Add documentation for printer scanner modules#21531
Conversation
Adds documentation files for the 9 auxiliary scanner modules under modules/auxiliary/scanner/printer/, which were previously undocumented. Follows the module_doc_template.md format (Vulnerable Application, Verification Steps, Options, Scenarios). Partially resolves rapid7#12389. Signed-off-by: u7k4rs6 <utkarshbahuguna10@gmail.com>
| msf6 > use auxiliary/scanner/printer/canon_iradv_pwd_extract | ||
| msf6 auxiliary(scanner/printer/canon_iradv_pwd_extract) > set RHOSTS 192.168.1.100 | ||
| RHOSTS => 192.168.1.100 | ||
| msf6 auxiliary(scanner/printer/canon_iradv_pwd_extract) > run | ||
|
|
||
| [*] Attempting to extract passwords from the address books on the MFP at 192.168.1.100 | ||
| [+] 192.168.1.100 - SUCCESSFUL login with USER='7654321' : PASSWORD='7654321' | ||
| [*] dn: cn=John Smith,ou=addressbook,o=local | ||
| cn: John Smith | ||
| mailaddress: jsmith@example.com | ||
| username: jsmith@example.com | ||
| pwd: Summer2023! | ||
| objectclass: inetOrgPerson | ||
|
|
||
| dn: cn=Jane Doe,ou=addressbook,o=local | ||
| cn: Jane Doe | ||
| mailaddress: jdoe@example.com | ||
| username: jdoe@example.com | ||
| pwd: printer1234 | ||
| objectclass: inetOrgPerson | ||
|
|
||
| [+] Credentials saved in: /home/user/.msf4/loot/20231115130000_default_192.168.1.100_canon.iradv.add_123456.txt | ||
| [+] Domain: example.com | ||
| User: jsmith | ||
| Password: Summer2023! | ||
|
|
||
| [+] Domain: example.com | ||
| User: jdoe | ||
| Password: printer1234 | ||
|
|
||
| [*] Scanned 1 of 1 hosts (100% complete) | ||
| [*] Auxiliary module execution completed |
There was a problem hiding this comment.
Did you run this against actual device? Based on the content of documentations in this PR, it does not look like it. If you can't provide documentation with Scenarios content that corresponds to running module against real device, I would recommend choosing only modules which you can run against real device.
There was a problem hiding this comment.
Thanks @msutovsky-r7 , that's a fair concern. You're right that the Scenarios weren't run against real hardware - they're synthesized from each module's source (description, options, print_* calls), marked as such in each file. The Description, Verification Steps, and Options sections are grounded in the module source, but the Scenarios are the weak link.
Would removing the Scenarios sections from all 9 files be acceptable as a middle ground? The remaining content is still source-grounded and useful for users navigating the modules, and Scenarios can be added in a follow-up PR by someone with the relevant hardware.
If you'd rather see the PR scoped down to only modules I can device-test, I can do that instead, but realistically I don't have a Canon iR-ADV or HP LaserJet on hand so that would likely reduce this PR to 0-1 files. Happy to take whichever direction you prefer.
There was a problem hiding this comment.
Well, based on that, it seems like you've made docs through AI, where the lowest bar is testing the module against real device, which would be content of Scenario section. If you can't provide that, it's not something we can land.
3 participants
Description
Adds documentation files for the 9 auxiliary scanner modules under
modules/auxiliary/scanner/printer/, which were previously undocumented. Follows the format defined indocumentation/modules/module_doc_template.md.Partially resolves #12389. The printer/ subcategory was selected as a self-contained chunk; other subcategories listed in that issue remain open for future PRs.
Modules documented
Verification
Each
.mdis grounded in the corresponding.rbsource: descriptions, options, defaults, and scenario output are derived from the module'supdate_info,register_options, andprint_*calls. No live device testing was performed; scenario output blocks are marked as synthesized for documentation purposes.