Industrial Exploitation Framework (ISF)
ISF (Industrial Exploitation Framework) is an exploitation framework based on Python, similar to the Metasploit framework. It is derived from the open-source project routersploit. Disclaimer: Usage of ISF for attacking targets without prior mutual consent is illegal. Users must comply with all applicable laws. Developers are not liable for any misuse or damage caused by the program. ICS Protocol Clients: - Modbus-TCP Client: Modbus-TCP Client - WdbRPC Version 2 Client (VxWorks 6.x): WdbRPC Version 2 Client for VxWorks 6.x - S7comm Client (S7 300/400 PLC): S7comm Client for S7 300/400 PLC Exploit Modules: - S7-300/400 PLC Control: Start/stop control for S7-300/400 PLC - S7-1200 PLC Control: Start/stop/reset control for S7-1200 PLC - VxWorks RPC DoS: VxWorks RPC remote denial-of-service (CVE-2015-7599) - Quantum 140 PLC Control: Control module for Quantum 140 PLC
FEATURES
ALTERNATIVES
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A tool for generating .NET serialized gadgets for triggering .NET assembly load/execution.
Emulate offensive attack techniques in the cloud with a self-contained Go binary.
PwnAuth is an open-source tool for generating and managing authentication tokens for penetration testing and red teaming exercises.
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.