in-tank IIoT exposure

In-tank gauge | IIoT enumeration

id: in-tank-inventory-tcp-detection

info:
  name: In-Tank Inventory Detection
  author: Redflare Cyber
  severity: medium
  description: This template detects systems running an in-tank inventory service on TCP port 10001 by sending the I20100 command and analyzing the response.
  reference:
    - https://github.com/sjhilt/Nmap-NSEs/blob/master/atg-info.nse
  metadata:
    shodan-query: '"in-tank-inventory" port:10001'
  tags: iiot,ics,scada,exposure

tcp:
  - host:
      - "{{Hostname}}"
    port: 10001

    inputs:
      - data: "\x01I20100\n"
    read-size: 1024

    matchers:
      - type: regex
        regex:
          - "(?i)IN-TANK INVENTORY"
        part: body

      - type: regex
        regex:
          - "^SEP\\s\\d{2},\\s\\d{4}"  # Example date format in the response
        part: body

      - type: word
        words:
          - "TANK PRODUCT"
        part: body

    extractors:
      - type: regex
        regex:
          - "(?m)TANK PRODUCT.*$"

PreviousFrontpage-exposures Nextunauth-VNC

Last updated 1 month ago