Re: [NSE] modbus-enum.nse, modbus discovery script

[Bob Radvanovsky <rsradvan () unixworks net>]

Hey...*you* did all the work, Alexander!!!  ;)

I will be running this script against some other MODBUS variants, starting this coming week, and will let you (and the 
NMAP developers on this mailing list) know what the end results are.

Alexander...you should be proud of yourself!  You are one of the first NMAP NSE script creators who has begun the long 
journey of developing SCADA enumeration and validation scripts using the NMAP tool!  I see this as a 'win-win' for all 
parties involved (developers, businesses, governments, researchers...everyone).

Your script is simple, easy to use, and provides a simplified verification that the device is, in fact, a MODBUS 
communications device.  This speaks volumes to SCADA/industrial control systems engineers and plant operations 
personnel who have to wade through hundreds of unknown devices on their infrastructure networks.  Quite honestly, 
you've made their job a little bit easier...  ;)

Right now, not enough people *know* that NMAP has this powerful capability (NSE scripting, very similar to Nessus) - 
what makes it so very powerful is that it is 'open source', freely and publicly available, and actively developed and 
modified by a very large development community.  If the SCADA and SCADA security communities knew of this potential, 
they could use this and future tools developed for SCADA, to secure infrastructures around the World.

One script down....half a gazillion more to go...  ;)

-rad

P.S.  I am hoping to develop a common development framework criteria for the NMAP NSE scripting language specifically 
for SCADA and industrial automation devices, and wanted some feedback from you two (Alexendar and David for starters) 
about what would be the best method for developing enumeration and validation scripts in which you have common methods 
of determining such devices?  I'm open to any suggestions...thanks!  ;)

----- Original Message -----
From: Alexander Rudakov [mailto:freekoder () gmail com]
To: David Fifield [mailto:david () bamsoftware com], nmap-dev () insecure org, Bob Radvanovsky [mailto:rsradvan () 
unixworks net]
Subject: Re: [NSE] modbus-enum.nse, modbus discovery script


> Cool! SCADA goes to nmap!
> I want to say thank you to everyone, especially Bob Radvanovsky.
>
> With best regards, Alexander Rudakov.
>
> 2010/12/16 David Fifield <david () bamsoftware com>
>
> > On Mon, Dec 13, 2010 at 11:01:27PM +0300, Alexander Rudakov wrote:
> > > I found the problem. It was in modbus-emul.py and nse script. Responses
> > of
> > > modbus-emul.py was not correct,
> > > and nse script did not check size of response. I fixed as the emulator
> > code
> > > and the nmap script.
> > > Test cases on real devices did not cover all code branches. I added new
> > test
> > > cases in modbus-emul.py. Now it cover different situations.
> > > To test them all run script in aggressive mode.
> > > I renamed aggressive argument to modbus-discover.aggressive as you
> asked.
> > Excellent, well done. I tried it again and added the script. I moved
> > some of the big block comment into the description so that it will show
> > up in the online NSEDoc.
> >
> > David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/