Tool for scan PLC devices over s7comm or modbus protocols.

Usage examples

• plcscan.py 192.168.0.1

• plcscan.py --timeout 2 192.168.0.1:102 10.0.0.0/24

• plcscan.py --hosts-list hosts.txt

where file hosts.txt looks like:

192.168.1.15

192.168.1.107:102

example.host:502

Output examples

Siemens PLC

127.0.0.1:102 S7comm (src_tsap=0x100, dst_tsap=0x102)

Module                   : 6ES7 151-8AB01-0AB0  v.0.2       (36455337203135312d38414230312d304142302000c000020001)

Basic Hardware           : 6ES7 151-8AB01-0AB0  v.0.2       (36455337203135312d38414230312d304142302000c000020001)

Basic Firmware           :                      v.3.2.6     (202020202020202020202020202020202020202000c056030206)

Unknown (129)            : Boot Loader           A          (426f6f74204c6f61646572202020202020202020000041200909)

Name of the PLC          : SIMATIC 300(xxxxxxxxx)       (53494d4154494320333030280000000000000000002900000000000000000000)

Name of the module       : IM151-8 PN/DP CPU                (494d3135312d3820504e2f445020435055000000000000000000000000000000)

Plant identification     :                                  (0000000000000000000000000000000000000000000000000000000000000000)

Copyright                : Original Siemens Equipment       (4f726967696e616c205369656d656e732045717569706d656e74000000000000)

Serial number of module  : S C-BOUVxxxxxxxx                 (5320432d424f5556xxxxxxxxxx00000000000000000000000000000000000000)

Module type name         : IM151-8 PN/DP CPU                (494d3135312d3820504e2f445020435055000000000000000000000000000000)

Modbus device

127.0.0.1:502 Modbus/TCP

Unit ID: 0

Response error: ILLEGAL FUNCTION

Device info error: ILLEGAL FUNCTION

Unit ID: 255

Response error: GATEWAY TARGET DEVICE FAILED TO RESPOND

Device: Lantronix I WiPo V3.2.25

[出自:jiwo.org]