A comprehensive, all-in-one open-source security auditing framework for Industrial Control Systems (ICS), IoT devices, and Operational Technology (OT) environments.
OTAUD is designed to check for misconfigurations, unsecured practices, default credentials, protocol-level vulnerabilities, and compliance gaps across your entire OT environment. It is a one-of-a-kind toolkit that has everything you need for ICS, IoT, and OT security β built to help you secure your environment.
# Clone the repository
git clone https://github.com/SiteQ8/OTAUD.git
cd OTAUD
# Make scripts executable
chmod +x otaud.sh modules/*.sh
# Run a full OT/ICS/IoT audit
sudo ./otaud.sh -t 192.168.1.0/24 -s full
# Or launch the interactive menu
sudo ./otaud.sh --interactiveOTAUD includes 8 specialized audit modules, 6 Python deep-analysis tools, and 4 compliance standard checks β covering every layer of the Purdue Enterprise Reference Architecture.
| Module | Description |
|---|---|
| Network Scanner | Host discovery, OT port scanning (40+ industrial ports), MAC-based vendor identification, banner grabbing |
| Protocol Auditor | Deep analysis of 12+ industrial protocols (Modbus, DNP3, S7comm, EtherNet/IP, OPC-UA, BACnet, MQTT, CoAP, FINS, HART-IP, IEC 104, MELSEC) |
| Configuration Audit | Default credential testing (18+ vendor pairs), SNMP community checks, web security headers, TLS validation, FTP/Telnet detection |
| PLC / HMI Check | PLC type identification (Siemens, Allen-Bradley, Omron, Mitsubishi, Schneider), CPU protection level, VNC/RDP exposure, program upload checks |
| SCADA System Audit | SCADA platform fingerprinting (Ignition, WinCC, FactoryTalk, etc.), historian exposure, database security, network segmentation validation |
| IoT Discovery | IoT device enumeration (mDNS/UPnP), MQTT anonymous access, default IoT credentials, firmware update channel security |
| Firmware Analysis | Version extraction, CVE matching, debug interface detection, TFTP exposure, bootloader security, unsigned firmware upload |
| Compliance Checker | IEC 62443, NIST SP 800-82, NERC CIP v5/v7, ISO 27001 β baseline scoring + framework-specific control checks |
OTAUD checks for misconfigurations, unauthorized access, and missing authentication across all major ICS/OT communication protocols:
| Protocol | Port | Vendors / Context | Checks Performed |
|---|---|---|---|
| Modbus TCP | 502 | Schneider, ABB, Moxa | Unit ID enumeration, function code access, register read |
| DNP3 | 20000 | Power Grid / Utilities | Secure Authentication status, address enumeration, broadcast response |
| S7comm | 102 | Siemens | CPU state query, COTP connection, PUT/GET access |
| EtherNet/IP | 44818 | Rockwell / Allen-Bradley | CIP service enumeration, device info |
| OPC-UA | 4840 | Cross-vendor | Security policy check, anonymous auth, certificate validation |
| BACnet/IP | 47808 | Building Automation | Device info, BACnet SC status |
| MQTT | 1883/8883 | IoT / Telemetry | Anonymous access, wildcard subscribe, default creds, TLS |
| CoAP | 5683 | Constrained IoT | DTLS enforcement, resource discovery |
| FINS | 9600 | Omron | Direct PLC access without authentication |
| HART-IP | 5094 | Process Instruments | Network exposure check |
| IEC 60870-5-104 | 2404 | Power Grid SCADA | Protocol exposure, tunnel requirements |
| MELSEC | 5007 | Mitsubishi | PLC accessibility |
For deeper protocol-level analysis, OTAUD includes dedicated Python modules:
# Modbus TCP deep audit β enumerate, probe, and report
python3 python/modbus_audit.py -t 10.0.0.50 --json
# DNP3 Secure Authentication check
python3 python/dnp3_check.py -t 10.0.0.100
# MQTT broker security audit
python3 python/mqtt_audit.py -t 172.16.0.20 -p 1883
# OPC-UA server security scan
python3 python/opcua_scan.py -t 192.168.1.200
# CVE lookup for OT devices (offline + optional NVD API)
python3 python/cve_lookup.py -q "rockwell" --online
# Generate HTML/JSON audit report
python3 python/report_gen.py -l reports/otaud_*.log -t 192.168.1.0/24 -o report.htmlOTAUD validates your OT environment against four major industrial cybersecurity frameworks:
| Standard | Coverage |
|---|---|
| IEC 62443 | All 7 Foundational Requirements (FR 1β7): Identification & Authentication, Use Control, System Integrity, Data Confidentiality, Restricted Data Flow, Event Response, Resource Availability |
| NIST SP 800-82 Rev 3 | Risk management, network architecture, defense-in-depth, ICS firewall rules, recommended hardening controls |
| NERC CIP v5/v7 | CIP-002 categorization, CIP-005 electronic security perimeters, CIP-007 system security management, CIP-010 configuration change management |
| ISO 27001 | Annex A controls in OT context: asset management, access control, operations security, communications security, business continuity |
# Run compliance check against a specific standard
./otaud.sh -t 192.168.1.0/24 -s compliance -c iec62443
./otaud.sh -t 10.0.0.0/16 -s compliance -c nist80082
./otaud.sh -t 172.16.0.0/24 -s compliance -c nerccip
./otaud.sh -t 192.168.2.0/24 -s compliance -c allOTAUD/
βββ otaud.sh # Main entry point & orchestrator
βββ modules/
β βββ network_scan.sh # Network discovery & port scanning
β βββ protocol_audit.sh # Industrial protocol analysis
β βββ config_audit.sh # Configuration & hardening checks
β βββ plc_check.sh # PLC/HMI/RTU security assessment
β βββ scada_audit.sh # SCADA system security audit
β βββ iot_scan.sh # IoT device discovery & audit
β βββ firmware_check.sh # Firmware analysis & CVE matching
β βββ compliance.sh # Compliance standard validation
βββ python/
β βββ modbus_audit.py # Modbus TCP deep auditor
β βββ dnp3_check.py # DNP3 protocol checker
β βββ mqtt_audit.py # MQTT broker auditor
β βββ opcua_scan.py # OPC-UA security scanner
β βββ cve_lookup.py # CVE intelligence lookup
β βββ report_gen.py # HTML/JSON report generator
βββ gui/
β βββ index.html # Web-based GUI (GitHub Pages)
βββ configs/
β βββ default.conf # Default configuration
βββ docs/
β βββ screenshots/ # README screenshots
βββ .github/
β βββ workflows/
β βββ ci.yml # CI pipeline
βββ LICENSE # MIT License
βββ README.md # This file
OTAUD β OT/ICS/IoT Security Auditing Toolkit v1.0.0
Author: Ali AlEnezi (SiteQ8)
USAGE:
./otaud.sh [OPTIONS] -t <target>
./otaud.sh --interactive
OPTIONS:
-t, --target <ip/range> Target IP address or CIDR range
-s, --scan <type> Scan type: full | quick | compliance
-m, --module <name> Run a specific module only
-o, --output <format> Output: html | json | txt (default: html)
-c, --compliance <std> Standard: iec62443 | nist80082 | nerccip | iso27001
-T, --threads <n> Thread count (default: 10)
-v, --verbose Enable verbose/debug output
-n, --dry-run Show what would run without executing
-i, --interactive Launch interactive menu
-h, --help Show this help message
-V, --version Show version
EXAMPLES:
./otaud.sh -t 192.168.1.0/24 -s full
./otaud.sh -t 10.0.0.50 -m protocol_audit -v
./otaud.sh -t 172.16.0.0/16 -s compliance -c iec62443
./otaud.sh --interactive
Required:
- Bash 4.0+
- Python 3.8+
Recommended (for full functionality):
nmapβ network scanning and NSE scriptscurlβ web interface checksopensslβ TLS/SSL analysisjqβ JSON processingdigβ DNS checkssnmpwalkβ SNMP auditingnetcat (nc)β banner grabbing
# Install all dependencies (Debian/Ubuntu)
sudo apt update && sudo apt install -y nmap curl openssl jq dnsutils snmp netcat-openbsdOTAUD includes a web-based GUI hosted on GitHub Pages that documents all modules, protocols, architecture mapping, and usage examples:
π https://siteq8.github.io/OTAUD/gui/
OTAUD is designed for authorized security assessments only. Always obtain proper written authorization before scanning any network or system. Unauthorized scanning of computer systems is illegal in most jurisdictions.
This tool is provided for defensive security purposes β to help organizations identify and remediate vulnerabilities in their OT environments before adversaries can exploit them.
Contributions are welcome! Feel free to:
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-module) - Commit your changes (
git commit -m 'Add new module') - Push to the branch (
git push origin feature/new-module) - Open a Pull Request
This project is licensed under the MIT License β see the LICENSE file for details.
Ali AlEnezi β @SiteQ8
Built with passion for securing critical infrastructure. π
β Star this repo if OTAUD helps secure your OT environment!