Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices.
Enumerate with Nmap
Modbus-discover enumerates SCADA Modbus slave ids (
Modbus is one of the popular SCADA protocols. This script does Modbus device information disclosure. It tries to find legal sids (slave ids) of Modbus devices and to get additional information about the vendor and firmware. This script is improvement of modscan python utility written by Mark Bristow.
Information about MODBUS protocol and security issues:
- MODBUS application protocol specification: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
- Defcon 16 Modscan presentation: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-bristow.pdf
- Modscan utility is hosted at google code: http://code.google.com/p/modscan/
Example Usage
nmap --script modbus-discover.nse --script-args='modbus-discover.aggressive=true' -p 502 <host>