All-in-one ICS/SCADA hacking, red teaming, malware analysis, detection, and lab architecture cheat sheet

Multi-stage ICS cyberattack simulation against 69kV/13.8kV distribution substation: IT-to-OT pivot culminating in unauthorized Modbus PLC manipulation. Includes PCAP forensic analysis, NIST incident response playbook, attack scripts, and real-world impact assessment for critical infrastructure security education.

ScadaFlare Authenticated RCE Exploit Framework for ScadaBR (CVE-2021-26828) OpenPLC ScadaBR

Authenticated Modbus FC23 Writer for OmniPLC 3000

ICS Incident Response Automation Framework Python framework for executing automated incident response playbooks in ICS/SCADA environments. Supports network isolation, forensic preservation, logic restoration, and safety system interventions. Designed for defenders, researchers, and red team simulations in operational technology networks.

Industrial Control System security monitoring with Modbus traffic analysis and anomaly detection.

An Industrial Control Systems (ICS), Internet of Things (IoT), and Operational Technology (OT) hardening framework offering security controls, implementation guides, and tools to protect operational technology environments.

An ICS/OT toolkit written in python

Multi-protocol ICS security scanner detecting vulnerabilities in Modbus, S7, DNP3, BACnet, MQTT & SNMP. Features configurable scan intensities, safe-by-default operation & comprehensive reporting. Identifies misconfigurations & security flaws in industrial environments.

OT (Operational Technology Exploitation Framework) a exploitation framework based on Python

GRIDSAFE - Grid Security Assessment and Framework Evaluation

Prototyping Work done with The CYNICS Group

Busting ICS/SCADA over modbus

The Datasets contain a wide variety of network and physical behaviours of an IEC-61850-compliant zone substation. The datasets are compatible with actual substation network traffic, including benign GOOSE packets, benign SV packets, and MALICIOUS SV packets. The datasets consist of two versions, including raw datasets and labelled datasets.

The Datasets contain a wide variety of network and physical behaviours of an IEC-61850-compliant zone substation. The datasets are compatible with actual substation network traffic, including benign GOOSE packets, MALICIOUS GOOSE packets, and benign SV packets. The datasets consist of two versions, including raw datasets and labelled datasets.

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

A low-cost, DIY data diode for ICS

A simple high-level Python interface for the Dragos portal API

Simple and automated way of gathering alerts about vulnerabilities and threats regarding ICS/SCADA reported by CISA.

an easy pentesting tool.