Bettercap_ICS

command module

v0.0.0-...-5f331bc Latest Latest Go to latest Published: May 5, 2024 License: GPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/biero-el-corridor/Bettercap_ICS

Links

Open Source Insights

README ¶

Bettercap ICS

Bettercap_ICS is an unofficial fork of bettercap, with the aim of adding industrial protocols and new exfiltration techniques to the existing framework.

WARNING: This repository is in developement , does not take this version as it.

Added feature

Modbus dissector for the following Functions Code (1,2,3,4,5,6)
- Functions 15 and 16 have been implemented but not tested.
data exfiltrations by icmp protocol
- Integrity check via checksum
- 32 byte chuncked data for eatch icmp packet sent.
- Serveur writen in python (scapy) for icmp packet handleing (interface selecitons via flag)
- Exfiltrations not working for modbus functions code 15 and 16.

Future feature

Selectable exfiltrations server.
Exfiltrations implemented in bettercap command line interfaces.
S7comm dissector implementations.
DNS exfiltrations.

Test

you can test the feature by

# on one terminal. 
# need to install scapy.
python sample/run_pcap_sample.py -f /bettercap/sample/modbus_packet/MODBUS_SAMPLE_FUNCTION_CODE.pcap 

# on a onther terminal.
go run main.go -script script/run_probe_sniff_on.js

If you whant to test the exfiltrations:

# change the SrcIP and the DstIP inside the "exil_icmp_echo" functions on the "net_sniff_modbus_tcp.go" file
# on a other machine. 
# the file is located inside the /module/exfiltration path
python server_icmp_echo8.py -eth IFACE_NAME

Some output example.

Exemple of exfiltrations

License

bettercap_ICS is made with ♥ by me and take the work of the dev team, it's released under the GPL 3 license.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
caplets Package caplets contains functions to enumerate, load and execute caplets.	Package caplets contains functions to enumerate, load and execute caplets.
core Package core contains basic utility functions.	Package core contains basic utility functions.
firewall Package firewall contains the OS specific implementation of the FirewallManager interface.	Package firewall contains the OS specific implementation of the FirewallManager interface.
js
log Package log contains a transparent interface for logging which interacts with the system event queue.	Package log contains a transparent interface for logging which interacts with the system event queue.
modules Package modules contains session modules.	Package modules contains session modules.
any_proxy
api_rest
arp_spoof
ble
c2
caplets
dhcp6_spoof
dns_spoof
events_stream
exfiltrations
gps
hid
http_proxy
http_server
https_proxy
https_server
mac_changer
mdns_server
modbus
mysql_server
ndp_spoof
net_probe
net_recon
net_sniff
packet_proxy
syn_scan
tcp_proxy
ticker
ui
update
utils
wifi
wol
network Package network contains network specific code ...	Package network contains network specific code ...
packets Package packets contains structure declarations for network packets and the main packets queue.	Package packets contains structure declarations for network packets and the main packets queue.
routing
session Package session contains code to manage the interactive session, modules, environment, etc.	Package session contains code to manage the interactive session, modules, environment, etc.
tls Package tls contains code for TLS certificate generation and signing.	Package tls contains code for TLS certificate generation and signing.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL