Script hartip-info

Script types: portrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/hartip-info.nse

Script Summary

This NSE script is used to send a HART-IP packet to a HART device that has TCP 5094 open. The script will establish Session with HART device, then Read Unique Identifier and Read Long Tag packets are sent to parse the required HART device information. Read Sub-Device Identity Summary packet with Sub-Device index 00 01 is sent to request information on Sub-Device, if any available. If the response code differs from 0 (success), the error code is passed as Sub-Device Information. Otherwise, the required Sub-Device information is parsed from response packet.

Device/Sub-Device Information that is parsed includes Long Tag (user assigned device name), Expanded Device Type, Manufacturer ID, Device ID, Device Revision, Software Revision, HART Protocol Major Revision and Private Label Distributor.

This script was written based of HART Specifications available at https://www.fieldcommgroup.org/hart-specifications.

Example Usage

nmap <host> -p 5094 --script hartip-info

Script Output

PORT     STATE SERVICE
5094/tcp open  hart-ip
| hartip-info:
|   Device Information:
|     IP Address: 172.16.10.90
|     Long Tag: ????????????????????????????????
|     Expanded Device Type: GW PL ETH/UNI-BUS
|     Manufacturer ID: Phoenix Contact
|     Device ID: dd4ee3
|     Device Revision: 1
|     Software Revision: 1
|     HART Protocol Major Revision: 7
|     Private Label Distributor: Phoenix Contact
|   Sub-Device Information:
|_    Error Code: 2

Requires

• shortport
• stdnse
• string
• table
• nmap
• nsedebug

---

Author:

• DINA-community

License: Same as Nmap--See https://nmap.org/book/man-legal.html