Add ICS/IIOT related templates. #12005
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add the following temaplate (add 2 folder in Network => detection ) Network => detections - Allan_Bredlley - Allan_Bredlley_CompactLogix_enip-cip_detect - Allan_Bredlley_GuardPLC_enip-cip_detect.yaml - Allan_Bredlley_Micro800_enip-cip_detect.yaml - Allan_Bredlley_MicroLogix_enip-cip_detect.yaml - Allan_Bredlley_PLC-5_enip-cip_detect.yaml - Allan_Bredlley_SLC-500_enip-cip_detect.yaml - Schneider - modicon_340_detect.yaml - modicon_580_detect.yaml - Red_Lion_enip_detect.yaml --- Network => Honeypot - Ethernet_IP_CIP_conpot_default_config.yaml - snap7_honeypot_default_config.yaml --- Network => enumeration - modicon-info.yaml - S7-enumerate.yaml --- http => default password - LOYETC_PLC_defaul_password.yaml - OSASI_default_credential.yaml - SIEMENS_SIMATIC_HMI_Miniweb_default_password.yaml - WAGO_default_password_web_panel.yaml --- http => exposed_panel - CAE_Monitoring_page.yaml - ETIC_telecom_router_login_page.yaml - ETIC_telecom_unprotected_admin_panel.yaml - Moxa_vpn_router_login_page.yaml - OSASI_login_page.yaml - Siemens_LOGO_login_page.yaml - SIEMENS_SIMATIC_HMI_Miniweb_panel.yaml - WAGO_web_based_management_panel.yaml ---
Fix typo on Allen_Bradley reminder of the 1st pull request After discussions on the project dicovery discord, on the request to add the following templates (oriented toward the industrial and Industrial Internet of thing world) https://github.com/biero-el-corridor/ICS_CPS_nuclei_template/ here's an ordered pul request with the templates in the sections that seem suitable for placing them NOTE: 2 folders have been created under Network => detection Network => detections - Allan_Bradlley - Allen_Bradley_CompactLogix_enip-cip_detect - Allen_Bradley_GuardPLC_enip-cip_detect.yaml - Allen_Bradley_Micro800_enip-cip_detect.yaml - Allen_Bradley_MicroLogix_enip-cip_detect.yaml - Allen_Bradley_PLC-5_enip-cip_detect.yaml - Allen_Bradley_SLC-500_enip-cip_detect.yaml - Schneider - modicon_340_detect.yaml - modicon_580_detect.yaml - Red_Lion_enip_detect.yaml --- Network => Honeypot - Ethernet_IP_CIP_conpot_default_config.yaml - snap7_honeypot_default_config.yaml --- Network => enumeration - modicon-info.yaml - S7-enumerate.yaml --- http => default password - LOYETC_PLC_defaul_password.yaml - OSASI_default_credential.yaml - SIEMENS_SIMATIC_HMI_Miniweb_default_password.yaml - WAGO_default_password_web_panel.yaml --- http => exposed_panel - CAE_Monitoring_page.yaml - ETIC_telecom_router_login_page.yaml - ETIC_telecom_unprotected_admin_panel.yaml - Moxa_vpn_router_login_page.yaml - OSASI_login_page.yaml - Siemens_LOGO_login_page.yaml - SIEMENS_SIMATIC_HMI_Miniweb_panel.yaml - WAGO_web_based_management_panel.yaml ---
DhiyaneshGeek
added
good first issue
|
Absolute banger of a PR @biero-el-corridor! ⚡️ Loving the ICS/IIoT coverage here — super solid stuff. Templates are under validation — keep 'em coming! 🚀 |
darses
reviewed
Apr 26, 2025
http/default-logins/SIEMENS_SIMATIC_HMI_Miniweb_default_password.yaml
Outdated
Show resolved
Hide resolved
…rd.yaml Co-authored-by: Chris <[email protected]>
|
i have validated all the HTTP protocol templates and updated the matchers , metadata and additional information. Let me know if these changes looks good. will co-ordinate with @pussycat0x for the network templates and keep you posted Thank you once again for these template 😄 |
|
Hello @DhiyaneshGeek, Your modification seems correct for the majority of the template, but after analyzing it, I see a mistake I made. For the OSASI default login, the Shodan query is actually http.favicon.hash:-1887636248. If you need specific info for the TCP template @pussycat0x (note that the hex string is not fully documented), you can always message me on Discord. |
|
Hello @biero-el-corridor , I've removed the ICS network template from the current PR and created a separate PR for it. This will allow us to coordinate more effectively and make some enhancements. Also, kindly share your Discord username with me. |
DhiyaneshGeek
added
Done
pussycat0x
approved these changes
May 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Template / PR Information
willingness to add templates linked to industrial control systems, and IIOTs
https://github.com/biero-el-corridor/ICS_CPS_nuclei_template/
here's an ordered pul request with the templates in the sections that seem suitable for placing them
NOTE: 2 folders have been created under Network => detection
Network => detections
Network => Honeypot
Network => enumeration
http => default password
http => exposed_panel
Template Validation
I've validated this template locally?
Additional Details (leave it blank if not applicable)
Additional References: