add bjnp library and the scripts bjnp-discover and broadcast-bjnp-discover

commit d41a28813e4e4d26aeaab300ad30ad7c4116e37d Merge: a45e4e2 23fc8f1 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun Aug 5 20:53:04 2012 +0200 Merge branch 'master' into bjnp Conflicts: CHANGELOG commit a45e4e2fd0c2579afc8d5b162bb5484327494b72 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun Aug 5 20:44:19 2012 +0200 add bjnp library and the scripts bjnp-discover and broadcast-bjnp-discover
2026-01-04 05:39:01 +00:00 · 2012-08-05 18:55:40 +00:00
parent 36e2449a8a
commit fce517d4b8
5 changed files with 589 additions and 0 deletions
--- a/scripts/bjnp-discover.nse
+++ b/scripts/bjnp-discover.nse
@@ -0,0 +1,49 @@
+description = [[
+Retrievs printer or scanner information from a remote device supporting the
+BJNP protocol. The protocol is known to be supported by network based Canon
+devices.
+]]
+
+---
+-- @usage
+-- sudo nmap -sU -p 8611,8612 --script bjnp-discover <ip>
+--
+-- @output
+-- PORT     STATE SERVICE
+-- 8611/udp open  canon-bjnp1
+-- | bjnp-discover: 
+-- |   Manufacturer: Canon
+-- |   Model: MG5200 series
+-- |   Description: Canon MG5200 series
+-- |   Firmware version: 1.050
+-- |_  Command: BJL,BJRaster3,BSCCe,NCCe,IVEC,IVECPLI
+-- 8612/udp open  canon-bjnp2
+-- | bjnp-discover: 
+-- |   Manufacturer: Canon
+-- |   Model: MG5200 series
+-- |   Description: Canon MG5200 series
+-- |_  Command: MultiPass 2.1,IVEC
+--
+
+categories = {"safe", "discovery"}
+
+local bjnp = require("bjnp")
+local shortport = require("shortport")
+local stdnse = require("stdnse")
+
+portrule = shortport.portnumber({8611, 8612}, "udp")
+
+action = function(host, port)
+	local helper = bjnp.Helper:new(host, port)
+	if ( not(helper:connect()) ) then
+		return "\n  ERROR: Failed to connect to server"
+	end
+	local status, attrs
+	if ( port.number == 8611 ) then
+		status, attrs = helper:getPrinterIdentity()
+	else
+		status, attrs = helper:getScannerIdentity()
+	end
+	helper:close()
+	return stdnse.format_output(true, attrs)
+end
--- a/scripts/broadcast-bjnp-discover.nse
+++ b/scripts/broadcast-bjnp-discover.nse
@@ -0,0 +1,172 @@
+description = [[
+Attempts to discover Canon devices (Printers/Scanners) supporting the BJNP
+protocol. Discovery is performed by sending BJNP Discover requests to the
+network broadcast address for both ports associated with the protocol.
+
+The script then attempts to retrieve the model, version and some additional
+information for all discovered devices.
+]]
+
+---
+-- @usage
+-- nmap --script broadcast-bjnp-discover
+--
+-- @output
+-- | broadcast-bjnp-discover: 
+-- |   192.168.0.10
+-- |     Printer
+-- |       Manufacturer: Canon
+-- |       Model: MG5200 series
+-- |       Description: Canon MG5200 series
+-- |       Firmware version: 1.050
+-- |       Command: BJL,BJRaster3,BSCCe,NCCe,IVEC,IVECPLI
+-- |     Scanner
+-- |       Manufacturer: Canon
+-- |       Model: MG5200 series
+-- |       Description: Canon MG5200 series
+-- |_      Command: MultiPass 2.1,IVEC
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"safe", "broadcast"}
+
+local bjnp = require("bjnp")
+local stdnse = require("stdnse")
+local coroutine = require("coroutine")
+local nmap = require("nmap")
+local table = require("table")
+
+local printer_port = { number = 8611, protocol = "udp"}
+local scanner_port = { number = 8612, protocol = "udp"}
+local arg_timeout  = tonumber(stdnse.get_script_args(SCRIPT_NAME .. ".timeout"))
+
+prerule = function()
+	if ( nmap.address_family() ~= 'inet' ) then
+		stdnse.print_debug("%s is IPv4 compatible only.", SCRIPT_NAME)
+		return false
+	end
+	return true
+end
+
+local function identifyDevices(devices, devtype)
+	local result
+	local port = ( "printers" == devtype and printer_port or scanner_port )
+	for _, ip in ipairs(devices or {}) do
+		local helper = bjnp.Helper:new({ ip = ip }, port)
+		if ( helper:connect() ) then
+			local status, attrs
+			if ( "printers" == devtype ) then
+				status, attrs = helper:getPrinterIdentity()
+			end
+			if ( "scanners" == devtype ) then
+				status, attrs = helper:getScannerIdentity()
+			end
+			if ( status ) then
+				result = result or {}
+				result[ip] = attrs
+			end
+		end
+		helper:close()
+	end
+	return result
+end
+
+local function identifyScanners(scanners)
+	return identifyDevices(scanners, "scanners")	
+end
+
+local function identifyPrinters(printers)
+	return identifyDevices(printers, "printers")
+end
+
+local function getKeys(devices)
+	local dupes = {}
+	local function iter()
+		for k, _ in pairs(devices) do
+			for k2, _ in pairs(devices[k]) do
+				if ( not(dupes[k2]) ) then
+					dupes[k2] = true
+					coroutine.yield(k2)
+				end
+			end
+		end
+		coroutine.yield(nil)
+	end
+	return coroutine.wrap(iter)
+end
+
+local function getPrinters(devices)
+	local condvar = nmap.condvar(devices)
+	local helper = bjnp.Helper:new( { ip = "255.255.255.255" }, printer_port, { bcast = true, timeout = arg_timeout } )
+	if ( not(helper:connect()) ) then
+		condvar "signal"
+		return
+	end
+	local status, printers = helper:discoverPrinter()
+	helper:close()
+	if ( status ) then
+		devices["printers"] = identifyPrinters(printers)
+	end
+	condvar "signal"
+end
+
+local function getScanners(devices)
+	local condvar = nmap.condvar(devices)
+	local helper = bjnp.Helper:new( { ip = "255.255.255.255" }, scanner_port, { bcast = true, timeout = arg_timeout } )
+	if ( not(helper:connect()) ) then
+		condvar "signal"
+		return
+	end
+	local status, scanners = helper:discoverScanner()
+	helper:close()
+	if ( status ) then
+		devices["scanners"] = identifyScanners(scanners)
+	end
+	condvar "signal"
+end
+
+
+action = function()
+	arg_timeout = ( arg_timeout and arg_timeout * 1000 or 5000)
+	local devices, result, threads = {}, {}, {}
+	local condvar = nmap.condvar(devices)
+
+	local co = stdnse.new_thread(getPrinters, devices)
+	threads[co] = true
+	
+	co = stdnse.new_thread(getScanners, devices)
+	threads[co] = true
+	
+	while(next(threads)) do
+		for t in pairs(threads) do
+			threads[t] = ( coroutine.status(t) ~= "dead" ) and true or nil
+		end
+		if ( next(threads) ) then
+			condvar "wait"
+		end
+	end
+	
+	for ip in getKeys(devices) do	
+		local result_part = {}
+		local printer = ( devices["printers"] and devices["printers"][ip] )
+		local scanner = ( devices["scanners"] and devices["scanners"][ip] )
+				
+		if ( printer ) then
+			printer.name = "Printer"
+			table.insert(result_part, printer)
+		end
+		if ( scanner ) then
+			scanner.name = "Scanner"
+			table.insert(result_part, scanner)
+		end
+		if ( #result_part > 0 ) then
+			result_part.name = ip
+			table.insert(result, result_part)
+		end
+	end
+	
+	if ( result ) then
+		return stdnse.format_output(true, result)
+	end
+end
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -21,8 +21,10 @@ Entry { filename = "bitcoin-getaddr.nse", categories = { "discovery", "safe", }
 Entry { filename = "bitcoin-info.nse", categories = { "discovery", "safe", } }
 Entry { filename = "bitcoinrpc-info.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "bittorrent-discovery.nse", categories = { "discovery", "safe", } }
+Entry { filename = "bjnp-discover.nse", categories = { "discovery", "safe", } }
 Entry { filename = "broadcast-ataoe-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
+Entry { filename = "broadcast-bjnp-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-db2-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-dhcp-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-dhcp6-discover.nse", categories = { "broadcast", "safe", } }