Network administrators rely on reconnaissance tools such as Nmap to analyze network structures and gather critical information. In addition to support for Profinet and HART-IP protocols, The German Federal Office for Information Security (BSI) recognizes the importance of IEC 61850 in power networks and has therefore commissioned the Fraunhofer Institute, IOSB, Karlsruhe to develop a specialized plug-in for Nmap. The plug-in greatly facilitates the extraction of relevant data, such as nameplate details and network specifics.

OMICRON’s Contribution

During the development phase, we provided practical insights and addressed key challenges encountered during laboratory testing. With seven years of expertise in extracting nameplate data from protection, automation, and control devices in the power grid, we have gained extensive experience in navigating the variations that exist in the IEC 61850 standardization. Then, despite the standardized format outlined in IEC 61850, there are variations in how vendors interpret and store this data within their IED data models. Over time, we have built up a database of these exceptions and contributed to the enhancement of the scripts accordingly. In addition, we have provided detailed information how to handle complex cases like devices with nested logical devices, providing potential solutions for future implementation.


The BSI, in collaboration with the Fraunhofer Institute, proactively addressed the identified issues by incorporating the valuable insights and recommendations of our OT protocol and cybersecurity experts. This collaborative effort resulted in significant improvements to the plug-in, ensuring optimized functionality across all OT networks.* As a thank you, our colleagues Christoph Rheinberger, Burak Tahincioglu and André Komes are explicitly mentioned in the corresponding README file.

Help for Network Administrators

Available to all network administrators, Nmap remains a versatile and free network analysis tool. By taking advantage of the enhanced functionality of the new plug-in, administrators can drive improved network management and security for a deeper insight into their IEC 61850 networks.

For more details and access to the official GitHub page, visit

*While OMICRON dedicated resources to reviewing the scripts' concepts, extensive testing was limited to the devices listed in the Consequently, exercise caution when deploying these scripts in live energy facilities. Variances in MMS implementations within the IEDs may result in different responses to queries from this script.