网站首页 > 开源技术 正文
项目地址
https://github.com/enddo/smod
项目简介
基于SCADA(过程控制网络)系统从专有封闭的网络协议,近年来已经向开源解决方案和TCP / IP网络协议方向发展。这使得他们很容易面遭受传统的计算机网络相同的安全漏洞。Modbus / TCP协议就是一个这样的解决方案,他免费提供公共事业实施智能电网应用,并且被广泛应用于电力系统。
使用与安装
Smod是用python开发的,使用了scapy模块,所以基本linux/osx都能轻松跑起来
root@kali:~/smod# python smod.py
_______
< SMOD >
——-
\ ^__^
\ (xx)\_______
(__)\ )\/\
U ||—-w |
|| ||
–=[MODBUS Penetration Test FrameWork
–+–=[Version : 1.0.1
–+–=[Modules : 14
–+–=[Coder : Farzin Enddo
–=[github : www.github.com/enddo
SMOD >help
Command Description
——- ———–
back Move back from the current context
exit Exit the console
exploit Run module
help Help menu
show Displays modules of a given type, or all modules
set Sets a variable to a value
use Selects a module by name
SMOD >show modules
Modules Description
——- ———–
modbus/dos/galilRIO DOS Galil RIO-47100
modbus/dos/writeSingleCoils DOS With Write Single Coil Function
modbus/dos/writeSingleRegister DOS Write Single Register Function
modbus/function/readCoils Fuzzing Read Coils Function
modbus/function/readDiscreteInput Fuzzing Read Discrete Inputs Function
modbus/function/readExceptionStatus Fuzzing Read Exception Status Function
modbus/function/readHoldingRegister Fuzzing Read Holding Registers Function
modbus/function/readInputRegister Fuzzing Read Input Registers Function
modbus/function/writeSingleCoils Fuzzing Write Single Coil Function
modbus/function/writeSingleRegister Fuzzing Write Single Register Function
modbus/scanner/discover Check Modbus Protocols
modbus/scanner/getfunc Enumeration Function on Modbus
modbus/scanner/uid Brute Force UID
modbus/sniff/arp Arp Poisoning
SMOD >
暴力破解Modbus UID
SMOD >use modbus/scanner/uid
SMOD modbus(uid) >show options
Name Current Setting Required Description
—- ————— ——– ———–
Function 1 False Function code, Defualt:Read Coils.
Output True False The stdout save in output directory
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
Threads 1 False The number of concurrent threads
SMOD modbus(uid) >set RHOSTS 192.168.1.6
SMOD modbus(uid) >exploit
[+] Module Brute Force UID Start
[+] Start Brute Force UID on : 192.168.1.6
[+] UID on 192.168.1.6 is : 10
SMOD modbus(uid) >
枚举Modbus函数
SMOD >use modbus/scanner/getfunc
SMOD modbus(getfunc) >show options
Name Current Setting Required Description
—- ————— ——– ———–
Output True False The stdout save in output directory
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
Threads 1 False The number of concurrent threads
UID None True Modbus Slave UID.
SMOD modbus(getfunc) >set RHOSTS 192.168.1.6
SMOD modbus(getfunc) >set UID 10
SMOD modbus(getfunc) >exploit
[+] Module Get Function Start
[+] Looking for supported function codes on 192.168.1.6
[+] Function Code 1(Read Coils) is supported.
[+] Function Code 2(Read Discrete Inputs) is supported.
[+] Function Code 3(Read Multiple Holding Registers) is supported.
[+] Function Code 4(Read Input Registers) is supported.
[+] Function Code 5(Write Single Coil) is supported.
[+] Function Code 6(Write Single Holding Register) is supported.
[+] Function Code 7(Read Exception Status) is supported.
[+] Function Code 8(Diagnostic) is supported.
[+] Function Code 15(Write Multiple Coils) is supported.
[+] Function Code 16(Write Multiple Holding Registers) is supported.
[+] Function Code 17(Report Slave ID) is supported.
[+] Function Code 20(Read File Record) is supported.
[+] Function Code 21(Write File Record) is supported.
[+] Function Code 22(Mask Write Register) is supported.
[+] Function Code 23(Read/Write Multiple Registers) is supported.
SMOD modbus(getfunc) >
模糊测试读取线圈功能
SMOD >use modbus/function/readCoils
SMOD modbus(readCoils) >show options
Name Current Setting Required Description
—- ————— ——– ———–
Output True False The stdout save in output directory
Quantity 0x0001 True Registers Values.
RHOSTS True The target address range or CIDR identifier
RPORT 502 False The port number for modbus protocol
StartAddr 0x0000 True Start Address.
Threads 1 False The number of concurrent threads
UID None True Modbus Slave UID.
SMOD modbus(readCoils) >set RHOSTS 192.168.1.6
SMOD modbus(readCoils) >set UID 10
SMOD modbus(readCoils) >exploit
[+] Module Read Coils Function Start
[+] Connecting to 192.168.1.6
[+] Response is :
###[ ModbusADU ]###
transId = 0x2
protoId = 0x0
len = 0x4
unitId = 0xa
###[ Read Coils Answer ]###
funcCode = 0x1
byteCount = 1L
coilStatus= [0]
SMOD modbus(readCoils) >
猜你喜欢
- 2024-09-10 trex测试仪的使用(testo测量仪说明书)
- 2024-09-10 ARP局域网攻防浅析(局域网内arp入侵攻击怎么解决)
- 2024-09-10 重磅!GitHub发布开源负载均衡组件GLB
- 2024-09-10 用Python演示ARP攻击的过程及应对办法
- 2024-09-10 2. TCP 重置攻击的工作原理(windows 重置tcp/ip协议栈)
- 2024-09-10 2022最新70个Python练手项目,学完即可上手做项目
- 2024-09-10 用于漏洞利用开发的 Python:常见漏洞和漏洞利用
- 2024-09-10 pytbull-入侵检测/预防系统(IDS / IPS)测试框架
- 2024-09-10 黑客是怎样炼成的,黑客的常用攻击手段有哪些(一)
- 2024-09-10 黑客都用Python?学习Python的4个理由!
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- jdk (81)
- putty (66)
- rufus (78)
- 内网穿透 (89)
- okhttp (70)
- powertoys (74)
- windowsterminal (81)
- netcat (65)
- ghostscript (65)
- veracrypt (65)
- asp.netcore (70)
- wrk (67)
- aspose.words (80)
- itk (80)
- ajaxfileupload.js (66)
- sqlhelper (67)
- express.js (67)
- phpmailer (67)
- xjar (70)
- redisclient (78)
- wakeonlan (66)
- tinygo (85)
- startbbs (72)
- webftp (82)
- vsvim (79)
本文暂时没有评论,来添加一个吧(●'◡'●)