ICS Pentesting Tools

A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing

Introduction to ICS, SCADA, & PLCs

• PLC Training Org
• SCADA Systems - Utility 101 Session with Rusty Wiliiams

ICS Protocols

• AMI
• BACnet
• Bristol Standard Asynchronous Protocol (BSAP)
• DNP3
• Ethercat
• IEC 104
• IEEE C37.118
• LoRaWAN
• Modbus
• OPC UA
• OpenADR
• Siemens S7
• Zigbee

Honeypots tools

• T-Pot
• Conpot
• GasPot

Firmware tools

• OWASP General Firmware Pointers
• Firmwalker
• Firmware Mod Kit
• Firmadyne

General Tools

• s7scan
• Snap7
• plcscan
• ModScan
• MODBUS Penetration Testing Framework
• ISF
• CSET

Reverse Engineering tools

• Binwalk
• ANGR

Tips

• this repo is inspired by @timyardley's list of Tools, tips, tricks, and more for exploring ICS Security resources at https://github.com/ITI/ICS-Security-Tools
• The purpose of this project is to list ICS Pentesting Tools as a community resource. Please contribute if you have something useful to add.

References

• https://github.com/ITI/ICS-Security-Tools
• https://github.com/hslatman/awesome-industrial-control-system-security
• https://github.com/w3h/icsmaster
• https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/SCADA.md
• https://github.com/enaqx/awesome-pentest