MCPcopy
hub / github.com/hslatman/awesome-industrial-control-system-security

github.com/hslatman/awesome-industrial-control-system-security @main sqlite

repository ↗ · DeepWiki ↗
4 symbols 21 edges 2 files 0 documented · 0%
README

awesome-industrial-control-system-security

A curated list of resources related to Industrial Control System (ICS) security.

Feel free to contribute.

Tools

AttkFinder AttkFinder is a tool that performs static program analysis of PLC programs, and produce Data-oriented Attack vectors. In a nutshell, AttkFinder takes PLC programs written under the standard IEC-61131-3 in xml-format or structured text, and builds a Data-Flow graph (DFG), a Control-Flow graph (CFG) and translates the program into a Structured Intermediate Representation Language (STIR) version. A symbolic execution engine analyses the stir-version code searching for attack vectors that can be exploited by a malicious actuator.​
CSET The Cyber Security Evaluation Tool (CSET®) assists organizations in protecting their key national cyber assets. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.​
Digital Bond's 3S CoDeSys Tools Digital Bond created three tools for interacting with PLCs that run CoDeSys, consisting of a command shell, file transfer and NMap script.
Digital Bond's ICS Enumeration Tools Redpoint is a Digital Bond research project to enumerate ICS applications and devices using nmap extensions. It can be used during assessments to discover ICS devices and pull information that would be helpful in secondary testing. The Redpoint tools use legitimate protocol or application commands to discover and enumerate devices and applications. There is no effort to exploit or crash anything, but be wise and careful.
GRASSMARLIN GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems.
ics_mem_collect Memory collector for GE D20MX. The project itself can be extended to work with other devices.
ISF The Industrial Exploitation Framework (ISF) is an exploitation framework similar to Metasploit written in Python. It is based on the open source Routersploit tool. It contains exploits for several types of controllers, such as QNX, Siemens and Schneider devices and includes several scanners.
ISEF The Industrial Security Exploitation Framework (ISEF) is an exploitation framework based on the Equation Group Fuzzbunch toolkit as released by Shadow Brokers. It's developed by the ICSMASTER Security Team.
ICSREF A modular framework that automates the reverse engineering process of CODESYS binaries compiled with the CODESYS v2 compiler.
ICSFuzz A PLC-side fuzzing tool for uncovering vulnerabilities in ICS control applications. The current version supports only applications based on the Codesys platform which has been modified and adapted for the Wago PLC.
ꓘamerka GUI Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
mbtget mbtget - Simple perl script for make some modbus transaction from the command line.
MiniCPS MiniCPS: A toolkit for security research on Cyber-Physical Systems from Singapore University of Technology and Design (SUTD).
MODBUS Penetration Testing Framework smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. The framework can be used to perform vulnerability assessments.
ModbusPal ModbusPal is a MODBUS slave simulator. Its purpose is to offer an easy to use interface with the capabilities to reproduce complex and realistic MODBUS environments.
ModScan ModScan is a new tool designed to map a SCADA MODBUS TCP based network.
NetToPLCSim TCP/IP-Network extension for the PLC simulation software Siemens PLCSim.
OpenDNP3 OpenDNP3 is the de facto reference implementation of IEEE-1815 (DNP3) provided under the Apache License. It is currently in maintenance-only mode and new features are no longer being added. Automatak has rebranded as Step Function I/O and is now focused on writing protocol libraries in Rust.
PLCinject PLCinject can be used to inject code into PLCs.
plcscan Tool for scaning PLC devices over the s7comm or modbus protocol.
Quickdraw IDS The Quickdraw IDS project by Digital Bond includes Snort rules for SCADA devices and so-called preprocessors for network traffic. The preprocessors provide significant additional value because of their ability to reconstruct the protocol and state for use by Snort.
S7Comm-Analyzer A plugin for Bro that parses S7comm protocol data traffic.
SCADAShutdownTool SCADAShutdownTool is an industrial control system automation and testing tool allows security researchers and experts to test SCADA security systems, enumerate slave controllers, read controller's registers values and rewrite registers data.
sixnet-tools Tool for exploiting Sixnet RTUs. This simple command line interface allows using undocumented function codes to gain root access anc control the underlying Linux OS on certain Sixnet family industrial control devices.
Snap7 Snap7 is an open source, 32/64 bit, multi-platform Ethernet communication suite for interfacing natively with Siemens S7 PLCs. The new CPUs 1200/1500, the old S7200, the small LOGO 0BA7/0BA8 and SINAMICS Drives are also partially supported.
s7scan A tool written in Python that scans networks, enumerates Siemens PLCs and gathers basic information about them, such as PLC firmware and hardware version, network configuration and security parameters.
S7 Password Bruteforcer A tool to bruteforce the password used by S7 instances from a PCAP using a dictionary. Original created by SCADAStrangelove.
splonebox splonebox is an open source network assessment tool with focus on modularity. It offers an ongoing analysis of a network and its devices. One major design decision features development of custom plugins, including ones for industrial communication protocols.
Wireshark Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. It has support for many protocols used in ICS.
PCS7-Hardening-Tool A standalone PowerShell script that enumerates security issues on Siemens PCS 7 DCS servers, based on Siemens security guides. created by OTORIO

Distributions

Moki Linux Moki is a modification of Kali to encorporate various ICS/SCADA Tools scattered around the internet, to create a customized Kali Linux geared towards ICS/SCADA pentesting professionals.
ControlThings Platform(Previously SamuraiSTFU) The ControlThings Platform is an open source linux distribution for ICS cyber security teams. It takes the best-in-breed security assessment tools for traditional IT infrastructures and adds specialized tools for embedded electronics, proprietary wireless, and a healthy dose of ICS specific assessment tools, both from the community and custom tools created by the ControlThings I/O teams.

Honeypots

Conpot Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. It features easy customization and and behaviour mimicking, amongst others, and can be extended with real HMIs. Built and maintained under the Honeynet project.
GasPot GasPot is a honeypot that has been designed to simulate a Veeder Root Gaurdian AST. These Tank Gauges are common in the oil and gas industry for Gas Station tanks to help with Inventory of fuels. GasPot was designed to randomize as much as possible so no two instances look exactly the same.
T-Pot T-Pot is a combinat

Core symbols most depended-on inside this repo

get_challenge_response
called by 1
source/s7-cracker.py
calculate_s7response
called by 1
source/s7-cracker.py
get_challenge_response
called by 1
source/s7-brute-offline.py
calculate_s7response
called by 1
source/s7-brute-offline.py

Shape

Function 4

Languages

Python100%

Modules by API surface

source/s7-cracker.py2 symbols
source/s7-brute-offline.py2 symbols

For agents

$ claude mcp add awesome-industrial-control-system-security \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact