Developed as a community asset
- Modshaft - Modshaft is an IP-over-Modbus/TCP tunnel. It is useful for evading application-layer firewalls.
- ICS Evasion Attacks - Implementation of white box and black box classifier evasion from SUTD. Paper in repo.
- Modbus-VCR - The Modbus VCR records and replays Modbus traffic
- Ettercap plugin for IEC 60870-5-104 - Ettercap Plugin for Man-In-The-Middle Attacks on IEC 60870-5-104
- PlcInjector - Modbus stager in assembly and some scripts to upload/download data to the holding register of a PLC. More info here.
- plcinject - S7 PLC injection using Snap7
- Sixnet Tools - Tool for exploiting sixnet RTUs
- Defcon26 Tools - Tools demonstrated at DEF CON 26 talk "Hacking PLCs and Causing Havoc on Critical Infrastructures"
- Metasploit - Exploitation framework.
- Bettercap - A complete, modular, portable and easily extensible MITM framework.
- ISF (Industrial Exploitation Framework) - an exploitation framework based on open source project routersploit
- ISF(Industrial Security Exploitation Framework) - ISF(Industrial Security Exploitation Framework) is an exploitation framework based on Python, claiming to be based on the NSA Equation Group Fuzzbunch toolkit, developed by the ICSMASTER team.
- EtherSploit/IP - An interactive shell with a bunch of helpful commands to exploit EtherNet/IP vulnerabilities (more specifically Allen-Bradley MicroLogix implementation of ENIP)
- Gleg SCADA+ Pack - Commercial
- S7 Metasplot pack - Initial s7 metasploit modules.
- Schneider Electric PLC / Modbus modules from DEFCON 25 - Downloading a program from the PLC, gathering information about the PLC and forcing the values of the digital outputs, START/STOP
- IEC 104 Module - IEC104 Client for Metasploit merged into mainline
- random modbus tools - ICS Village talk at DEFCON 25
- Siemens S7 PLC Bootloader Code Execution Utility - Non-invasive arbitrary code execution on the Siemens S7 PLC by using an undocumented bootloader protocol over UART. Siemens assigned SSA-686531 (CVE-2019-13945) for this vulnerability. Affected devices are Siemens S7-1200 (all variants including SIPLUS) and S7-200 Smart.
Note: The following tools haven't necessarily been utilized in an ICS context, but could be helpful.
- Laika Boss - Laika is an object scanner and intrusion detection system that strives to achieve the goal of a scalable, flexible, and verbose system.
(creative commons license)