Cydeep — PLC Deep Inspection
Cydeep performs deep inspection of PLCs and field devices at Purdue Level 0. It speaks native industrial protocols (S7comm, CIP/EtherNet/IP, Modbus, BACnet) to extract firmware versions, running programs, configuration state, and known vulnerabilities — without modifying device state.
| Language | Rust |
| License | MIT |
| Source | github.com/cybrium-ai/cydeep |
| Current version | 0.1.0 |
Supported protocols
| Protocol | Vendor / Domain | What cydeep extracts |
|---|---|---|
| S7comm | Siemens S7 PLCs | Module info, firmware, running blocks, protection level |
| CIP | Allen-Bradley / Rockwell | Identity, serial, firmware, running programs |
| Modbus | Generic OT | Device ID, register dumps, function code probing |
| BACnet | Building automation | Object list, device info, property values |
Capabilities
| Capability | Description |
|---|---|
| Device inspection | Read PLC identity, firmware, configuration via native protocol |
| Network discovery | Scan a subnet for devices responding on industrial ports |
| Vulnerability matching | Map firmware versions to known CVEs |
| Read-only by default | Never writes to device registers or modifies running programs |
OT safety
Cydeep reads device state using native industrial protocols. While it does not write to devices by default, always coordinate with plant/facility operations before running against production PLCs.