▄██████▄ ███ ▄████████ ███ █▄ ████████▄
███ ███ ▀█████████▄ ███ ███ ███ ███ ███ ▀███
███ ███ ▀███▀▀██ ███ ███ ███ ███ ███ ███
███ ███ ███ ▀ ███ ███ ███ ███ ███ ███
███ ███ ███ ▀███████████ ███ ███ ███ ███
███ ███ ███ ███ ███ ███ ███ ███ ███
███ ███ ███ ███ ███ ███ ███ ███ ▄███
▀██████▀ ▄████▀ ███ █▀ ████████▀ ████████▀
Each module targets a specific layer of OT security — from network discovery to compliance validation. Run them individually or orchestrate a full audit.
Host discovery, OT-specific port scanning (40+ industrial ports), MAC-based vendor identification, and service banner grabbing.
Deep analysis of 10+ industrial protocols: Modbus TCP, DNP3, S7comm, EtherNet/IP, OPC-UA, BACnet, MQTT, CoAP, FINS, HART-IP.
Checks for default credentials (18+ vendor-specific), weak SNMP communities, insecure web interfaces, TLS misconfigurations, and exposed services.
Identifies PLC types (Siemens, Allen-Bradley, Omron, Mitsubishi, Schneider), checks access controls, CPU protection level, and HMI web exposure.
Identifies SCADA web platforms (Ignition, WinCC, FactoryTalk, etc.), checks historian exposure, database security, and network segmentation.
Discovers IoT devices via mDNS/UPnP, checks MQTT brokers for anonymous access, tests default IoT credentials, and validates firmware update channels.
Extracts firmware versions, matches against known CVE database, checks for debug interfaces, TFTP exposure, and unsigned update mechanisms.
Validates against IEC 62443, NIST SP 800-82, NERC CIP, and ISO 27001. Provides baseline scoring and framework-specific control checks.
OTAUD checks for misconfigurations, unauthorized access, and missing authentication across all major ICS/OT communication protocols.
OTAUD's modules map to the Purdue Enterprise Reference Architecture (ISA-95), covering every layer from the physical process to the enterprise network.
Deep-dive Python tools for protocol-level auditing, CVE intelligence, and professional report generation.
python3 python/modbus_audit.py -t <ip>
Enumerates unit IDs, tests all function codes, reads device identification, samples holding registers for information disclosure.
python3 python/dnp3_check.py -t <ip>
Validates Secure Authentication status, enumerates outstation addresses, tests broadcast response handling.
python3 python/mqtt_audit.py -t <ip>
Tests anonymous access, default credentials, wildcard subscriptions, $SYS topic exposure, and TLS configuration.
python3 python/opcua_scan.py -t <ip>
Validates security policies, checks for anonymous authentication, tests certificate configuration and TLS settings.
python3 python/cve_lookup.py -q <vendor>
Curated database of 25+ critical ICS CVEs. Optional NVD API integration for real-time lookup. Covers all major OT vendors.
python3 python/report_gen.py -l <log> -o report.html
Generates professional HTML/JSON reports from audit logs with severity classification and remediation guidance.
OTAUD validates your OT environment against the world's leading industrial cybersecurity frameworks.
Full coverage of Foundational Requirements (FR 1–7): Identification & Authentication, Use Control, System Integrity, Data Confidentiality, Restricted Data Flow, Event Response, Resource Availability.
Guide to ICS Security — validates risk management, network architecture, defense-in-depth, firewall rules, and ICS-specific security recommendations.
Critical Infrastructure Protection for electric sector: CIP-002 categorization, CIP-005 electronic security perimeters, CIP-007 system security, CIP-010 configuration management.
Information Security Management applied to OT: Annex A controls for asset management, access control, operations security, communications security, and business continuity.
Get started in seconds. Clone, chmod, and run.