{"id":13841847,"url":"https://github.com/hi-KK/ICS-Protocol-identify","last_synced_at":"2025-07-11T13:32:51.005Z","repository":{"id":62018360,"uuid":"176848392","full_name":"hi-KK/ICS-Protocol-identify","owner":"hi-KK","description":"Using nmap NSE scripts for  identifying common ICS protocols[使用nmap的nse脚本对常见工控协议进行识别，附对应nse脚本，并记录pcap流量]","archived":false,"fork":false,"pushed_at":"2020-09-03T06:38:25.000Z","size":2422,"stargazers_count":143,"open_issues_count":2,"forks_count":48,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-08-05T17:29:31.519Z","etag":null,"topics":["ics","ics-protocols","ics-security"],"latest_commit_sha":null,"homepage":null,"language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hi-KK.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-21T01:48:46.000Z","updated_at":"2024-07-28T03:21:01.000Z","dependencies_parsed_at":"2022-10-25T06:45:15.628Z","dependency_job_id":null,"html_url":"https://github.com/hi-KK/ICS-Protocol-identify","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi-KK%2FICS-Protocol-identify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi-KK%2FICS-Protocol-identify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi-KK%2FICS-Protocol-identify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi-KK%2FICS-Protocol-identify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hi-KK","download_url":"https://codeload.github.com/hi-KK/ICS-Protocol-identify/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729710,"owners_count":17515157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ics","ics-protocols","ics-security"],"created_at":"2024-08-04T17:01:22.744Z","updated_at":"2024-11-21T12:30:31.371Z","avatar_url":"https://github.com/hi-KK.png","language":"Lua","funding_links":[],"categories":["Lua","Lua (24)"],"sub_categories":[],"readme":"## 对大佬有帮助的话就给个Star吧！\n\n##  工控常见协议\n\n| 协议                | 通信 | 端口  |\n| ------------------- | ---- | ----- |\n| Siemens S7          | tcp  | 102   |\n| Modbus              | tcp  | 502   |\n| IEC 60870-5-104     | tcp  | 2404  |\n| DNP3                | tcp  | 20000 |\n| EtherNet/IP         | udp  | 44818 |\n| BACnet              | udp  | 47808 |\n| Tridium Niagara Fox | tcp  | 1911  |\n| Crimson V3          | tcp  | 789   |\n| OMRON FINS          | tcp  | 9600  |\n| PCWorx              | tcp  | 1962  |\n| ProConOs            | tcp  | 20547 |\n| MELSEC-Q            | tcp  | 5007  |\n\n## 工控协议识别\n\n### Siemens S7\n\n```\nnmap -sS -Pn -n --min-hostgroup 1024 --min-parallelism 1024 -p 102 --script s7-info -iL 123.txt -oX 123.xml\n超速度扫描：\n-sS  SYN扫描,又称为半开放扫描，它不打开一个完全的TCP连接，执行得很快，效率高\n-Pn  不对目标进行ping探测(不判断主机是否在线)(直接扫描端口)\n-n   不反向解析IP地址到域名\n–min-hostgroup 1024    最小分组设置为1024个IP地址，当IP太多时，nmap需要分组，然后串行扫描\n–min-parallelism 1024  这个参数非常关键，为了充分利用系统和网络资源，我们将探针的数目限定最小为1024\n```\n\n![360截图16261006315874](assets/360截图16261006315874.png)\n\n### Modbus\n\n```\nnmap -sS -Pn -p 502 --script modicon-info -iL 123.txt -oX 123.xml\n```\n\n![360截图162412289895122](assets/360截图162412289895122.png)\n\n### IEC 60870-5-104\n\n```\nnmap -Pn -n -d --script iec-identify.nse  --script-args='iec-identify.timeout=500' -p 2404 \u003chost\u003e\n超速度扫描：\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -d --script iec-identify-2014.nse  --script-args='iec-identify.timeout=500' -p 2404 -iL 2404.txt -oX 2404.xml\n```\n\n![360截图16620607109125137](assets/360截图16620607109125137.png)\n\n### DNP3\n\n```\nnmap --script dnp3-info -p 20000 \u003chost\u003e\n超速度扫描：\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 --script dnp3-info.nse -p 20000 -iL 20000.txt -oX 20000.xml\n```\n\n![360截图16280721688569](assets/360截图16280721688569.png)\n\n### EtherNet/IP\n\n```\nnmap --script enip-info -sU  -p 44818 \u003chost\u003e\n超速度扫描：\nnmap -Pn -n -sU --min-hostgroup 1024 --min-parallelism 3000 --script enip-info.nse -p 44818 -iL 44818.txt -oX 44818.xml\n```\n\n![360截图162807227386120](assets/360截图162807227386120.png)\n\n### BACnet\n\n```\nnmap --script bacnet-info -sU -p 47808 \u003chost\u003e\n超速度扫描：\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -sU -p 47808 --script bacnet-info.nse -iL 47808.txt -oX 47808.xml\n```\n\n![360截图1653070991122136](assets/360截图1653070991122136.png)\n\n### Tridium Niagara Fox\n\n```\nnmap --script fox-info.nse -p 1911 \u003chost\u003e\n超速度扫描：\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -p 1911 --script fox-info.nse -iL 1911.txt -oX 1911.xml\n```\n\n![360截图1667101691102117](assets/360截图1667101691102117.png)\n\n### Crimson V3\n\n```\nnmap --script cr3-fingerprint -p 789 \u003chost\u003e\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -p 789 --script cr3-fingerprint.nse -iL 789.txt -oX 789.xml\n```\n\n![360截图1655042297118118](assets/360截图1655042297118118.png)\n\n### OMRON FINS\n\n```\nnmap --script omron-info -sU -p 9600 \u003chost\u003e\nnmap --script ormontcp-info -p 9600 \u003chost\u003e\nnmap --script ormonudp-info -sU -p 9600 \u003chost\u003e\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -sU -p 9600 --script ormonudp-info.nse -iL 9600.txt -oX 9600.xml\n```\n\n![360截图1660082991103115](assets/360截图1660082991103115.png)\n\n### PCWorx\n\n```\nnmap --script pcworx-info -p 1962 \u003chost\u003e\nnmap -Pn -n --min-hostgroup 1024 --min-parallelism 3000 -p 1962 --script pcworx-info.nse -iL 1962.txt -oX 1962.xml\n```\n\n![360截图16511001152371](assets/360截图16511001152371.png)\n\n### ProConOs\n\n```\nnmap --script proconos-info -p 20547 \u003chost\u003e\n```\n\n![360截图16240201192730](assets/360截图16240201192730.png)\n\n### MELSEC-Q\n\n```\nnmap -script melsecq-discover -sT -p 5007 \u003chost\u003e\nnmap -script melsecq-discover-udp.nse -sU -p 5006 \u003chost\u003e\n```\n\n![360截图16460518444147](assets/360截图16460518444147.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhi-KK%2FICS-Protocol-identify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhi-KK%2FICS-Protocol-identify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhi-KK%2FICS-Protocol-identify/lists"}