enddo / Smod
Licence: gpl-2.0
MODBUS Penetration Testing Framework
Stars: ✭ 270
Labels
Projects that are alternatives of or similar to Smod
prickly-pete
A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)
Stars: ✭ 29 (-89.26%)
Mutual labels: scada
rodbus
Rust implementation of Modbus with idiomatic bindings for C, C++, .NET, and Java
Stars: ✭ 34 (-87.41%)
Mutual labels: scada
TcOpen
Application framework for industrial automation built on top of TwinCAT3 and .NET.
Stars: ✭ 187 (-30.74%)
Mutual labels: scada
iot-master
物联大师是开源免费的物联网智能网关系统,集成了标准Modbus和主流PLC等多种协议,支持数据采集、公式计算、定时控制、自动控制、异常报警、流量监控、Web组态、远程调试等功能,适用于大部分物联网和工业互联网应用场景。
Stars: ✭ 119 (-55.93%)
Mutual labels: scada
wtphm
SCADA data pre-processing library for prognostics, health management and fault detection of wind turbines. Successor to https://github.com/lkev/wt-fdd
Stars: ✭ 38 (-85.93%)
Mutual labels: scada
CyberICS.github.io
News and publication on cybersecurity in industry
Stars: ✭ 29 (-89.26%)
Mutual labels: scada
Industrial-Security-Auditing-Framework
ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.
Stars: ✭ 43 (-84.07%)
Mutual labels: scada
freeioe
FreeIOE is a framework for building IOE (Internet Of Everything) edge-computing gateway 开源的边缘计算网关框架. 讨论群: 291292378
Stars: ✭ 77 (-71.48%)
Mutual labels: scada
SVG-SCADA
Windows 10 Stand-Alone Application: Create SVG SCADA Drawings
Stars: ✭ 30 (-88.89%)
Mutual labels: scada
HVACScanner
Locates Honeywell/Tridium/Niagara HVAC JACEs/Controllers via HTTP fingerprints/strings. Very handy for vulnerability/pentesting.
Stars: ✭ 26 (-90.37%)
Mutual labels: scada
QSimpleScada
Qt based simple SCADA framework, with dashboard, static and dynamic components
Stars: ✭ 152 (-43.7%)
Mutual labels: scada
Fuxa
Web-based Process Visualization (SCADA/HMI/Dashboard) software
Stars: ✭ 262 (-2.96%)
Mutual labels: scada
kotori
A flexible data historian based on InfluxDB, Grafana, MQTT and more. Free, open, simple.
Stars: ✭ 73 (-72.96%)
Mutual labels: scada
#smod smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.
Feel free to make pull requests, if there's anything you feel we could do better.
##Summery SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks.
The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons:
- modbus is still widely used in power systems.
- modbus/TCP is simple and easy to implement.
- modbus protocol libraries are freely available for utilities to implement smart grid applications.
You can use this tool to vulnerability assessment a modbus protocol.
##Demo Just a little demo showing off the basics
[email protected]:~/smod# python smod.py
_______
< SMOD >
-------
\ ^__^
\ (xx)\_______
(__)\ )\/\
U ||----w |
|| ||
--=[MODBUS Penetration Test FrameWork
--+--=[Version : 1.0.4
--+--=[Modules : 23
--+--=[Coder : Farzin Enddo
--=[github : www.github.com/enddo
SMOD >help
Command Description
------- -----------
back Move back from the current context
exit Exit the console
exploit Run module
help Help menu
show Displays modules of a given type, or all modules
set Sets a variable to a value
use Selects a module by name
SMOD >show modules
Modules Description
------- -----------
modbus/dos/arp DOS with Arp Poisoning
modbus/dos/galilRIO DOS Galil RIO-47100
modbus/dos/writeAllCoils DOS With Write All Coils
modbus/dos/writeAllRegister DOS With Write All Register Function
modbus/dos/writeSingleCoils DOS With Write Single Coil Function
modbus/dos/writeSingleRegister DOS Write Single Register Function
modbus/function/fuzzing Fuzzing Modbus Functions
modbus/function/readCoils Fuzzing Read Coils Function
modbus/function/readCoilsException Fuzzing Read Coils Exception Function
modbus/function/readDiscreteInput Fuzzing Read Discrete Inputs Function
modbus/function/readDiscreteInputException Fuzzing Read Discrete Inputs Exception Function
modbus/function/readExceptionStatus Fuzzing Read Exception Status Function
modbus/function/readHoldingRegister Fuzzing Read Holding Registers Function
modbus/function/readHoldingRegisterException Fuzzing Read Holding Registers Exception Function
modbus/function/readInputRegister Fuzzing Read Input Registers Function
modbus/function/readInputRegisterException Fuzzing Read Input Registers Exception Function
modbus/function/writeSingleCoils Fuzzing Write Single Coil Function
modbus/function/writeSingleRegister Fuzzing Write Single Register Function
modbus/scanner/arpWatcher ARP Watcher
modbus/scanner/discover Check Modbus Protocols
modbus/scanner/getfunc Enumeration Function on Modbus
modbus/scanner/uid Brute Force UID
modbus/sniff/arp Arp Poisoning
SMOD >
Brute Force Modbus UID
SMOD >use modbus/scanner/uid
SMOD modbus(uid) >show options
Name Current Setting Required Description
---- --------------- -------- -----------
Function 1 False Function code, Defualt:Read Coils.
Output True False The stdout save in output directory
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
Threads 1 False The number of concurrent threads
SMOD modbus(uid) >set RHOSTS 192.168.1.6
SMOD modbus(uid) >exploit
[+] Module Brute Force UID Start
[+] Start Brute Force UID on : 192.168.1.6
[+] UID on 192.168.1.6 is : 10
SMOD modbus(uid) >
Enumeration Function on Modbus
SMOD >use modbus/scanner/getfunc
SMOD modbus(getfunc) >show options
Name Current Setting Required Description
---- --------------- -------- -----------
Output True False The stdout save in output directory
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
Threads 1 False The number of concurrent threads
UID None True Modbus Slave UID.
SMOD modbus(getfunc) >set RHOSTS 192.168.1.6
SMOD modbus(getfunc) >set UID 10
SMOD modbus(getfunc) >exploit
[+] Module Get Function Start
[+] Looking for supported function codes on 192.168.1.6
[+] Function Code 1(Read Coils) is supported.
[+] Function Code 2(Read Discrete Inputs) is supported.
[+] Function Code 3(Read Multiple Holding Registers) is supported.
[+] Function Code 4(Read Input Registers) is supported.
[+] Function Code 5(Write Single Coil) is supported.
[+] Function Code 6(Write Single Holding Register) is supported.
[+] Function Code 7(Read Exception Status) is supported.
[+] Function Code 8(Diagnostic) is supported.
[+] Function Code 15(Write Multiple Coils) is supported.
[+] Function Code 16(Write Multiple Holding Registers) is supported.
[+] Function Code 17(Report Slave ID) is supported.
[+] Function Code 20(Read File Record) is supported.
[+] Function Code 21(Write File Record) is supported.
[+] Function Code 22(Mask Write Register) is supported.
[+] Function Code 23(Read/Write Multiple Registers) is supported.
SMOD modbus(getfunc) >
Fuzzing Read Coils Function
SMOD >use modbus/function/readCoils
SMOD modbus(readCoils) >show options
Name Current Setting Required Description
---- --------------- -------- -----------
Output True False The stdout save in output directory
Quantity 0x0001 True Registers Values.
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
StartAddr 0x0000 True Start Address.
Threads 1 False The number of concurrent threads
UID None True Modbus Slave UID.
SMOD modbus(readCoils) >set RHOSTS 192.168.1.6
SMOD modbus(readCoils) >set UID 10
SMOD modbus(readCoils) >exploit
[+] Module Read Coils Function Start
[+] Connecting to 192.168.1.6
[+] Response is :
###[ ModbusADU ]###
transId = 0x2
protoId = 0x0
len = 0x4
unitId = 0xa
###[ Read Coils Answer ]###
funcCode = 0x1
byteCount = 1L
coilStatus= [0]
SMOD modbus(readCoils) >
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].