Published on January 15th, 2016 📆 | 4136 Views ⚑0
smod — MODBUS Penetration Testing Framework
smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.
SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks.
The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons:
- modbus is still widely used in power systems.
- modbus/TCP is simple and easy to implement.
- modbus protocol libraries are freely available for utilities to implement smart grid applications.
You can use this tool to vulnerability assessment a modbus protocol.
root@kali:~/smod# python smod.py _______ < SMOD > ------- \ ^__^ \ (xx)\_______ (__)\ )\/\ U ||----w | SMOD >help Command Description ------- ----------- back Move back from the current context exit Exit the console exploit Run module help Help menu show Displays modules of a given type, or all modules set Sets a variable to a value use Selects a module by name SMOD >show modules Modules Description ------- ----------- modbus/function/readCoils Fuzzing Read Coils Function modbus/function/readDiscreteInput Fuzzing Read Discrete Inputs Function modbus/function/readHoldingRegister Fuzzing Read Holding Registers Function modbus/function/readInputRegister Fuzzing Read Input Registers Function modbus/function/writeSingleCoils Fuzzing Write Single Coil Function modbus/function/writeSingleRegister Fuzzing Write Single Register Function modbus/scanner/discover Check Modbus Protocols modbus/scanner/getfunc Enumeration Function on Modbus modbus/scanner/uid Brute Force UID SMOD >
Source && Download