SMOD
SMOD is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest Modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under Python 2.7.x. SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks. The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons: Modbus is still widely used in power systems, Modbus/TCP is simple and easy to implement, and Modbus protocol libraries are freely available for utilities to implement smart grid applications. You can use this tool for vulnerability assessment of a Modbus protocol. Just a little demo showing off the basics: root@kali:~/smod# python smod.py _______ < SMOD > ------- \ ^__^ \ (xx)\_______ (__)\/\ U ||----w | SMOD >help
FEATURES
ALTERNATIVES
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
Local pentest lab using docker compose to spin up victim and attacker services.
MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.
A document that helps inform red team planning by contrasting against the very specific red team style described in Red Teams.
A C/C++ tool for remote process injection, supporting x64 and x86 operations, with system call macros generated by SysWhispers script.
Generate a variety of suspect actions detected by Falco rulesets.
A proof-of-concept obfuscation toolkit for C# post-exploitation tools, designed to conceal malicious activities from detection.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.