The Shodan_ICS repository has been created to assist in identifying public facing SCADA/ICS IT Assets connected to the internet.
The Shodan_ICS python scripts can be utilized to display detailed information for each IP Address return by each Shodan search. This is done by calling the Shodan API and stripping/parsing the returned data.
This project is coded in python3 and requires the following packages:
shodan --> installation: pip3 install shodan
sys --> installation: pip3 install sys
colorama --> installation: pip3 install colorama
Download and run Shodan_ICS from command line:
git clone https://github.com/rpanov/Shodan_ICS.git
$python3 IPEnumeration.py [shodan search]
$python3 IPEnumeration_colored.py [shodan search]
Additionally, one can use the my compiled list of Shodan searches (i.e. Shodan_ICS_Searches.txt file) and the supplemental Vendor/product lists, to search generic ICS or SCADA assets:
- Shodan.io web interface
- Shodan script with API Key.
Obviously, these searches and lists are not exhaustive of all possibilities and mileage will vary.
Please feel free to give advice, ideas, and opinions on how it can be improved! Thanks.