modbus-discover
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/modbus-discover.nse
Enumerates SCADA Modbus slave ids (sids) and collects their device information.
Modbus is one of the popular SCADA protocols. This script does Modbus device information disclosure. It tries to find legal sids (slave ids) of Modbus devices and to get additional information about the vendor and firmware. This script is improvement of modscan python utility written by Mark Bristow.
Information about MODBUS protocol and security issues:
- boolean value defines find all or just first sid
执行格式
nmap --script modbus-discover.nse --script-args='modbus-discover.aggressive=true' -p 502 <host>
PORT STATE SERVICE 502/tcp open modbus | modbus-discover: | Positive response for sid = 0x64 | SLAVE ID DATA: \xFA\xFFPM710PowerMeter | DEVICE IDENTIFICATION: Schneider Electric PM710 v03.110 |_ Positive error response for sid = 0x96 (GATEWAY TARGET DEVICE FAILED TO RESPONSE)
Author: Alexander Rudakov
License: VER007 整理 http://www.ver007.com