Redpoint is a Digital Bond research project to enumerate ICS applications and devices. We use our Redpoint tools in assessments to discover ICS devices and pull information that would be helpful in secondary testing. A portion of those tools will be made available as Nmap NSE scripts to the public in this repository. The Redpoint tools use legitimate protocol or application commands to discover and enumerate devices and applications. There is no effort to exploit or crash anything. However many ICS devices and applications are fragile and can crash or respond in an unexpected way to any unexpected traffic so use with care. Each script is documented below and available in a .nse file in this repository. BACnet-discover-enumerate.nse - Identify and enumerate BACnet devices codesys-v2-discover.nse - Identify and enumerate CoDeSys V2 controllers enip-enumerate.nse - Identify and enumerate EtherNet/IP devices from Rockwell Automation and other vendors fox-info.nse - Identify and enumerate Niagara Fox devices modicon-info.nse - Identify and enumerate Schneider Electric Modicon PLCs omron-info.nse - Identify and enumerate Omron PLCs pcworx
FEATURES
SIMILAR TOOLS
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
NBD (Network Block Device) is a network protocol implementation that allows clients to access remote block devices over a network as if they were local storage.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
WiGLE.net is a platform that collects and provides data on WiFi networks and cell towers, with over 1.3 billion networks collected.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A free DNS recursive service that blocks malicious host names and protects user privacy.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
A userland implementation of the Network Block Device protocol that enables remote block device access over network connections for distributed storage and virtualization use cases.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.