// the find
dark-lbp/isf
ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python
ISF is a Metasploit-style exploitation framework for industrial control systems — PLCs, SCADA protocols, and OT network devices. It bundles protocol clients (Modbus, S7comm, Profinet DCP, WdbRPC2), scanners, and exploit modules into a routersploit-derived CLI. Aimed at ICS penetration testers and security researchers who need hands-on access to OT protocols without writing raw Scapy from scratch.
The protocol implementations (S7comm, Profinet DCP, WdbRPC2) are the real value here — these aren't trivially available elsewhere in Python, and they're usable standalone via Scapy if you just need the protocol layer. The routersploit-style module system is a known pattern, so anyone familiar with Metasploit can pick this up in minutes. Documentation is unusually thorough for a tool in this space: each module has its own doc page with actual usage examples, not just a README stub. The creds module coverage (FTP, SSH, Telnet, HTTP basic/digest/form, SNMP, S7) means you can do a realistic OT network assessment without stitching together five different tools.
Last commit was January 2024 and the version string still says 0.1.0 — the S7comm plus client and scanner are present in the tree but appear incomplete, which matters since S7-1500 runs S7comm+ exclusively. The exploit module count is thin: seven exploits across four vendors is what you'd expect in a PoC repo, not a framework. Python 2/3 compatibility is unclear from the README and the install instructions just say 'python isf.py', which will break on most modern setups. No network isolation warnings beyond the boilerplate disclaimer — running scanners like profinet_dcp_scan broadcast on layer 2 and will light up real production OT networks, which is exactly the kind of thing that causes incidents.