Closed ringringboy closed 1 year ago
step1: gedit S7.py
We can replace S7.py, file from below:
s7comm file from https://github.com/Nootropico/conpot/blob/master/conpot/protocols/s7comm/s7.py
step2: gedit s7comm.xml
<ssl id="W#16#xy11" name="Module Identification">
<!-- Not really sure what these are supposed to contain -->
<module_identification id="W#16#0001">module</module_identification>
<hardware_identification id="W#16#0006">hardware</hardware_identification>
<firmware_identification id="W#16#0007">firmware</firmware_identification>
</ssl>
step3: gedit template.xml
<key name="module">
<value type="value">"6eS7 212-1BD30-xXB0"</value>
</key>
<key name="hardware">
<value type="value">"6eS7 212-1BD30-xXB0"</value>
</key>
<key name="firmware">
<value type="value">"3.2.6"</value>
</key>
finally, nmap --script s7-info.nse work!!!
PORT STATE SERVICE
102/tcp open iso-tsap
| s7-info:
| Module: IM151-8 PN/DP CPU
| Basic Hardware: V3.22.7
| Version: 3.22.7
| System Name: Technodrome
| Module Type: IM151-8 PN/DP CPU
| Serial Number: 88111222
| Plant Identification: Mouser Factory
|_ Copyright: Original Siemens Equipment
MAC Address: 00:0C:29:6D:90:29 (VMware)
Service Info: Device: specialized
issue description: Using the Nmap tool s7-info.nse script to scan port 102 of the conpot, the PLC fingerprint cannot be identified. Is it because the conpot does not implement this function or there is a problem with my deployment?
the nmap error log is following: