waffl3ss

waffl3ss / PaperCut

Public

Printer exploitation framework for penetration testing. Discovers printers via PJL scanning, checks for default credentials, and extracts stored credentials through pass-back attacks and protocol-level exploits.

15
0
69% credibility
Found Mar 12, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

PaperCut scans networks for printers, tests default logins, and uses exploits to extract stored credentials like LDAP, SMTP, and SMB passwords for security testing.

How It Works

1
🚀 Launch the tool

Open the program on your computer to start hunting for weak printers on your network.

2
📁 Name your search project

Give your investigation a simple name like 'Office Scan' to keep results organized.

3
🔍 Scan the network

Tell it which office network range to check, and it quickly finds all the printers.

4
📋 Pick a printer

Choose one from the colorful list that matches a known vulnerable model.

5
Test easy login

Try the common default username and password to see if it works.

6
🎣 Grab hidden passwords

Run a clever trick that makes the printer send its stored logins to you.

🔑 View captured secrets

Celebrate as you see the usernames and passwords it revealed from its memory!

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PaperCut?

PaperCut is a Go framework for pentesting printers, scanning networks via PJL on port 9100 to find devices like Ricoh or Canon models, testing default creds, and pulling stored passwords through pass-back attacks on LDAP, SMTP, or SMB. It delivers a Metasploit-style interactive shell with tab completion, workspaces for engagements, and one-shot CLI commands—builds to a single binary for Linux, Windows, or macOS. Unlike scattered scripts on github printer scanner or papercut mf github, it centralizes exploits for thermal printer github vulns and beyond.

Why is it gaining traction?

Its hook is the polished workflow: scan a /24, search modules by vendor like "ricoh", set targets from results, and run passbacks with listener support—proxies and rate limits handle real audits. Credential storage in SQLite with `creds` views beats dumping to files, and SAFE/UNSAFE module categories guide risk. Stands out from basic github printer cfg tools by covering passback protocols natively.

Who should use this?

Pentesters hunting printer footholds in enterprise nets, where MFPs store domain LDAP/SMB creds. Red teams targeting overlooked IoT like 3d printer github setups or office fleets—skip if you're not auditing Ricoh/Konica/Sharp.

Verdict

Solid for niche printer pentests with great README and cross-builds, but 10 stars and 0.7% credibility score signal early maturity—needs community modules. Download from papercut download github, scan your lab, and star if it grabs creds.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.