scanning tools
nmap, has s7-info script, maybe more nessus redpoint https://github.com/digitalbond/Redpoint Industrial Exploitation Framework has some scanning tools https://github.com/dark-lbp/isf isef (used by equation group) but only really uses scripts https://github.com/w3h/isf smod, modbus toolkit has a scanner, cant find og source https://github.com/Joshua1909/smod - proper source = https://libraries.io/github/enddo/smod modscan, find niceer source https://github.com/moki-ics/modscan plcscan - s7comm or modbus https://github.com/yanlinlin82/plcscan scadashutdowntool, has enumaration capabilities https://github.com/0xICF/SCADAShutdownTool sixnet-tools has scanning for sixnet rtus https://github.com/mssabr01/sixnet-tools s7scan based on plcscan but better https://github.com/klsecservices/s7scan splone, vuln assesser but includes scanner https://splone.com/splonebox/ scada-tools has some scanning thing sin here, could be the same https://github.com/atimorin/scada-tools modus-scanner scans for chhanges in modbus values https://github.com/arnaudsoullie/modbus-scanner shodan...? masscan scans whhole internet https://github.com/robertdavidgraham/masscan modbus-discover improvement on modscan https://nmap.org/nsedoc/scripts/modbus-discover.html plc-scanner gui scanner https://plcdatatools.com/plc-data-tools/plc-scanner/ SimaticScan also looks for vulnN PIVoT Scan - vuln scanner, uses nessus scripts, academic, https://eprints.lancs.ac.uk/id/eprint/132771/1/PiVOTScan.pdf
Simatic Manager - simenes manager software, has scanning, paid Rockwell Version - http://rockwell.lookbookhq.com/factorytalk-assetcentre-pr/asset-3?utm_source=Marketing&utm_medium=Public_Relations&utm_content=FTalkAssetCentre7_NewsRelease_June92016&utm_campaign=Software_NA_XX_EN_2016