Skip to content

Latest commit

 

History

History

protocols

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

ICS Protocols

Developed as a community asset

General / Miscellaneous Releases

AMI

BACnet

Protocol Implementation

Protocol Parsers

Fuzzing

  • Fuzzowski - partially implemented BACnet fuzzing

Bristol Standard Asynchronous Protocol (BSAP)

DNP3

Protocol Implementation

  • OpenDNP3 - Opendnp3 is the de facto reference implementation of IEEE-1815 (DNP3) provided under the Apache License.
  • pydnp3 wrapper - Python wrapper for opendnp3
  • DNP3 Simulator - Graphical DNP3 Master/Outstation simulator
  • PIFaceRTU - Opendnp3 running on a Raspberry Pi with Piface I/O board
  • LangSec DNP3 Parser - Parsing DNP3 using parser combinators in C.
  • Proxyd - TCP Proxy for testing hammer based parsers (such as the DNP3 parser above)
  • ICSNPP DNP3 for Zeek - DHS CISA DNP3 logging extensions to Zeek
  • dnp3 - rust implementation - Rust implementation of DNP3 (IEEE 1815) with idiomatic bindings for C, .NET, and Java

Traffic Generation

  • DNP3 Traffic Generation - OpenDNP3-based traffic generation that can take a profile of traffic, apply scriptable variation, and result in output of DNP3 traffic matching that profile.
  • DNP3Crafter - DNP3Crafter is a very simple Python script which use sockets to send precalculated DNP3 packets over TCP and allows you to choose the number of repetitions. It's use is designed for testing purposes.

Fuzzing

  • AEGIS Fuzzer - Aegis™ is a smart fuzzing framework for a growing number of protocols that can identify robustness and security issues in communications software before it is deployed in a production system. [commercial] Early Open Source version is mirrored here: Open-Source.
  • ICSFuzz - an PLC-side fuzzing tool for uncovering vulnerabilities in ICS control applications.

Ethercat

Ethernet/IP and CIP

  • EtherNet/IP+CIP dissector for Scapy - a Python library which can be used to interact with components of a network using ENIP (Ethernet/IP) and CIP (Common Industrial Protocol) protocols. It uses scapy to implement packet dissectors which are able to decode a part of the network traffic. These dissectors can also be used to craft packets, which allows directly communicating with the PLCs (Programmable Logic Controllers) of the network. Use case
  • Scapy implementation of DLR (Device Level Ring) protocol
  • Zeek implementation for ethernet/ip - This repository contains the necessary files in order to inspect Ethernet/IP and Common Industrial Protocol packets with Zeek.
  • CPPPO - Communications Protocol Python Parser and Originator (EtherNet/IP CIP implementation) - Cpppo is used to implement binary communications protocol parsers. The protocol’s communication elements are described in terms of state machines which change state in response to input events, collecting the data and producing output data artifacts.
  • pycomm - pycomm is a package that includes a collection of modules used to communicate with PLCs. At the moment the first module in the package is ab_comm. ab_comm is a module that contains a set of classes used to interface Rockwell PLCs using Ethernet/IP protocol. The "clx" class can be used to communicate with Compactlogix, Controllogix PLCs The "slc" can be used to communicate with Micrologix or SLC PLCs
  • pycomm3 - A Python Ethernet/IP library for communicating with Allen-Bradley PLCs.
  • pyCIP - CIP protocol implementation in Python3
  • zeek plugin enip - EthernetIP Zeek Plugin from Amazon
  • ICSNPP ENIP and CIP for Zeek - DHS CISA ENIP and CIP plugin for Zeek
  • Molex EtherNet/IP Tool - The EtherNet/IP tool (EIPTool) is a small and simple helper tool which assists to explore CIP objects of EtherNet/IP nodes, without having any EDS files. It uses the explicit messaging to read and write CIP attributes.
  • Claroty ENIP / CIP Stack Detector - EtherNet/IP & CIP Stack Detector that can help both cyber-security researchers, OT engineers, and asset owners to identify devices that are running a specific EtherNet/IP protocol stack.

Genisys

IEC 104

  • IEC Server - Software to simulate server side of systems using a telecontrol message Protocol specified in the IEC 60870-5. Original website http://area-x1.lima-city.de is down, so this has been mirrored.
  • OpenMRTS - MRTS is an attempt to create open source IEC 870-5-101/104 based components for telecontrol and supervisory systems and to become a complete solution in future.
  • QTester104 - This software implements the IEC60870-5-104 protocol (client side) for substation data acquisition and control via tcp/ip network using the QT UI Framework. It can be compiled on Linux and Windows platforms. It's possible to poll and view data from the substation system (RTU/concentrator) and also send commands.
  • lib60870 - Implements IEC 60870-5-104 protocol.

IEC 61850

Protocol Implementation

  • libIEC61850 - open source library for IEC 61850.
  • rapid61850 - Rapid-prototyping protection and control schemes with IEC 61850

Tools

  • IEDScout - IEDScout provides access to 61850-based IEDs and can simulate entire Ed. {1,2} IEDs. Specifically, IEDScout lets you look inside the IED and at its communication. All data modeled and exchanged becomes visible and accessible. Additionally, IEDScout serves numerous useful tasks, which could otherwise only be performed with dedicated engineering tools or even a functioning master station. IEDScout shows an overview representing the typical workflow of commissioning, but also provides detailed information upon request. [commercial] Free 30 day evaluation license.
  • Goose-Stalker - Goose-Stalker is a project to analyze and interact with Ethernet types associated with IEC 61850. Currently, the project is focused on Ethernet type 0x88b8 as published by the goose-IEC61850-scapy. The project has morphed significantly and the direction is to progress this even further.

Traffic Generation

  • IEC 61850 Toolchain - This toolchain aims to enable users (e.g., power grid operators) to easily create customized datasets for the validation of cybersecurity solutions for IEC 61850 communication-based substations. This toolchain processes different inputs (e.g., substation configurations, attack configurations, and simulation settings) and carries out the necessary processing steps needed for generating the customized datasets. This toolchain is basing on an open source project libIEC61850.

IEEE C37.118

Protocol Implementation

Tools

  • pyMU - Python C37.118-2011 parser
  • pyPMU - WIP Python implementation
  • PMU Connection Tester - Full fledged PMU connection tester, speaking c37.118 amongst many other synchrophasor protocols

LoRaWAN

Tools

  • chirpotle - A LoRaWAN Securiy Evaluation Framework

Modbus

Protocol Implementation

  • pyModBus - A full modbus protocol written in python.
  • Go modbus - modbus write in pure go, support rtu,ascii,tcp master library,also support tcp slave.
  • Modbus for Go - Fault-tolerant implementation of modbus protocol in Go (golang)
  • ModbusPal - ModbusPal is a MODBUS slave simulator. Its purpose is to offer an easy to use interface with the capabilities to reproduce complex and realistic MODBUS environments. Mirror available here.
  • SMOD - MODBUS Penetration Testing Framework. smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. (mirrored as original source is now gone)
  • mbtget - A simple modbus/TCP client write in pure Perl.
  • ICSNPP Modbus for Zeek - DHS CISA Modbus extensions to logging for Zeek
  • rodbus - Rust implementation of Modbus with idiomatic bindings for C, C++, .Net, and Java

Traffic Generation

  • Modbus Traffic Generation - pyModbus-based traffic generation that can take a profile of traffic, apply scriptable variation, and result in output of Modbus traffic matching that profile.

Fuzzing

  • AEGIS Fuzzer - Aegis™ is a smart fuzzing framework for a growing number of protocols that can identify robustness and security issues in communications software before it is deployed in a production system. [commercial] Early Open Source version is mirrored here: Open-Source.
  • Modbus Fuzzer - Modbus Protocol Fuzzer
  • Modbus network fuzzer - The modbus network fuzzer uses Boofuzz for the fuzzing of the protocol (By Søren Knudsen)
  • Fuzzowski - partially implemented Modbus fuzzing

Multispeak

Protocol Implementation

  • Multispeak - Implementation of multispeak protocol.
  • Simple-Mutlispeak - a simple, extendable, interface for communicating with a webservice implementing the Multispeak Standard.
  • MS-SPEAK - Multi-Speak - Secure Protocol Enterprise Access Kit. Note, check the Phase 3 branch for more current development.

OPC UA

Protocol Implementation

Tools

  • OpalOPC - An OPC UA vulnerability and misconfiguration scanner. [commercial] Free for non-commercial use.

OpenADR

Protocol Implementation / Tools

PROFINET

Protocol Implementation

  • Profinet - Python - Simple PROFINET implementation in python
  • Profinet - C - PROFINET implementation in C
  • Profinet Explorer - Simple PROFINET explorer written in C#
  • zeek plugin Profinet - PROFINET Zeek Plugin from Amazon
  • PROFINET GSD Checker - Free tool to show and edit the content of GSD files for PROFINET in an easy to understand table view. It also contains a function to check the accuracy of GSD files which helps to build a valid description file.

Fuzzing

  • ProFuzz - Simple PROFINET fuzzer based on Scapy

SEL Fast Message

Siemens S7

SSP21

TriStation

Zigbee

  • Killerbee - IEEE 802.15.4/ZigBee Security Research Toolkit.

General Protocol Fuzzing

  • AFL - American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

  • WinAFL - AFL that works for Windows binaries.

(creative commons license)