β οΈ Disclaimer
Labshock is provided strictly for educational and training use in fully isolated environments.
Never use Labshock or its components against production systems or networks you do not own or have explicit permission to test.
The author is not responsible for any misuse, data loss, or legal issues that may arise.
Labshock provides a ready-to-use environment to learn, simulate and test defensive strategies.
- save 90% of time on setup and maintenance
- reduce costs by 95% compared to physical testbeds
- safe and real OT environments for learning and testing
- Individuals: learn OT security in practical hands-on style
- Universities & Mentors: create hands-on and practical OT cources
- Companies: run defensive learning scenarios in safe environments
- build a complete OT test lab in less than 10 minutes
- deploy a full OT/ICS cyber range with SCADA & PLC & EWS & DMZ
- Capture traffic, test SIEM rules, and refine IDS detection in a safe lab
β please give Labshock a Star β
help us keep Labshock growing!
Support with a donation
Collaborate on OT security projects
what you need to run Labshock
Install Docker, thats all.
min: CPU 2 | RAM 2G | HDD 10G
max: CPU 4 | RAM 8G | HDD 20G
free with time limitations
Labshock is free to explore with a built-in trial mode. No license needed to get started.
When you run Labshock without a license, it starts in trial mode:
- 5-minute initialization delay
- 40-minute session limit (can restart as needed)
- Unlimited restarts
Reach out for long-term use, education, or enterprise deployments.
β οΈ Disclaimer You are running this lab at your own risk. Labshock is intended for educational and lawful testing in isolated environments only. The author is not responsible for any damage, data loss, legal issues, or misuse of this tool. Never run Labshock or its components against production systems or networks you do not own or have explicit permission to test.
Guide: Quickstart
Videos: Linux Windows
For more info check Wiki
PORTAL # Web # https://localhost, pwd: labshock/labshock
PLC # OpenPLC # http://localhost:8080, pwd: openplc/openplc
SCADA # FUXA # http://localhost:1881
EWS # Linux # http://localhost:5911/vnc.html, pwd: engineer
PENTEST # Pentest Fury # http://localhost:3443, pwd: pentest/pentest
IDS # Network Swiftness # http://localhost:1443
COLLECTOR # Tidal Collector # http://localhost:2443
TRANSFER # HTTP/FTP Server # http://localhost:4443
FIREWALL # Linux Based # http://localhost:5443
And more...central hub
Labshock contains Portal for accessing all services, documentation and resources:
- access all Labshock services
- navigate OT/DMZ/IT labs
- find guides & documentation
Usage:
- open web interface http://localhost
- user/password
labshock/labshock - check more info on wiki
modified version of OpenPLC
PLC supports all five languages defined in the IEC 61131-3 standard:
LDLadder LogicILInstruction ListSTStructured TextFBDFunction Block DiagramSFCSequential Function Chart
PLC supports protocols:
- Modbus
- DNP3
- S7 (soon)
Usage:
- open http://localhost:8080
- user/password
openplc/openplc - check more info on wiki
modified version of FUXA
SCADA supports protocols:
- Modbus RTU/TCP
- Ethernet/IP
- BACnet IP
- OPC UA
- WebAPI
- MQTT
- S7
Usage:
- open http://localhost:1881
- user/password you can set in settings
- check more info on wiki
tools for learning ICS protocols
- integrated web interface
- practice protocol interactions in safe lab
- pre-installed tools for easy setup
- practice custom exercises in isolated lab
- learn different defensive techniques
Usage:
- open http://localhost:3443
- check more info on wiki
π License:
- Pentest Fury is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
β οΈ Disclaimer: This tool is intended for use only in the Labshock virtual environment. The developer is not responsible for any misuse or unauthorized access attempts. Using this tool against systems without explicit permission may violate local laws or regulations.
best IDS for OT monitoring
Labshock includes Network Swiftness for real-time network monitoring and analysis in OT environments:
- monitor live network traffic
- track active connections
- detect and classify protocols
- generate network topology maps
- capture, analyze and save packets
- web based: simple & easy
Usage:
- open http://localhost:1443
- check more info on wiki
- navigate to Settings > Resources > Network, and check the "Enable host networking" option.
π License:
- Network Swiftness is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
You can easily connect other IDS, for example Zeek
ready SIEM integration
Efficient OT data collection and forwarding:
- collect logs from OT devices
- normalize and forward data to SIEM
- filter and enrich data before forwarding
- lightweight and efficient
- web based: simple & easy
Usage:
- open http://localhost:2443
- find more info on wiki
π License:
- Tidal Collector is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
learn ICS
Engineering Station for programming SCADA and PLC:
- IDE OpenPLC Editor
- Interface to PLC
- Interface to SCADA
- Saved PLC/SCADA projects
Usage:
- login http://localhost:5911/vnc.html
- password
engineer - access PLC/SCADA via browser
- access IDE via OpenPLC Editor
- check more info on wiki
It's also possible to run Windows inside Labshock:
- check & use this repo dockur/windows
- use at your own risk & effort
test and learn DMZ
Firewall service allows you to simulate and explore network segmentation in OT environments:
- simulate DMZ firewall rules
- analyze network flows between IT/OT
- test segmentation controls
- block / allow traffic
Usage:
- open http://localhost:5443
- check more info on wiki
test DMZ pivoting and secure file movement
Transfer service simulates typical IT/OT file transfer scenarios:
- learn OT/IT file transfer architecture
- simulate pivoting via public services
- check segmentation in controlled labs
- observe and learn traffic flows
Usage:
- open http://localhost:4443
- check more info on wiki
integrate with your existing SIEM
Labshock can forward OT events directly into your SIEM:
- ready Splunk integration (community request)
- collectors pre-configured for quick setup
- supports log forwarding to any SIEM
- send events from OpenPLC, SCADA, IDS, and more
- real OT data for correlation and detection testing
Usage:
- open Portal IT section
- click start/connect
- login to your SIEM (here is Splunk)
Labshock is for educational and training purposes only.
- Allowed: personal, academic and non-commercial lab use.
- Not allowed: use against production, third-party, or real-world systems.
- Not allowed: redistribution, modification, or commercial use without license.
- External open-source tools retain their own licenses.
Using SemVer for versioning.
For the versions available, see the tags on this repository.
- Zakhar Bernhardt - Initial work - Ze
See also the list of contributors who participated in this project.
Β© 2025 Labshock Security
Labshock contains open-source and proprietary components.
See the LICENSE file for details.