Here's a quick Python script to enumerate Modbus services on a target IP using Nmap and Metasploit:
import osprint(" ***** ModbusCracker.py by R3dcl1ff ***** ")# Prompt user to enter target IPtarget_ip =input("Enter the IP address of the target: ")# Run Modbus-specific Nmap scriptsos.system(f"nmap --script=modbus-* {target_ip} -p 502")# Invoke Metasploit and run Modbus-specific enumeration modules against the targetos.system(f"msfconsole -q -x 'use auxiliary/scanner/scada/modbus_banner_grabbing; set RHOSTS {target_ip}; set RPORT 502 ; run; use auxiliary/scanner/scada/modbusdetect ; set RHOSTS {target_ip}; set RPORT 502 ; set UNIT_ID 1; run; use auxiliary/scanner/scada/modbus_findunitid ; set RHOSTS {target_ip}; set RPORT 502 ; set BENICE 2 ; set UNIT_ID_FROM 1 ; set UNIT_ID_TO 25 ; run; exit;' > output.txt")
print(" ***** Metasploit Enumeration Output ***** ")# Print the contents of output.txt to stdoutwithopen("output.txt", "r")as f:print(f.read())print("Enumeration complete! Check output.txt for results.")