Cyber security, Exploit Database, vendors, Vulnerability Assessment

ICS files in Exploit Database

| Sulaiman Alhasawi

In my previous article, I wrote about ICS Metasploit modules. The Modules that are related to ICS hardware or software that can be used as tools for vulnerability assessment. I tried to assemble a list of keywords that could help you find ICS modules in Metasploit. After I published the article, I got a suggestion from a friend of mine to do the same for the Exploit Database. So I decided that Im’ not going to start from scratch, but instead I would build my list based on my Metasploit keywords. The results that I got from the Exploit-db were bigger and in the process, I discovered more keywords. There are more search options in the Exploit-db than Metasploit, that enable you to do customized digging in the advanced mode. For example, you can type a generic ICS term like “SCADA” in the title box and specify the vendor name “Siemens” in the content box. There are also other options that can help you narrow your results. Another observation I noticed was that not all ICS vendors were in the database, which could indicate many interesting points. It could be a lack of vulnerability research from the community side due to shortages of resources such as software or hardware. As you know, most of these resources are proprietary, expensive and not for the average use. One last thing , you can experiment with the keywords by placing them either in the topic or content area or both , or by combining them all together as you see fit. The results form this database vary, not all of them are exploits, some of them are reports or magazines. I have aded this list to my Giuthub, for future updates.

  1. 7-Technologies
  2. advantech
  3. allen-bradley
  4. automation
  5. bacnet
  6. beckhoff
  7. broadWin
  8. certec edv atvise
  9. circarlife
  10. citectscada
  11. clearscada
  12. codesys
  13. control system
  14. daqfactory
  15. datac
  16. dnp3
  17. electric
  18. ethernet/ip
  19. factorylink
  20. fatek automation
  21. furukawa
  22. genesis32
  23. hmi
  24. hmi/scada
  25. homeautomation
  26. honeywell
  27. iconics
  28. igss
  29. industrial
  30. instanthmi
  31. its scada
  32. kingscada
  33. kingview
  34. laquis
  35. measuresoft
  36. microscada
  37. mitsubishi
  38. modbus
  39. modicon
  40. movicon
  41. myscadapro
  42. myscada
  43. omron
  44. opc
  45. open proficy
  46. phoenix contact
  47. plc
  48. pnpscada
  49. powerhmi
  50. powerlogic
  51. proconos
  52. procyon
  53. proficyscada
  54. realwin
  55. rockwell
  56. ruggedCom
  57. scada
  58. scada server
  59. scada/hmi
  60. scadaapp
  61. scadaphone
  62. scadapro
  63. scadatec
  64. schneider
  65. seig
  66. sielco sistemi
  67. siemens
  68. smartrtu
  69. soitec smartenergy
  70. start/stop
  71. sunway force control
  72. teechart
  73. tri-plc nano
  74. twincat
  75. unitronics
  76. viap automation
  77. wago
  78. webhmi
  79. webscada
  80. yokogawa
  81. zigbee
  82. zscada
#cyber security #exploit database #exploit-db #ics security #penetration testing

Comments are closed.