Automating ICS/OT File Extension Searches Across Platforms

2 min readJun 7, 2024

I was inspired by the SCADA-Common-File-Extensions.tsv list to create a Python script that automates the search for ICS/OT file extensions. While there is an existing PowerShell script, ICSExtearch, designed for Windows, my script works seamlessly on any system — Linux, Windows, and Mac. This tool is incredibly useful for ICS engineers to identify sensitive ICS files on their systems.

Why This Script?

ICS (Industrial Control Systems) and OT (Operational Technology) environments often involve numerous files with specific extensions that are critical for system operations and security. Quickly identifying these files can be a tedious task, especially across different operating systems. My Python script simplifies this process, making it more efficient and cross-platform compatible.

Features

Cross-Platform Compatibility: Works on Linux, Windows, and Mac.
Customizable: Easily add, remove, or comment on file extensions.
Simple Usage: Run the script and optionally save the output to a file.

How to Use the Script

Running the Script: To execute the script, simply run the following command in your terminal:

python3 ICSfile.py

2. Saving the Output to a File: If you want to save the output to a file for. further analysis, use the following command:

python3 ICSfile.py > file.txt

Example Code

Below is a sample of what the Python script looks like:

import os

# List of ICS/OT file extensions
file_extensions = [
    '.sch', '.dgn', '.dwg', '.dxf', '.g', '.hmi', '.jmx', '.jks', '.log', '.mvl', '.opc', '.pcap', '.pcr', '.plt', 
    '.saf', '.scd', '.wsd', '.csv', '.xml', '.bak', '.dat'
]

# Function to search for files with given extensions
def search_files(directory, extensions):
    for root, dirs, files in os.walk(directory):
        for file in files:
            if any(file.endswith(ext) for ext in extensions):
                print(os.path.join(root, file))

# Run the search in the current directory
if __name__ == "__main__":
    search_files('.', file_extensions)

Customization

You can easily modify the file_extensions list to include or exclude specific file types according to your needs. Commenting out a file extension is straightforward:

file_extensions = [
    '.sch', # Schema files
    '.dgn', # Design files
    # '.dwg', # Drawing files (commented out)
    '.dxf', # Drawing exchange format
    # Add or remove extensions as needed
]

Source Code

You can find the complete source code on my GitHub repository: GitHub — ICS File

Conclusion

This script is a handy tool for ICS engineers, providing a quick and efficient way to locate sensitive ICS/OT files across various operating systems. By automating this process, we can enhance our cybersecurity practices and ensure critical files are easily identifiable.

Feel free to contribute or provide feedback to further improve this tool!