Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File s7-info

Script types: portrule
Categories: discovery, intrusive
Download: http://nmap.org/svn/scripts/s7-info.nse

User Summary

Enumerates Siemens S7 PLC Devices and collects their device information. This script is based off PLCScan that was developed by Positive Research and Scadastrangelove (https://code.google.com/p/plcscan/). This script is meant to provide the same functionality as PLCScan inside of Nmap. Some of the information that is collected by PLCScan was not ported over; this information can be parsed out of the packets that are received.

Thanks to Positive Research, and Dmitry Efanov for creating PLCScan

Example Usage

nmap -sP --script s7-info.nse -p 102 <host/s>

Script Output

102/tcp open  Siemens S7 315 PLC
| s7-info:
|   Basic Hardware: 6ES7 315-2AG10-0AB0
|   System Name: SIMATIC 300(1)
|   Copyright: Original Siemens Equipment
|   Version: 2.6.9
|   Module Type: CPU 315-2 DP
|   Module: 6ES7 315-2AG10-0AB0
|_  Serial Number: S C-X4U421302009

Requires


Author: Stephen Hilt (Digital Bond)

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

Action Function that is used to run the NSE. This function will send the initial query to the host and port that were passed in via nmap. The initial response is parsed to determine if host is a S7COMM device. If it is then more actions are taken to gather extra information.

Parameters

  • host: Host that was scanned via nmap
  • port: port that was scanned via nmap

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]