PrinterReaper v2.5.3 - Complete Printer Penetration Testing Toolkit

Is your printer safe from the void? Find out before someone else does…

PrinterReaper v2.5.3 is the most complete printer penetration testing toolkit available, with support for all three major printer languages (PJL, PostScript, PCL) and four network protocols (RAW, LPD, IPP, SMB). Test, exploit, and secure network printers with 109 commands across 7 categories.

TL;DR: PrinterReaper is your complete toolkit for discovering and exploiting printer vulnerabilities. Connect. Scan. Exploit. Exfiltrate. Repeat.

📍 Official Website: www.uniaogeek.com.br/printer-reaper

---

🎯 What's New in v2.5.3

• 🎨 Complete PRET Assets - 8 PS fonts, 3 MIBs, 4 overlays, 5 testpages
• 📋 New Commands - assets (list bundled files), overlay_list (preview overlays)
• 🧹 Clean Repository - Removed 116+ archived files from public tracking
• 🛠️ Release Tools - release_notes.py to generate changelogs from commits
• 🚀 Startup UX - No args → extended help with quick-start and discovery
• 🔍 Discovery Flags - --discover-local and --discover-online
• 📚 Help Standardized - PS/PCL help with categories (PJL-style)
• 🧪 Test Fixtures - Real PS/PCL test pages for QA validation

---

⚡ Quick Start

Installation

# Clone repository
git clone https://github.com/mrhenrike/PrinterReaper.git
cd PrinterReaper

# Install dependencies
pip3 install -r requirements.txt

# Verify installation
python3 printer-reaper.py --version

Discover Printers

# Automatic network discovery (extended help + options)
python3 printer-reaper.py

# Local SNMP discovery
python3 printer-reaper.py --discover-local

# Online discovery (Shodan/Censys)
python3 printer-reaper.py --discover-online

# Output:
Discovered printers:
192.168.1.100    HP LaserJet 4250       uptime=10:21:49    Ready
192.168.1.105    Brother MFC-7860DW    uptime=16:31:17    Sleep

Connect and Exploit

# Auto-detect best language
python3 printer-reaper.py 192.168.1.100 auto

# Or specify language manually
python3 printer-reaper.py 192.168.1.100 pjl   # PJL mode
python3 printer-reaper.py 192.168.1.100 ps    # PostScript mode
python3 printer-reaper.py 192.168.1.100 pcl   # PCL mode

---

📋 Features

Printer Languages (3)

PJL (Printer Job Language) - 54 commands

• Complete filesystem access
• NVRAM manipulation
• Job control and capture
• Configuration backup/restore
• Lock/unlock capabilities

PostScript - 40 commands

• Dictionary enumeration
• Operator testing (400+ operators)
• Print job manipulation
• Overlay and watermarking
• File system operations

PCL (Printer Command Language) - 15 commands

• Virtual filesystem via macros
• Legacy printer support
• Basic control operations

Total: 109 commands across all languages!

---

Network Protocols (4)

Protocol	Port	Description
RAW	9100	Default (AppSocket/JetDirect)
LPD	515	Line Printer Daemon (legacy)
IPP	631	Internet Printing Protocol (modern)
SMB	445/139	Windows network printing

---

Attack Payloads (5)

• banner.ps - Print custom banner messages
• loop.ps - Infinite loop DoS attack
• erase.ps - Erase printed pages
• storm.ps - Print storm (resource exhaustion)
• exfil.ps - Data exfiltration via printing

---

📚 Command Categories

📁 Filesystem (19 commands)

ls, mkdir, find, upload, download, delete, copy, move, touch
chmod, permissions, rmdir, mirror, get, put, cat, edit, append, fuzz

ℹ️ Information (18 commands)

id, version, devices, uptime, date, pagecount, variables, printenv
network, info, scan_volumes, firmware_info, dicts, dump, known, search

⚙️ Control (16 commands)

set, display, offline, restart, reset, selftest, backup, restore
config, formfeed, copies, open, close, timeout, reconnect

🔒 Security (9 commands)

lock, unlock, disable, nvram, enumerate_operators, test_file_access
permissions, chmod

💥 Attacks (16 commands)

destroy, flood, hold, format, capture, overlay, cross, replace
hang, payload, traverse, dos_display, dos_jobs, dos_connections
exfiltrate, backdoor

🌐 Network (3 commands)

direct, execute, load

📊 Monitoring (3 commands)

pagecount, status, discover

---

💻 Usage Examples

Example 1: Network Discovery

$ python3 printer-reaper.py

Detected OS: Linux
Found 2 network(s) to scan...
Discovered printers:
192.168.1.100    HP LaserJet 4250
192.168.1.105    Brother MFC-7860DW

Example 2: File Exfiltration (PJL)

$ python3 printer-reaper.py 192.168.1.100 pjl

192.168.1.100:/> ls /etc
-  834  passwd
-  156  hosts

192.168.1.100:/> download /etc/passwd
Downloaded passwd to ./passwd

192.168.1.100:/> cat /etc/passwd
root:x:0:0:root:/root:/bin/sh

Example 3: Print Job Manipulation (PostScript)

$ python3 printer-reaper.py 192.168.1.100 ps

192.168.1.100:ps> cross "CONFIDENTIAL - DO NOT DISTRIBUTE"
Text will be added to all printed pages

192.168.1.100:ps> replace "Public" "Top Secret"
Will replace 'Public' with 'Top Secret' in all documents

Example 4: Payload Execution (PostScript)

192.168.1.100:ps> payload banner PRINTER COMPROMISED
Payload 'banner' executed

192.168.1.100:ps> payload storm 100
Payload 'storm' executed - 100 pages will print

Example 5: Virtual Filesystem (PCL)

$ python3 printer-reaper.py 192.168.1.100 pcl

192.168.1.100:pcl> put document.txt
Uploaded document.txt as macro 1000

192.168.1.100:pcl> ls
Macro  1000      1024 bytes  document.txt

192.168.1.100:pcl> get 1000
Downloaded macro 1000 to document.txt

---

🎯 Key Capabilities

Information Gathering

✅ Identify printer model and firmware
✅ Extract network configuration
✅ Dump NVRAM contents
✅ List environment variables
✅ Enumerate PostScript operators

File System Access

✅ Browse printer's file system
✅ Download configuration files
✅ Upload arbitrary files
✅ Mirror entire filesystem
✅ Path traversal testing

Configuration Control

✅ Change printer settings
✅ Backup and restore configuration
✅ Set display messages
✅ Control print parameters
✅ Modify page device settings

Security Testing

✅ Test authentication bypass
✅ Verify filesystem restrictions
✅ Check NVRAM security
✅ Test buffer overflows
✅ Path traversal attacks

Exploitation

✅ Capture print jobs
✅ Inject malicious overlays
✅ Replace text in documents
✅ Cause denial of service
✅ Execute attack payloads
✅ Physical NVRAM damage (with warning)

---

📦 Installation

Requirements

• Python 3.8 or higher
• Operating System: Linux, Windows, WSL, macOS, or BSD

Install

# Clone repository
git clone https://github.com/mrhenrike/PrinterReaper.git
cd PrinterReaper

# Install Python dependencies
pip3 install -r requirements.txt

# Install SNMP tools (optional, for discovery)
# Ubuntu/Debian
sudo apt install snmp

# macOS
brew install net-snmp

# Test installation
python3 printer-reaper.py --version

Dependencies

colorama>=0.4.6         # Terminal colors
requests>=2.31.0        # HTTP requests
urllib3>=2.0.0          # HTTP client
pysnmp>=4.4.12          # SNMP discovery (optional)

---

🔧 Usage

Command Line

usage: printer-reaper.py [-h] [-s] [-q] [-d] [-i file] [-o file]
                         [--osint] [--auto-detect] [--version]
                         target {pjl,ps,pcl,auto}

positional arguments:
  target                Printer IP address or hostname
  {pjl,ps,pcl,auto}     Printer language (PJL, PostScript, PCL, or auto)

optional arguments:
  -h, --help            show this help message and exit
  -s, --safe            Verify language support before connecting
  -q, --quiet           Suppress warnings and banner
  -d, --debug           Enter debug mode (show raw traffic)
  -i, --load file       Load and run commands from file
  -o, --log file        Log raw data sent to the target
  --osint               Check target exposure (passive OSINT)
  --auto-detect         Automatically detect supported languages
  --version             Show program version and exit

Examples

# Network discovery
python3 printer-reaper.py

# Connect with PJL
python3 printer-reaper.py 192.168.1.100 pjl

# Connect with PostScript
python3 printer-reaper.py 192.168.1.100 ps

# Connect with PCL
python3 printer-reaper.py 192.168.1.100 pcl

# Auto-detect language
python3 printer-reaper.py 192.168.1.100 auto

# Safe mode (verify support first)
python3 printer-reaper.py --safe 192.168.1.100 pjl

# Load commands from file
python3 printer-reaper.py -i commands.txt 192.168.1.100 pjl

# Debug mode
python3 printer-reaper.py --debug 192.168.1.100 ps

---

🎨 Module Comparison

Feature	PJL	PostScript	PCL
Filesystem	✅ Full	✅ Full	⚠️ Virtual
Commands	54	40	15
File Upload	✅	✅	✅
File Download	✅	✅	✅
Path Traversal	✅	✅	❌
NVRAM Access	✅	❌	❌
Job Capture	✅	✅	❌
Overlays	❌	✅	❌
Text Replace	❌	✅	❌
Lock/Unlock	✅	✅	❌
Best For	Modern HP/Brother	Advanced attacks	Legacy devices

Recommendation: Use auto mode to let PrinterReaper choose!

---

🔐 Security Features

Testing Capabilities

• Authentication Testing - Bypass, brute force, default credentials
• Filesystem Security - Access control, path traversal, permissions
• Buffer Overflow Testing - Flood attacks, input validation
• Information Disclosure - Configuration, credentials, NVRAM
• Print Job Security - Capture, manipulation, interception
• Denial of Service - Resource exhaustion, crashes, hangs

Attack Vectors

Reference Hacking Printers Wiki for comprehensive attack taxonomy:

• Denial of Service (transmission, processing, physical)
• Privilege Escalation (factory defaults, accounting bypass)
• Print Job Access (retention, manipulation)
• Information Disclosure (memory, filesystem, credentials)
• Code Execution (buffer overflows, firmware)

---

📚 Documentation

In-Shell Help

Every command has detailed help:

> help              # List all commands
> help upload       # Detailed help for specific command

GitHub Wiki

Complete documentation at: PrinterReaper Wiki

• Installation Guide
• Quick Start
• Command Reference
• PJL Commands
• PostScript Commands
• Security Testing
• Attack Vectors
• Examples
• FAQ

---

🏗️ Architecture

---

🎓 Typical Workflow

1. Discovery

./printer-reaper.py

2. Connect

./printer-reaper.py 192.168.1.100 auto

3. Reconnaissance

> id               # Identify printer
> ls               # Browse filesystem
> network          # Get network info
> variables        # List variables

4. Exploitation

> download /etc/passwd         # Exfiltrate files
> upload backdoor.ps           # Upload malicious files
> lock 12345                   # Lock control panel
> capture                      # Capture print jobs

5. Advanced (PostScript)

> enumerate_operators          # Test 400+ operators
> overlay logo.eps             # Add watermark
> cross "CONFIDENTIAL"         # Add text overlay
> replace "Public" "Secret"    # Replace content

---

⚠️ Legal Notice

IMPORTANT: PrinterReaper is intended solely for authorized security testing.

• ✅ Run only against devices you own or have written permission to test
• ❌ Unauthorized use may violate laws and regulations
• ⚖️ The authors disclaim all liability for misuse or damage

By using PrinterReaper, you accept full responsibility for your actions.

---

🌟 Why PrinterReaper?

vs PRET (Original)

Aspect	PRET	PrinterReaper v2.4.0
Languages	3	3 ✅
Protocols	1	4 ✅
PJL Commands	~40	54 (+35%) ✅
PS Commands	~30	40 (+33%) ✅
Documentation	Basic	Wiki 14 pages ✅
Help System	50%	100% ✅
Python	2.7	3.10+ ✅
Maintenance	❌ Discontinued	✅ Active
OS Support	Linux only	5 platforms ✅

Winner: PrinterReaper in 7 of 9 categories!

---

📖 Documentation

Quick Links

• GitHub Wiki - Complete documentation
• Installation Guide - Setup instructions
• Quick Start - 5-minute tutorial
• Commands Reference - All commands
• Examples - Real-world scenarios
• FAQ - Common questions

In-Shell Help

> help                    # List all commands
> help <command>          # Detailed help
> help filesystem         # Category help

---

🔬 Testing & QA

PrinterReaper v2.5.3 has been comprehensively tested:

• ✅ 37 automated tests - 100% pass rate
• ✅ All modules tested - Zero import errors
• ✅ All protocols validated - Instantiation successful
• ✅ All payloads verified - Template substitution working
• ✅ operators.py validated - 371 operators loaded
• ✅ PRET assets integrated - Fonts, overlays, MIBs, testpages

Recent Updates

v2.5.3 (Oct 2025) - Complete assets, branding, enhanced docs, production-ready
v2.5.1 (Oct 2025) - PRET assets, overlay_list, release tools, repo cleanup
v2.5.0 (Oct 2025) - Startup UX, discovery flags, fixtures, overlays
v2.4.2 (Oct 2025) - HTML Wiki for website deployment
v2.4.1 (Oct 2025) - QA tested, 100% pass rate, documentation updates
v2.4.0 (Oct 2025) - Complete toolkit: 3 languages, 4 protocols, 5 payloads

---

🛠️ Development

Project Structure

PrinterReaper/
├── printer-reaper.py         # Main executable
├── requirements.txt          # Dependencies
├── README.md                 # This file
│
├── src/                      # Source code
│   ├── main.py               # Entry point
│   ├── version.py            # Version info (2.5.0)
│   │
│   ├── core/                 # Core modules
│   │   ├── printer.py        # Base class
│   │   ├── capabilities.py   # Detection
│   │   ├── discovery.py      # SNMP scanning
│   │   └── osdetect.py       # OS detection
│   │
│   ├── modules/              # Language modules
│   │   ├── pjl.py            # PJL (54 commands)
│   │   ├── ps.py             # PostScript (40 commands)
│   │   └── pcl.py            # PCL (15 commands)
│   │
│   ├── protocols/            # Network protocols
│   │   ├── raw.py            # RAW (Port 9100)
│   │   ├── lpd.py            # LPD (Port 515)
│   │   ├── ipp.py            # IPP (Port 631)
│   │   └── smb.py            # SMB (Ports 445/139)
│   │
│   ├── payloads/             # Attack payloads
│   │   ├── banner.ps         # Banner payload
│   │   ├── loop.ps           # DoS loop
│   │   ├── erase.ps          # Page erase
│   │   ├── storm.ps          # Print storm
│   │   └── exfil.ps          # Exfiltration
│   │
│   └── utils/                # Utilities
│       ├── helper.py         # Core utilities
│       ├── codebook.py       # Error codes
│       ├── fuzzer.py         # Fuzzing vectors
│       └── operators.py      # PS operators (400+)
│
├── wiki/                     # GitHub Wiki
└── tests/                    # Test suite

---

🤝 Contributing

Contributions welcome! Please read Contributing Guide.

---

📜 License

PrinterReaper is released under the MIT License.

---

📞 Support

• Official Website: www.uniaogeek.com.br/printer-reaper
• GitHub Issues: Bug reports and feature requests
• GitHub Wiki: Complete documentation
• Blog: www.uniaogeek.com.br/blog
• Contact: X / LinkedIn @mrhenrike

---

🙏 Credits

Based On

• PRET - Original printer exploitation tool by Ruhr-Universität Bochum
• Hacking Printers Wiki - Comprehensive printer security knowledge base

Enhanced With

• Modern Python 3.10+ features
• Complete PostScript and PCL modules
• Multi-protocol support
• Professional documentation
• Attack payload system
• Enterprise-grade error handling

---

🌐 References

• Hacking Printers Wiki
• HP PJL Technical Reference
• PostScript Language Reference
• RFC 1179 - Line Printer Daemon Protocol
• RFC 2910/2911 - Internet Printing Protocol

---

⭐ Star History

If you find PrinterReaper useful, please star the repository!

---

PrinterReaper v2.5.3
Complete Printer Penetration Testing Toolkit

109 Commands | 3 Languages | 4 Protocols | 5 Payloads

Made with ❤️ for the security community

Documentation | Issues | Releases

---

Powered by União Geek

www.uniaogeek.com.br | Blog