creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 06:54:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-scada-hmi-security-assessment/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

87 lines
2.5 KiB
Markdown
Raw Blame History

# SCADA HMI Security Assessment - API Reference
## SCADA Protocol Ports
| Port | Protocol | Description |
|------|----------|-------------|
| 102 | S7comm | Siemens S7 PLC communication |
| 502 | Modbus TCP | Industrial automation protocol |
| 2222 | EtherNet/IP | Allen-Bradley, Rockwell |
| 4840 | OPC UA | Open Platform Communications Unified Architecture |
| 20000 | DNP3 | Distributed Network Protocol |
| 47808 | BACnet | Building Automation and Control |
## Port Scanning (socket stdlib)
```python
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(2.0)
result = sock.connect_ex((target, port)) # 0 = open
sock.close()
```
## pyshark for Protocol Analysis
```python
import pyshark
cap = pyshark.FileCapture("traffic.pcap")
for pkt in cap:
for layer in pkt.layers:
print(layer.layer_name) # modbus, s7comm, dnp3, etc.
cap.close()
```
### Insecure SCADA Protocols
These protocols lack built-in encryption and authentication:
- **Modbus TCP** - No auth, no encryption, commands in plaintext
- **S7comm** - No auth (pre-V4), no encryption
- **DNP3** - Optional Secure Authentication (SA), rarely deployed
- **BACnet** - No native security mechanisms
- **EtherNet/IP** - No encryption, device enumeration possible
## HMI Configuration Checks
| Check | Severity | Description |
|-------|----------|-------------|
| Authentication disabled | Critical | HMI allows anonymous access |
| No session timeout | High | Sessions persist indefinitely |
| TLS disabled | High | Communications in plaintext |
| Remote access without VPN | Critical | HMI exposed without tunnel |
| No RBAC | High | Single role or no access control |
| Default credentials | Critical | Factory-default username/password |
## Common Default Credentials
| Username | Password | Platform |
|----------|----------|----------|
| admin | admin | Generic HMI |
| admin | 1234 | Siemens WinCC |
| operator | operator | Wonderware |
| engineer | engineer | GE iFIX |
| guest | guest | Various |
## ICS Security Standards
- **IEC 62443** - Industrial communication network security
- **NIST SP 800-82** - Guide to ICS Security
- **NERC CIP** - Critical Infrastructure Protection (power grid)
## Output Schema
```json
{
"report": "scada_hmi_security_assessment",
"target": "192.168.1.100",
"total_findings": 6,
"severity_summary": {"critical": 2, "high": 3, "medium": 1},
"findings": [{"type": "open_scada_port", "severity": "high"}]
}
```
## CLI Usage
```bash
python agent.py --target 192.168.1.100 --pcap traffic.pcap --config hmi.json --output report.json
```
Reference in New Issue View Git Blame Copy Permalink