Industrial Control System Protocol Scanner!
scadex is a multi threaded Industrial Control System network scanner designed to identify ICS protocols running on IP hosts.
- 🔍 Detects multiple ICS protocols:
- Modbus/TCP (502)
- Siemens S7 (102)
- BACnet/IP (47808)
- DNP3 (20000)
- Multi-threaded scanning for high performance
- Supports IP lists, CIDR notations, and IP ranges
- Optional CSV output for logging discovered hosts
- High Accuracy
- GCC or Clang (C compiler)
- POSIX environment (Linux, BSD, macOS)
gcc -o scadex scadex.c -lpthread./scadex -i targets.txt -t 50 -o results.csv -v -p modbus,s7,bacnet,dnp3| Option | Description |
|---|---|
-i <file> |
Input file containing IPs, ranges, or CIDR blocks (required) |
-t <threads> |
Number of concurrent threads (default: 20, max: 100) |
-o <file> |
Output CSV file for detected services |
-v |
Verbose mode (shows all scanned IPs, even those without detections ) |
-p <protocols> |
Comma-separated list of protocols to scan (modbus, s7, bacnet, dnp3) |
-h |
Display usage information |
- Add more ICS/SCADA protocols
- Add banner grabbing / version detection
| Command | Description |
|---|---|
./scadex -i iplist.txt |
Scan all default ICS protocols |
./scadex -i ips.txt -p modbus |
Scan only Modbus devices |
./scadex -i network.txt -t 100 -v |
Run verbose scan with 100 threads |
./scadex -i targets.txt -o found.csv |
Save detected hosts to CSV |