踩点：

    探测：1.https://github.com/leebaird/discover

               2.Maltego

工具：

1. arping:http://github.com/ThomasHabets/arping或github.com/iputils/iputils 推荐星数☆☆☆☆☆

2. Arp-scan简短介绍：http://www.blackmoreops.com/2015/12/31/use-arp-scan-to-find-hidden-devices-in-your-network

这两个是用来扫描某一IP地址是否存在活动主机或设备

3. P0f，什么类型的主机或设备指纹识别：http://lcamtuf.coredump.cx/p0f3   推荐星数☆☆☆☆☆

4. GRASSMARLIN:免费开源，提供工控系统的快照、元数据等。

https://github.com/iadgov/GRASSMARLIN

https://github.com/iadgov/GRASSMARLIN/releases/latest

文献、漏洞查找

漏洞映射：

https://nvd.nist.gov

https://cve.mitre.org

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03

Http://www.securityfocus.com/

Https://exploit-db.com

威胁情报平台：

ICS-CERT:https://ics-cert.us-cert.gov美国国土安全部

http://www.critical-intelligence.com

Https://www.infragard.org  #不一定开放查找，审核严格

https://www.scadahacker.com

https://www.recordedfuture.com/ics-scada

https://www.cylance.com

http://redtigersecurity.com

https://www.kenexis.com

https://www.loftyperch.com

https://www.langner.com

https://www.dragossecurity.com

http://cyberx-labs.com

http://www.redtridentinc.com

配置审查工具：

Nipper\Nessus\Nexpose

http://www.digitalbond.com/tools/bandolier

https://www.tenable.com/plugins/index.php?view=all&family=SCADA

有助于识别工控系统设备配置和固件中漏洞的工具：Indegy