I Know You Need New Toner

The first Shodan search that I remember people sharing like wildfire on  Twitter was for an HP LaserJet printer. In the early days of Shodan, before all the SCADA devices came to light, the majority of searches were for consumer devices such as printers, routers and webcams (the latter are still widely popular). Inspired by a cool new tool from @info_dox I decided to start crawling the Internet specifically for printers using the Printer Job Language protocol on port 9100. Obviously there aren’t as many of these devices out there as web servers, but within a few hours I had gathered enough to start analyzing the data and see what sort of cool stuff I can learn.

1. Global Map of Public Printers

To give you an idea for where these printers are located I’ve created the map below, where each red dot indicates an instance of a printer that is connected to the Internet and allows connections from anywhere in the world. The breakdown by country is:

  1. United States: 2692
  2. South Korea: 494
  3. Taiwan: 336
  4. Canada: 266
  5. Germany: 203

The surprise standouts in that list are South Korea and Taiwan, I expected the devices to follow the general distribution as for other services (i.e. United States > China > Mexico > Russia > Germany).

Global Map of Public Printers

2. Overexposed Universities

Not surprisingly Universities have a lot of printers, but they appear to be more exposed than one would anticipate. Out of the top 100 organizations running public printers, 58 of them are universities and another 4 are academic institutions. That means roughly 2/3 of all publicly exposed printers so far operate on an academic network.

Top 10 Organizations with Public Printers

The above explains why Taiwan is so high on the list of countries that have publicly available printers: the Taiwan Academic Network and its Information Center have nearly 100 printers online. It looks like they’re single-handedly putting Taiwan on the map! It’s also interesting that there are so many devices on Korea Telecom’s network, I don’t have a good explanation for that. If anybody has any explanation for why there are so many in South Korea and on Comcast, please let me know.

3. Need Toner?

An interesting side-effect of the crawling is that I can determine via Shodan which organizations are low on toner and are likely due for a refresh. Many printers advertise in their banner whether they’re running low and the user needs to order new toner. Note that no authentication is required to obtain this information. So here I present the top 10 organizations that will be needing new toner very soon 🙂

Top 10 Organizations Needing New Toner

At the time of writing the top position was shared between the University of California San Francisco and University of Pennsylvania with 4 printers needing toner each. They were narrowly followed by University of California Santa Cruz with 3 printers. There is a very long tail of organizations that need to replace the ink on 2 printers, with a total of 137 printers that need a replacement.

I will be watching these numbers develop over time (using a Google Spreadsheet), and I could theoretically also determine when the toner has been replaced which I might do in a follow-up post. Until then, enjoy the data and let me know if you discover anything interesting!



  1. MC

    My unofficial Metasploit modules (2012), never accepted 🙂

    HP LaserJet Printer File Download : http://www.nothink.org/metasploit/hp_laserjet_download.rb.txt
    HP LaserJet Printer File System Enumeration : http://www.nothink.org/metasploit/hp_laserjet_enum_fs.rb.txt
    HP LaserJet Printer Replace READY Message : http://www.nothink.org/metasploit/hp_laserjet_ready_msg.rb.txt
    HP LaserJet Printer Scanner : http://www.nothink.org/metasploit/hp_laserjet_scanner.rb.txt
    HP LaserJet Printer SNMP Enumeration : http://www.nothink.org/metasploit/snmp_enum_hp_laserjet.rb.txt

  2. Pingback: Web Enabled Printer (In)Security | CYBER ARMS - Computer Security
  3. Pingback: Getting a Remote Shell on an Android Device using Metasploit - Hedgehog Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s