note(port: 0, extra:'\nHP printer-related web server on port '+ port+ '.\n');
exit(0);
}
else if (
banner &&
(
"Server: Xerox_MicroServer/Xerox" >< banner ||
("Server: Webserver" >< banner && "XEROX WORKCENTRE" >< banner) ||
("Server: Apache" >< banner && "XEROX WORKCENTRE" >< banner && "function SyncTreeToThisUrl" >< banner) ||
"Fuji Xerox Co., Ltd. All Rights Reserved. -->" >< banner ||
(
"Server: Allegro-Software-RomPager/" >< banner &&
'<meta content="printer; embedded web server' >< banner &&
"Model=ColorQube" >< banner &&
"XEROX CORPORATION" >< banner
)
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Xerox web server on port ', port, '\n');
security_note(port: 0, extra:'\nXerox web server on port ' + port + '.\n');
exit(0);
}
else if (
banner &&
(
(
"Server: Rapid Logic/" >< banner &&
"EqualLogic Group Manager" >!< banner &&
"com.equallogic.eqlgroupmgr.EqlGroupMgrApplet" >!< banner
) ||
("Server: Virata-EmWeb" >< banner && report_paranoia > 1)
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('HP printer: Rapid-Logic / Virata-EmWeb on port ', port, '\n');
security_note(port: 0, extra:'\nHP printer: Rapid-Logic / Virata-EmWeb on port ' + port + '.\n');
exit(0);
}
else if(banner && "Fiery" >< banner )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('Fiery WebTools on port ', port, '\n');
security_note(port: 0, extra:'\nFiery WebTools on port ' + port + '.\n');
exit(0);
}
else if (banner && "Server: Web-Server/" >< banner)
{
if (
(
"<title>Web Image Monitor" >< banner &&
'location.href="/web/guest/en/websys/webArch/mainFrame.cgi' >< banner
) ||
(
'<FRAME SRC="/en/top_head.cgi" NAME="header"' >< banner &&
'<FRAME SRC="/en/top_main.cgi" NAME="mainmenu"' >< banner
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('RICOH web server on port ', port, '\n');
security_note(port: 0, extra:'\nRicoh web server on port ' + port + '.\n');
exit(0);
}
}
else if ( '\nServer:' >!< banner && dlink_html1 >< banner && dlink_html2 >< banner )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('D-Link web server on port ', port, '\n');
security_note(port: 0, extra:'\nD-Link web server on port ' + port + '.\n');
exit(0);
}
else if (
(
"Server: KM-MFP-http/V" >< banner &&
(
"<title>Kyocera Command Center" >< banner ||
'frame name=wlmframe src="/startwlm/Start_Wlm.htm"' >< banner ||
preg(pattern:"Copyright .* KYOCERA MITA Corporation", string:banner, multiline:TRUE)
)
) ||
(
"HTTP/1.1 302 Movtmp" >< banner &&
"Content-Type: text/html" >< banner &&
preg(pattern:"^Location: https://.+:443/", string:banner, multiline:TRUE)
) ||
(
"Server: JC-SHTTPD/" >< banner && preg(pattern:"<title>IB-[0-9]+</title>", string:banner, multiline:TRUE)
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Kyocera web server is listening on port ', port, '.\n');
security_note(port: 0, extra:'\nA Kyocera web server is listening on port '+ port + '.\n');
exit(0);
}
else if (
'<title class="clsTitle1">TopAccess' >< banner &&
'location.href.indexOf("?MAIN=EFILING") == -1) ? "TopAccess" : eFilingTitle' >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Toshiba e-Studio web server is listening on port ', port, '.\n');
security_note(port: 0, extra:'\nA Toshiba e-Studio web server is listening on port '+ port + '.\n');
exit(0);
}
else if (
(
'href="/sws/images/fav.ico"' >< banner &&
'function RedirectToSWS()' >< banner &&
'var debugMode = ("' >< banner
) ||
(
'<title>SyncThru Web Service</title>' >< banner &&
pgrep(pattern:'var COPYRIGHT =.+ SAMSUNG\\. All rights reserved\\.";', string:banner)
)
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Dell or Samsung SyncThru Web Service is listening on port ', port, '.\n');
security_note(port: 0, extra:'\nA Dell or Samsung SyncThru Web Service is listening on port '+ port + '.\n');
exit(0);
}
else if (
'"refresh" content="0; URL=/wcd/js_error.xml"' >< banner &&
'onload="location.replace(\'/wcd/index.html\');"' >< banner
)
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A SINDOH printer web server is listening on port ', port, '.\n');
security_note(port: 0, extra:'\nA SINDOH printer web server is listening on port '+ port + '.\n');
exit(0);
}
else if (
(
"Server: KS_HTTP/" >< banner &&
'<meta http-equiv=author content="Canon Inc."' >< banner
) ||
(
"Server: CANON HTTP Server Ver" >< banner &&
"function goto_country(){" >< banner
) ||
(
"Server: CANON HTTP Server" >< banner &&
pgrep(pattern:"[Uu][Rr][Ll]\s?=\s?.+:8000/rps/", string:banner)
)
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port:0, extra:'\nA Canon printer on port ' + port + '.\n');
exit(0);
}
else if (
'Brother MFC-' >< banner &&
('Printer Settings' >< banner ||
'Brother Industries' >< banner)
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Brother MFC printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Brother MFC printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (
'Server: KM-MFP-http/' >< banner &&
'/wlm/index.htm' >< banner
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Konica printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Konica printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (">KONICA MINOLTA PageScope Web Connection for magicolor" >< banner)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Konica Minolta printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Konica Minolta printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (
'<title>Network Print Server</title' >< banner &&
'WARNING: Contact with the print server will be lost a while, during the restart' >< banner &&
pgrep(pattern:'<td> <b>AXIS [0-9][^ ]+</b></td>', string:banner)
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('An AXIS printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nAn AXIS printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (
'Zebra Technologies' >< banner &&
pgrep(pattern:"(?i)<H3><A HREF=.*config.html.?>View Printer Configuration</A><BR>", string:banner) &&
pgrep(pattern:"(?i)<A HREF=.*control.?>Printer Controls</A><BR>", string:banner) &&
pgrep(pattern:"(?i)<H2>Printer Home Page</H2>", string:banner)
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Zebra ZTC printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Zebra ZTC printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (
'Server: Microplex em' >< banner
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('An Microplex printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Microplex printer web server is listening on port '+port+'.\n');
exit(0);
}
else if ( #Lexmark CX510
'printer/configStyle.css' >< banner &&
'/cgi-bin/dynamic/printer/PrinterStatus.html' >< banner &&
pgrep(pattern:"<TITLE>Lexmark +C.510.+</TITLE>", string:banner)
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Lexmark CX510 printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Lexmark CX510 printer web server is listening on port '+port+'.\n');
exit(0);
}
else if (
'<META HTTP-EQUIV="Refresh" CONTENT="0;URL=hp/device/webAccess/index.htm"/>' >< banner &&
'<a href="hp/device/webAccess/index.htm">Home</a>' >< banner #this is all we got without sending multiple requests, see hp_designjet_web_interface_detect.nasl
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('An HP printer web server might be listening on port ', port, '.\n');
security_note(port:0, extra:'\nAn HP printer web server might be listening on port '+port+'.\n');
exit(0);
}
else if (
'<TITLE>Print server homepage</TITLE>' >< banner ||
'<BODY><P>For more printserver info please open the <A HREF=' >< banner
)
{
set_kb_item(name:"Host/dead", value:TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
debug_print('A Citizen printer web server is listening on port ', port, '.\n');
security_note(port:0, extra:'\nA Citizen printer web server is listening on port '+port+'.\n');
exit(0);
}
} # get_port_state
}
port = 9100;
if (get_port_state(port))
{
soc = tcp_sockets[port];
if (soc)
{
send(socket: soc, data: '\x1b%-12345X@PJL INFO ID\r\n\x1b%-12345X\r\n');
r = recv(socket: soc, length: 1024);
if (! isnull(r) && '@PJL INFO ID\r\n' >< r )
{
set_kb_item(name: "Host/dead", value: TRUE);
report_xml_tag(tag:'ignore_printer', value:TRUE);
security_note(port: 0, extra:'\nA PJL service is listening on port ' + port + '.\n');
exit(0);
}
}
}