ICS / SCADA Tools
ICS and SCADA tools help analysts understand how industrial systems operate and how they can be secured. These tools support passive mapping, protocol analysis, honeypots, and simulation of industrial devices.
GRASSMARLIN
GRASSMARLIN is a passive network mapping tool for ICS/SCADA environments. It identifies industrial devices, communication paths, and protocol usage without disrupting operations.
Why it’s useful: Teaches how defenders map industrial networks safely and identify risky communication flows.
Difficulty: Intermediate
ConPot
ConPot is an ICS honeypot designed to simulate industrial control systems. It emulates common protocols and devices to attract attackers and study their behavior.
Why it’s useful: Shows how ICS honeypots gather intelligence on adversary techniques targeting industrial environments.
Difficulty: Advanced
ModbusPal
ModbusPal is a Modbus simulator that allows users to create virtual industrial devices and test interactions with Modbus-based systems.
Why it’s useful: Helps learners understand Modbus communication and how attackers manipulate industrial protocols.
Difficulty: Beginner
PLCScan
PLCScan is a tool for scanning and identifying PLCs (Programmable Logic Controllers) across industrial networks. It supports multiple ICS protocols.
Why it’s useful: Shows how attackers enumerate industrial devices and how defenders detect unauthorized scanning.
Difficulty: Intermediate
Scapy (ICS Extensions)
Scapy is a packet manipulation tool that supports crafting and analyzing ICS protocol packets through extensions. It enables deep testing of industrial communication.
Why it’s useful: Teaches how industrial protocols can be manipulated and how malformed packets affect ICS systems.
Difficulty: Advanced