SlideShare a Scribd company logo

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

Q
qqlan

This document provides a cheat sheet of industrial control system (ICS) and SCADA products along with relevant Google dorks and network information to identify them. It lists common ICS vendors like Siemens, Allen-Bradley, Schneider Electric, General Electric and their products along with identifiers like default credentials, open ports, and SNMP strings that can be used for discovery and identification on Google, Shodan, or a network.

Technology
1 of 9
Downloaded 635 times
1
2
3
4
Most read
5
6
Most read
7
8
Most read
9
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin http://scadastrangelove.org/
vendor product google dork network info Siemens S7-200 all models: tcp/udp/102 (by vuln info) S7-300 snmp: Siemens, SIMATIC, S7 S7-3** , PCS7 inurl:/Portal0000.htm http: /S7Web.css Simatic S7 snmp: Siemens, SIMATIC S7, CPU-1200 Siemens, SIMATIC S7, CPU317-2 PN/DP Siemens, SIMATIC S7, CPU315-2 PN/DP
Siemens, SIMATIC S7 *** inurl:"Portal/Portal.mwsl" http: /S7Web.css Automation License Manager tcp/4410 (by vuln info) Scalance S,X Security Module firewall telnet: Simatic, Scalance snmp: Scalance S*, Scalance W*, Scalance X* DCP protocol (by vuln info) tcp/80 netbios: WINCC_SRV21 <0x0> SIEMENS <0x0> Wincc flexible WINCC_SRV21 <0x20> Wincc flexible runtime / TIA Portal tcp/2308 (by vuln info) tcp/50523 (by vuln info)
Synco OZW (Web server) http SIMATIC HMI Miniweb intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" http: /CSS/Miniweb.css Simatic HMI snmp: Siemens, SIMATIC HMI, *** telnet:Welcome to the Windows CE Telnet Service on HMI_Panel
vendor product google dork network info DeltaV and DeltaV Workstations/DeltaV Emerson ProEssentials Scientific Graph tcp/udp/111 (by vuln info) DeltaV Service Information System Ver3.3 vendor product google dork network info Allen-Bradley Rockwell Automation ControlLogix tcp/udp/44818 , http CompactLogix intitle:"Rockwell Automation" "Device Name" "Uptime"
PLC5 http, snmp inurl:dtm.html intitle:1747-L552 SLC-5 inurl:dtm.html intitle:1747-L551 http, snmp Micrologix inurl:home.htm intitle:1766 http, snmp vendor product shodanhq dork network info Schneider Electric PM820SD Schneider Electric - PM820SD port:161 PM870SD Schneider Electric - PM870SD port:161 ECC21 Schneider Electric - ECC21 port:161 EGX100MG Schneider Electric - EGX100MG port:161 PowerLogic PM800 PowerLogic PM800 port:80 PowerLogic ION8650 A/B/C ION8650
PowerLogic ION8650 A/B/C) 8650 ION PowerLogic ION8600 8600 ION PowerLogic ION7650/7550 ION 7550 PowerLogic ION7650/7550 ION 7650 PowerLogic ION7300 ION 7300 PowerLogic ION6200 ION6200 PowerLogic PM1200 PM1200 PowerLogic DM6200 DM6200 Powerlogic Enercept Powerlogic Energy Meter PowerLogic Branch Current Monitor BCM42 PowerLogic EM4800
PowerLogic E5600 PowerLogic Ethernet Gateway (EGX) EGX100 PowerLogic EGX300 EGX300 PowerLogic ION7550RTU ION 7550RTU schneider electric vendor product google dork network info Schneider Electric Modicon intitle:"Quantum CPU Web Server" Quantum/Premiun/Micro intitle:"Premium CPU Web Server" intitle:"Citect Web" inurl:scada CitectSCADA filetype:htm CitectFacilities shodanhq: ClearSCADA "ViewXCtrl is not supported in this web browser." ClearSCADA intitle:"ClearSCADA Home" UnitelWay Device Driver
Vijeo Historian Web Server several products Modicon M340 snmp: "Modicon M340" vendor product google dork network info General Electric Cimplicity intitle:"CIMPLICITY WebView" inurl:main.html http Proficy inurl:ProficyPortal/default.asp http

More Related Content

PDF
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
PDF
Web application security & Testing
Deepu S Nath
 
PPTX
Conditional Access System
OECLIB Odisha Electronics Control Library
 
PPTX
Introduction to Maven
Mindfire Solutions
 
PPTX
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
PDF
Sigma and YARA Rules
Lionel Faleiro
 
PDF
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
PDF
Cisco acs configuration guide
RichardsCCNA
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Web application security & Testing
Deepu S Nath
 
Conditional Access System
OECLIB Odisha Electronics Control Library
 
Introduction to Maven
Mindfire Solutions
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
Sigma and YARA Rules
Lionel Faleiro
 
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
Cisco acs configuration guide
RichardsCCNA
 

What's hot (20)

PPSX
Introduction to threat_modeling
Prabath Siriwardena
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PPTX
Security testing fundamentals
Cygnet Infotech
 
PPSX
7 Software Development Security
Alfred Ouyang
 
PPTX
Zephyr 2.6: Comprehensive Test Management
Zephyr
 
PPTX
Logging, monitoring and auditing
Piyush Jain
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PPTX
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
PDF
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
PDF
Cypress testing
Vladyslav Romanchenko
 
PDF
Application Security - Your Success Depends on it
WSO2
 
PDF
Fileless Malware Infections
Ramon
 
PPTX
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
PDF
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
ODP
OWASP Secure Coding
bilcorry
 
PPTX
Backstage at CNCF Madison.pptx
BrandenTimm1
 
PDF
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
PDF
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
PDF
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Introduction to threat_modeling
Prabath Siriwardena
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Security testing fundamentals
Cygnet Infotech
 
7 Software Development Security
Alfred Ouyang
 
Zephyr 2.6: Comprehensive Test Management
Zephyr
 
Logging, monitoring and auditing
Piyush Jain
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Cypress testing
Vladyslav Romanchenko
 
Application Security - Your Success Depends on it
WSO2
 
Fileless Malware Infections
Ramon
 
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
OWASP Secure Coding
bilcorry
 
Backstage at CNCF Madison.pptx
BrandenTimm1
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Ad

Similar to ICS/SCADA/PLC Google/Shodanhq Cheat Sheet (20)

PDF
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
qqlan
 
PPTX
Technical Overview of Cisco Catalyst 9200 Series Switches
Robb Boyd
 
PDF
ScilabTEC 2015 - Xilinx
Scilab
 
PDF
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
 
PPTX
SCADA Strangelove: взлом во имя
Ekaterina Melnik
 
PPTX
SCADA Strangelove: Hacking in the Name
Positive Hack Days
 
PDF
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
Michael Smith
 
PDF
Mohamed Zakaria 01-2017
Mohamed Zakaria
 
PDF
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
arnaudsoullie
 
PPT
FE_Technologies_PLC.ppt
luisvillanueva16463
 
PPT
FE_Technologies_PLC.ppt
Dilupa Herath
 
PPT
CHM_Technologies_PLC.ppt
VinothInst
 
PDF
SELTA Energy Automation Portfolio 2018
SELTA
 
PDF
WebAccess Scada Driver List_V17_20211015.pdf
muhammadbasurrah
 
PDF
practical-guide-to-opcua.pdf
ssuser357595
 
PDF
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
ROMSAT
 
PDF
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
PPT
S7 bas-16
Marcos Romanholo
 
PDF
Overview of RTaW SysML-Companion
RealTime-at-Work (RTaW)
 
PPTX
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
Shaheem TM
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
qqlan
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Robb Boyd
 
ScilabTEC 2015 - Xilinx
Scilab
 
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
 
SCADA Strangelove: взлом во имя
Ekaterina Melnik
 
SCADA Strangelove: Hacking in the Name
Positive Hack Days
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
Michael Smith
 
Mohamed Zakaria 01-2017
Mohamed Zakaria
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
arnaudsoullie
 
FE_Technologies_PLC.ppt
luisvillanueva16463
 
FE_Technologies_PLC.ppt
Dilupa Herath
 
CHM_Technologies_PLC.ppt
VinothInst
 
SELTA Energy Automation Portfolio 2018
SELTA
 
WebAccess Scada Driver List_V17_20211015.pdf
muhammadbasurrah
 
practical-guide-to-opcua.pdf
ssuser357595
 
Edge-Core - экономия без потери качества | Семинар для интеграторов 15.06.17
ROMSAT
 
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
S7 bas-16
Marcos Romanholo
 
Overview of RTaW SysML-Companion
RealTime-at-Work (RTaW)
 
PARAMETER SENSING REMOTE OPERATED VIDEO ENHANCED RECEIVER
Shaheem TM
 
Ad

More from qqlan (20)

PDF
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
PDF
Kaspersky SAS SCADA in the Cloud
qqlan
 
PPTX
Миссиоцентрический подход к кибербезопасности АСУ ТП
qqlan
 
PDF
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
qqlan
 
PDF
Best of Positive Research 2013
qqlan
 
PDF
Web-style Wireless IDS attacks, Sergey Gordeychik
qqlan
 
PDF
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
PPTX
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
qqlan
 
PDF
Pt infosec - 2014 - импортозамещение
qqlan
 
PPTX
SCADA StrangeLove Kaspersky SAS 2014 - LHC
qqlan
 
PDF
Firebird Interbase Database engine hacks or rtfm
qqlan
 
PDF
SCADA StrangeLove 2: We already know
qqlan
 
PDF
Internet connected ICS/SCADA/PLC
qqlan
 
PDF
SCADA deep inside:protocols and software architecture
qqlan
 
PDF
Techniques of attacking ICS systems
qqlan
 
PDF
Positive Technologies Application Inspector
qqlan
 
PPTX
Database honeypot by design
qqlan
 
PDF
Positive Technologies Application Inspector
qqlan
 
PPTX
Black Hat: XML Out-Of-Band Data Retrieval
qqlan
 
PDF
Positive Technologies - S4 - Scada under x-rays
qqlan
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
Kaspersky SAS SCADA in the Cloud
qqlan
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
qqlan
 
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
qqlan
 
Best of Positive Research 2013
qqlan
 
Web-style Wireless IDS attacks, Sergey Gordeychik
qqlan
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
qqlan
 
Pt infosec - 2014 - импортозамещение
qqlan
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
qqlan
 
Firebird Interbase Database engine hacks or rtfm
qqlan
 
SCADA StrangeLove 2: We already know
qqlan
 
Internet connected ICS/SCADA/PLC
qqlan
 
SCADA deep inside:protocols and software architecture
qqlan
 
Techniques of attacking ICS systems
qqlan
 
Positive Technologies Application Inspector
qqlan
 
Database honeypot by design
qqlan
 
Positive Technologies Application Inspector
qqlan
 
Black Hat: XML Out-Of-Band Data Retrieval
qqlan
 
Positive Technologies - S4 - Scada under x-rays
qqlan
 

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
A Presentation on Artificial Intelligence
memembruh336
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Approach and Philosophy of On baking technology
30anthuong17
 
KodekX | Application Modernization Development
KodekX
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet

  • 1. ICS/SCADA/PLC Google/Shodanhq Cheat Sheet Gleb Gritsai, Alexander Timorin, Yuri Goltsev, Roman Ilin http://scadastrangelove.org/
  • 2. vendor product google dork network info Siemens S7-200 all models: tcp/udp/102 (by vuln info) S7-300 snmp: Siemens, SIMATIC, S7 S7-3** , PCS7 inurl:/Portal0000.htm http: /S7Web.css Simatic S7 snmp: Siemens, SIMATIC S7, CPU-1200 Siemens, SIMATIC S7, CPU317-2 PN/DP Siemens, SIMATIC S7, CPU315-2 PN/DP
  • 3. Siemens, SIMATIC S7 *** inurl:"Portal/Portal.mwsl" http: /S7Web.css Automation License Manager tcp/4410 (by vuln info) Scalance S,X Security Module firewall telnet: Simatic, Scalance snmp: Scalance S*, Scalance W*, Scalance X* DCP protocol (by vuln info) tcp/80 netbios: WINCC_SRV21 <0x0> SIEMENS <0x0> Wincc flexible WINCC_SRV21 <0x20> Wincc flexible runtime / TIA Portal tcp/2308 (by vuln info) tcp/50523 (by vuln info)
  • 4. Synco OZW (Web server) http SIMATIC HMI Miniweb intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" http: /CSS/Miniweb.css Simatic HMI snmp: Siemens, SIMATIC HMI, *** telnet:Welcome to the Windows CE Telnet Service on HMI_Panel
  • 5. vendor product google dork network info DeltaV and DeltaV Workstations/DeltaV Emerson ProEssentials Scientific Graph tcp/udp/111 (by vuln info) DeltaV Service Information System Ver3.3 vendor product google dork network info Allen-Bradley Rockwell Automation ControlLogix tcp/udp/44818 , http CompactLogix intitle:"Rockwell Automation" "Device Name" "Uptime"
  • 6. PLC5 http, snmp inurl:dtm.html intitle:1747-L552 SLC-5 inurl:dtm.html intitle:1747-L551 http, snmp Micrologix inurl:home.htm intitle:1766 http, snmp vendor product shodanhq dork network info Schneider Electric PM820SD Schneider Electric - PM820SD port:161 PM870SD Schneider Electric - PM870SD port:161 ECC21 Schneider Electric - ECC21 port:161 EGX100MG Schneider Electric - EGX100MG port:161 PowerLogic PM800 PowerLogic PM800 port:80 PowerLogic ION8650 A/B/C ION8650
  • 7. PowerLogic ION8650 A/B/C) 8650 ION PowerLogic ION8600 8600 ION PowerLogic ION7650/7550 ION 7550 PowerLogic ION7650/7550 ION 7650 PowerLogic ION7300 ION 7300 PowerLogic ION6200 ION6200 PowerLogic PM1200 PM1200 PowerLogic DM6200 DM6200 Powerlogic Enercept Powerlogic Energy Meter PowerLogic Branch Current Monitor BCM42 PowerLogic EM4800
  • 8. PowerLogic E5600 PowerLogic Ethernet Gateway (EGX) EGX100 PowerLogic EGX300 EGX300 PowerLogic ION7550RTU ION 7550RTU schneider electric vendor product google dork network info Schneider Electric Modicon intitle:"Quantum CPU Web Server" Quantum/Premiun/Micro intitle:"Premium CPU Web Server" intitle:"Citect Web" inurl:scada CitectSCADA filetype:htm CitectFacilities shodanhq: ClearSCADA "ViewXCtrl is not supported in this web browser." ClearSCADA intitle:"ClearSCADA Home" UnitelWay Device Driver
  • 9. Vijeo Historian Web Server several products Modicon M340 snmp: "Modicon M340" vendor product google dork network info General Electric Cimplicity intitle:"CIMPLICITY WebView" inurl:main.html http Proficy inurl:ProficyPortal/default.asp http