in-tank IIoT exposure
In-tank gauge | IIoT enumeration
id: in-tank-inventory-tcp-detection
info:
name: In-Tank Inventory Detection
author: Redflare Cyber
severity: medium
description: This template detects systems running an in-tank inventory service on TCP port 10001 by sending the I20100 command and analyzing the response.
reference:
- https://github.com/sjhilt/Nmap-NSEs/blob/master/atg-info.nse
metadata:
shodan-query: '"in-tank-inventory" port:10001'
tags: iiot,ics,scada,exposure
tcp:
- host:
- "{{Hostname}}"
port: 10001
inputs:
- data: "\x01I20100\n"
read-size: 1024
matchers:
- type: regex
regex:
- "(?i)IN-TANK INVENTORY"
part: body
- type: regex
regex:
- "^SEP\\s\\d{2},\\s\\d{4}" # Example date format in the response
part: body
- type: word
words:
- "TANK PRODUCT"
part: body
extractors:
- type: regex
regex:
- "(?m)TANK PRODUCT.*$"
Last updated