The smod from ru0ch3n

#smod smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.

##Summery SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks.

The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons:

modbus is still widely used in power systems.
modbus/TCP is simple and easy to implement.
modbus protocol libraries are freely available for utilities to implement smart grid applications.

You can use this tool to vulnerability assessment a modbus protocol.

##Demo Just a little demo showing off the basics

root@kali:~/smod# python smod.py 
 _______ 
< SMOD >
 ------- 
        \   ^__^
         \  (xx)\_______
            (__)\       )\/\
             U  ||----w |
SMOD >help
 Command  Description                                      
 -------  -----------                                      
 back     Move back from the current context               
 exit     Exit the console                                 
 exploit  Run module                                       
 help     Help menu                                        
 show     Displays modules of a given type, or all modules 
 set      Sets a variable to a value                       
 use      Selects a module by name                         
SMOD >show modules
 Modules                              Description                             
 -------                              -----------                             
 modbus/function/readCoils            Fuzzing Read Coils Function             
 modbus/function/readDiscreteInput    Fuzzing Read Discrete Inputs Function   
 modbus/function/readHoldingRegister  Fuzzing Read Holding Registers Function 
 modbus/function/readInputRegister    Fuzzing Read Input Registers Function   
 modbus/function/writeSingleCoils     Fuzzing Write Single Coil Function      
 modbus/function/writeSingleRegister  Fuzzing Write Single Register Function  
 modbus/scanner/discover              Check Modbus Protocols                  
 modbus/scanner/getfunc               Enumeration Function on Modbus           
 modbus/scanner/uid                   Brute Force UID                         
SMOD >

Brute Force Modbus UID

SMOD >use modbus/scanner/uid
SMOD modbus(uid) >show options
 Name      Current Setting  Required  Description                                 
 ----      ---------------  --------  -----------                                 
 Function  1                False     Function code, Defualt:Read Coils.          
 Output    True             False     The stdout save in output directory         
 RHOSTS                     True      The target address range or CIDR identifier 
 RPORT     502              False     The port number for modbus protocol         
 Threads   1                False     The number of concurrent threads            
SMOD modbus(uid) >set RHOSTS 192.168.1.6
SMOD modbus(uid) >exploit 
[+] Module Brute Force UID Start
[+] Start Brute Force UID on : 192.168.1.6
[+] UID on 192.168.1.6 is : 10
SMOD modbus(uid) >

Enumeration Function on Modbus

SMOD >use modbus/scanner/getfunc
SMOD modbus(getfunc) >show options
 Name     Current Setting  Required  Description                                 
 ----     ---------------  --------  -----------                                 
 Output   True             False     The stdout save in output directory         
 RHOSTS                    True      The target address range or CIDR identifier 
 RPORT    502              False     The port number for modbus protocol         
 Threads  1                False     The number of concurrent threads            
 UID      None             True      Modbus Slave UID.                           
SMOD modbus(getfunc) >set RHOSTS 192.168.1.6
SMOD modbus(getfunc) >set UID 10
SMOD modbus(getfunc) >exploit 
[+] Module Get Function Start
[+] Looking for supported function codes on 192.168.1.6
[+] Function Code 1(Read Coils) is supported.
[+] Function Code 2(Read Discrete Inputs) is supported.
[+] Function Code 3(Read Multiple Holding Registers) is supported.
[+] Function Code 4(Read Input Registers) is supported.
[+] Function Code 5(Write Single Coil) is supported.
[+] Function Code 6(Write Single Holding Register) is supported.
[+] Function Code 7(Read Exception Status) is supported.
[+] Function Code 8(Diagnostic) is supported.
[+] Function Code 15(Write Multiple Coils) is supported.
[+] Function Code 16(Write Multiple Holding Registers) is supported.
[+] Function Code 17(Report Slave ID) is supported.
[+] Function Code 20(Read File Record) is supported.
[+] Function Code 21(Write File Record) is supported.
[+] Function Code 22(Mask Write Register) is supported.
[+] Function Code 23(Read/Write Multiple Registers) is supported.
SMOD modbus(getfunc) >

ru0ch3n / smod Goto Github PK

smod's Introduction

smod's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent