// the find
ITI/ICS-Security-Tools
Tools, tips, tricks, and more for exploring ICS Security.
A community-maintained collection of ICS/SCADA security resources: pcap samples, default password lists, Snort rules, and links to tools. Aimed at security researchers, pentesters, and defenders working in industrial control system environments where Modbus, DNP3, EtherNet/IP, IEC 61850, and similar protocols are in play.
The pcap library is the real value here — protocol captures for DNP3, Modbus, CIP/EtherNet/IP, IEC 61850, BACnet, and others are hard to find legally and cleanly labeled, making them useful for building/testing ICS-aware parsers and IDS signatures. The default password CSV (scadapass.csv) saves hours of manual research when doing assessments of legacy PLCs and HMIs. Snort rules from Talos and QuickDraw are included as flat files, which is useful for teams that need a starting point for ICS network detection without building from scratch. Protocol coverage is broad — it spans both common (Modbus, DNP3) and less-documented (MELSEC, Beckhoff AMS, DLMS-COSEM) protocols.
This is fundamentally a link aggregator and file dump, not a maintained toolkit — the README is a directory listing with no explanations of what the tools actually do or how to use them. Most of the 'tools' section is outbound links to other repos, many of which will be stale or abandoned. Last meaningful content push appears to be years old for most subdirectories, and the ICS security landscape (especially OT detection tooling) has moved significantly since this was assembled. There's no guidance on threat modeling, attack chains, or how these pieces fit together, so a newcomer gets a pile of files with no map.