Bettercap_ICS is an unofficial fork of bettercap, with the aim of adding industrial protocols and new exfiltration techniques to the existing framework.
WARNING: This repository is in developement , does not take this version as it.
- Modbus dissector for the following Functions Code (1,2,3,4,5,6)
- Functions 15 and 16 have been implemented but not tested.
- data exfiltrations by icmp protocol
- Integrity check via checksum
- 32 byte chuncked data for eatch icmp packet sent.
- Serveur writen in python (scapy) for icmp packet handleing (interface selecitons via flag)
- Exfiltrations not working for modbus functions code 15 and 16.
- Selectable exfiltrations server.
- Exfiltrations implemented in bettercap command line interfaces.
- S7comm dissector implementations.
- DNS exfiltrations.
you can test the feature by
# on one terminal.
# need to install scapy.
python sample/run_pcap_sample.py -f /bettercap/sample/modbus_packet/MODBUS_SAMPLE_FUNCTION_CODE.pcap
# on a onther terminal.
go run main.go -script script/run_probe_sniff_on.jsIf you whant to test the exfiltrations:
# change the SrcIP and the DstIP inside the "exil_icmp_echo" functions on the "net_sniff_modbus_tcp.go" file
# on a other machine.
# the file is located inside the /module/exfiltration path
python server_icmp_echo8.py -eth IFACE_NAMESome output example.
Exemple of exfiltrations
bettercap_ICS is made with ♥ by me and take the work of the dev team, it's released under the GPL 3 license.
