Nmap

---

tags: OT_Scanning OT_Nmap

---

HMI Systems

nmap -Pn -sT -p 46824 <Target IP>

Scanning Siemens SIMATIC S7 PLCs

nmap -Pn -sT -p 102 –script=s7-info <Target IP>

Scanning Modbus Devices

nmap -Pn -sT -p 502 --script modbus-discover <Target IP>

Scanning BACnet Devices

nmap -Pn -sU -p 47808 --script bacnet-info <Target IP>

Scanning Ethernet/IP Devices

nmap -Pn -sU -p 44818 --script enip-info <Target IP>

Scanning Niagara Fox Devices

nmap -Pn -sT -p 1911,4911 --script fox-info <Target IP>

Scanning ProConOS Devices

nmap -Pn -sT -p 20547 --script proconos-info <Target IP>

Scanning Omron PLC Devices

nmap -Pn -sT -p 9600 --script omron-info <Target IP>

Scanning PCWorx Devices

nmap -Pn -sT -p 1962 --script pcworx-info <Target IP>