Skip to content

bariskececi/exposed

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

🌍 EXPOSED

EXPOSED

How much critical infrastructure is sitting on the open internet — and what to do about yours.

▶ Open the live map · no install, opens in one click.

EXPOSED demo

Most people picture industrial control systems as sealed, air-gapped, untouchable. The reality: water plants, power grids, factories and building systems answer to the public internet on protocols that have no password and no encryption. EXPOSED puts that on a live world map — country by country, protocol by protocol — so the scale is impossible to ignore.

Then it does the part that actually matters: it tells you what to fix.

Two halves

1. The map — see the scale. A rolling global survey of internet-exposed OT across six protocols — Modbus, Siemens S7, DNP3, IEC-104, BACnet, EtherNet/IP. Markers are sized by exposure, a live feed streams responders as they're found, and you can filter by region and by protocol — every one comes with a plain-language note on what it is and why exposure matters. Hover any country to inspect it. It's the "wait, that much?" moment in ten seconds.

2. The advisor — get your plan. Hit Check your exposure, pick your sector, answer six yes/no questions about your environment, and EXPOSED generates a prioritised action plan — the exact fixes, in the right order, each with why it matters and how to do it. The guidance follows the SANS 5 ICS Critical Controls and CISA recommendations — the same fundamentals that stop the majority of real OT intrusions.

No hand-waving. If your OT is on the internet, it tells you to get it off, and how. If you have no monitoring — the state of over 90% of OT networks — it tells you where to start.

Why it's built this way

Awareness without action is just anxiety. Plenty of dashboards will scare you; very few tell you what to do on Monday morning. EXPOSED is designed to move a visitor from "oh no" to "okay, here are my first five moves" — and to point at free, open-source tools that actually perform those moves.

Responsible use

  • No real hosts. No IP addresses. No target list. The map uses representative aggregate figures modelled on public internet-exposure research (Shodan/Censys- style scans). It communicates scale and trend, not "go attack this."
  • It's an awareness and guidance tool for defenders, educators, and decision-makers.
  • The action plan is real, framework-grounded OT security advice you can act on immediately.

Built to spread

  • One file. Pure HTML5 Canvas + vanilla JavaScript. No build, no dependencies, no tracking. Everything runs in the browser — nothing is uploaded.
  • Runs anywhere. Open index.html, or host on any static server / GitHub Pages. Works offline.
open index.html            # macOS
xdg-open index.html        # Linux
python3 -m http.server 8080   # or serve it → http://localhost:8080

License

MIT — see LICENSE. Part of the GNSAC OT security toolkit.

About

Live survey of internet-facing critical infrastructure (OT/ICS) — see the exposure, filter it, get an action plan. Runs in your browser.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages