Hiya HN,<p>A client in the automation sector was looking for a tool to test the security of their OPC UA servers. All I could find was either mere PoCs or otherwise hard to grasp and use for an OT person in a corporate setting [0-3].<p>Therefore I set to create one myself. First, I invented different things to check in servers, categorized them, and approximated a CVSS score for each. Then I created an easy-to-use scanner program that does the checking and outputs a pretty HTML report.<p>The scanner contains both GUI and CLI. It is free for non-commercial use and for commercial use if your organization's yearly turnover is less than $1M.<p>It is still early in development, and I got multiple new checks and other things to add to it. There may be bugs lurking in there as well.<p>You can try it on a practice target I setup for that purpose (Try not to hammer on the server too hard): opc.tcp://scanme.opalopc.com:53530<p>All feedback welcome and encouraged. Thanks! :)<p>[0] <a href="https://github.com/scy-phy/OPC-UA-attacks-POC">https://github.com/scy-phy/OPC-UA-attacks-POC</a>
[1] <a href="https://github.com/abirke/opcuapen">https://github.com/abirke/opcuapen</a>
[2] <a href="https://github.com/secure-software-engineering/opcua-scanner">https://github.com/secure-software-engineering/opcua-scanner</a>
[3] <a href="https://github.com/COMSYS/msf-opcua">https://github.com/COMSYS/msf-opcua</a><p>Nmap was a source of inspiration for the CLI version.