{"id":13539056,"url":"https://github.com/dark-lbp/isf","last_synced_at":"2025-04-02T05:33:12.706Z","repository":{"id":38326073,"uuid":"98960487","full_name":"dark-lbp/isf","owner":"dark-lbp","description":"ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python","archived":false,"fork":false,"pushed_at":"2024-01-04T14:06:30.000Z","size":261,"stargazers_count":985,"open_issues_count":8,"forks_count":291,"subscribers_count":63,"default_branch":"master","last_synced_at":"2024-01-25T01:08:18.106Z","etag":null,"topics":["exploits","ics","ics-exp","ics-poc","isf","modbus","plc","scada","scapy"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dark-lbp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-08-01T04:50:05.000Z","updated_at":"2024-04-14T19:43:11.993Z","dependencies_parsed_at":"2024-04-14T19:53:00.190Z","dependency_job_id":null,"html_url":"https://github.com/dark-lbp/isf","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dark-lbp%2Fisf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dark-lbp%2Fisf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dark-lbp%2Fisf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dark-lbp%2Fisf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dark-lbp","download_url":"https://codeload.github.com/dark-lbp/isf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246763814,"owners_count":20829797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploits","ics","ics-exp","ics-poc","isf","modbus","plc","scada","scapy"],"created_at":"2024-08-01T09:01:19.657Z","updated_at":"2025-04-02T05:33:12.377Z","avatar_url":"https://github.com/dark-lbp.png","language":"Python","readme":"# Industrial Exploitation Framework\nISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework. \n\nISF is based on open source project [routersploit](https://github.com/reverse-shell/routersploit).\n\n*Read this in other languages: [English](README.md), [简体中文](README.zh-cn.md),*\n\n\n## Disclaimer \nUsage of ISF for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws.\nDevelopers assume no liability and are not responsible for any misuse or damage caused by this program.\n\n\n## ICS Protocol Clients\n| Name | Path | Description |\n| -------------------| ---------------------------------------|:----------------------:| \n| modbus_tcp_client | icssploit/clients/modbus_tcp_client.py | Modbus-TCP Client |\n| wdb2_client | icssploit/clients/wdb2_client.py | WdbRPC Version 2 Client(Vxworks 6.x)|\n| s7_client | icssploit/clients/s7_client.py | s7comm Client(S7 300/400 PLC) |\n\n\n## Exploit Module\n| Name | Path | Description |\n| ------------------------| ------------------------------------------------------------------|:----------------------------------------:| \n| s7_300_400_plc_control | exploits/plcs/siemens/s7_300_400_plc_control.py | S7-300/400 PLC start/stop |\n| s7_1200_plc_control | exploits/plcs/siemens/s7_1200_plc_control.py | S7-1200 PLC start/stop/reset |\n| vxworks_rpc_dos | exploits/plcs/vxworks/vxworks_rpc_dos.py | Vxworks RPC remote dos(CVE-2015-7599) |\n| quantum_140_plc_control | exploits/plcs/schneider/quantum_140_plc_control.py | Schneider Quantum 140 series PLC start/stop |\n| crash_qnx_inetd_tcp_service | exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py | QNX Inetd TCP service dos |\n| qconn_remote_exec | exploits/plcs/qnx/qconn_remote_exec.py | QNX qconn remote code execution |\n| profinet_set_ip | exploits/plcs/siemens/profinet_set_ip.py | Profinet DCP device IP config |\n\n\n## Scanner Module\n| Name | Path | Description |\n| ------------------------| ------------------------------------------------------------------|:---------------------------------------:| \n| profinet_dcp_scan | scanners/profinet_dcp_scan.py | Profinet DCP scanner |\n| vxworks_6_scan | scanners/vxworks_6_scan.py | Vxworks 6.x scanner |\n| s7comm_scan | scanners/s7comm_scan.py | S7comm scanner |\n| enip_scan | scanners/enip_scan.py | EthernetIP scanner |\n\n\n\n## ICS Protocols Module (Scapy Module)\nThese protocol can used in other Fuzzing framework like [Kitty](https://github.com/cisco-sas/kitty) or create your own client.\n \n| Name | Path | Description |\n| ------------------------| ------------------------------------------------------------------|:---------------------------------------:| \n| pn_dcp | icssploit/protocols/pn_dcp | Profinet DCP Protocol |\n| modbus_tcp | icssploit/protocols/modbus_tcp | Modbus TCP Protocol |\n| wdbrpc2 | icssploit/protocols/wdbrpc2 | WDB RPC Version 2 Protocol |\n| s7comm | icssploit/protocols/s7comm.py | S7comm Protocol |\n\n\n\n# Install\n\n## Python requirements\n* gnureadline (OSX only)\n* requests\n* paramiko\n* beautifulsoup4\n* pysnmp\n* python-nmap\n* scapy [We suggest install scapy manual with this official document](http://scapy.readthedocs.io/en/latest/installation.html)\n\n## Install on Kali\n git clone https://github.com/dark-lbp/isf/\n cd isf\n python isf.py\n\n\n# Usage\n root@kali:~/Desktop/temp/isf# python isf.py\n \n _____ _____ _____ _____ _____ _ ____ _____ _______\n |_ _/ ____|/ ____/ ____| __ \\| | / __ \\_ _|__ __|\n | || | | (___| (___ | |__) | | | | | || | | |\n | || | \\___ \\\\___ \\| ___/| | | | | || | | |\n _| || |____ ____) |___) | | | |___| |__| || |_ | |\n |_____\\_____|_____/_____/|_| |______\\____/_____| |_|\n \n \n ICS Exploitation Framework\n \n Note : ICSSPOLIT is fork from routersploit at\n https://github.com/reverse-shell/routersploit\n Dev Team : wenzhe zhu(dark-lbp)\n Version : 0.1.0\n \n Exploits: 2 Scanners: 0 Creds: 13\n \n ICS Exploits:\n PLC: 2 ICS Switch: 0\n Software: 0\n \n isf \u003e\n\n## Exploits\n isf \u003e use exploits/plcs/\n exploits/plcs/siemens/ exploits/plcs/vxworks/\n isf \u003e use exploits/plcs/siemens/s7_300_400_plc_control\n exploits/plcs/siemens/s7_300_400_plc_control\n isf \u003e use exploits/plcs/siemens/s7_300_400_plc_control\n isf (S7-300/400 PLC Control) \u003e\n \nYou can use the tab key for completion.\n\n\n## Options\n### Display module options:\n isf (S7-300/400 PLC Control) \u003e show options\n \n Target options:\n \n Name Current settings Description\n ---- ---------------- -----------\n target Target address e.g. 192.168.1.1\n port 102 Target Port\n \n \n Module options:\n \n Name Current settings Description\n ---- ---------------- -----------\n slot 2 CPU slot number.\n command 1 Command 0:start plc, 1:stop plc.\n \n \n isf (S7-300/400 PLC Control) \u003e\n \n### Set options\n isf (S7-300/400 PLC Control) \u003e set target 192.168.70.210\n [+] {'target': '192.168.70.210'}\n \n\n## Run module\n isf (S7-300/400 PLC Control) \u003e run\n [*] Running module...\n [+] Target is alive\n [*] Sending packet to target\n [*] Stop plc\n isf (S7-300/400 PLC Control) \u003e\n \n## Display information about exploit\n isf (S7-300/400 PLC Control) \u003e show info\n \n Name:\n S7-300/400 PLC Control\n \n Description:\n Use S7comm command to start/stop plc.\n \n Devices:\n - Siemens S7-300 and S7-400 programmable logic controllers (PLCs)\n \n Authors:\n - wenzhe zhu \u003cjtrkid[at]gmail.com\u003e\n \n References:\n \n isf (S7-300/400 PLC Control) \u003e\n \n# Documents\n* [Modbus-TCP Client usage](docs/modbus_tcp_client.en-us.md)\n* [WDBRPCV2 Client usage](docs/wdbrpc_v2_client.en-us.md)\n* [S7comm Client usage](docs/s7_client.en-us.md)\n* [SNMP_bruteforce usage](docs/snmp_bruteforce.en-us.md)\n* [S7 300/400 PLC password bruteforce usage](docs/s7_bruteforce.en-us.md)\n* [Vxworks 6.x Scanner usage](docs/vxworks_6_scan.en-us.md)\n* [Profient DCP Scanner usage](docs/profinet_dcp_scan.en-us.md)\n* [S7comm PLC Scanner usage](docs/s7comm_scan.en-us.md)\n* [Profinet DCP Set ip module usage](docs/profinet_set_ip.en-us.md)\n* [Load modules from extra folder](docs/load_extra_modules_from_folder.en-us.md)\n* [How to write your own module](docs/how_to_create_module.en-us.md)","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python","Python (1887)","Industrial Control and SCADA Systems","Exploits","Tools"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用","Zealandia","Docker Containers of Penetration Testing Distributions and Tools","Industrial Control and SCADA Systems"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdark-lbp%2Fisf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdark-lbp%2Fisf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdark-lbp%2Fisf/lists"}