// the find
w3h/icsmaster
ICS/SCADA Security Resource(整合工控安全相关资源)
A static collection of ICS/SCADA security resources — research papers, Nmap NSE scripts, Metasploit modules, protocol pcaps, and exploit tools — assembled by a Chinese ICS security firm around 2017-2018. It's a reference dump, not a library or framework. Useful if you're doing ICS security research or pen testing OT networks and want everything in one place.
The NSE script collection is the most practical part: scripts for S7, Modbus, BACnet, EtherNet/IP, DNP3, Omron, and more, ready to drop into Nmap. The pcap library covers a solid range of ICS protocols with real captured traffic, which is genuinely hard to find — useful for building detection signatures or understanding protocol behavior without access to real hardware. The paper archive spans BlackHat, Kaspersky, Dragos, and SCADA StrangeLove, covering Stuxnet, CrashOverride/Industroyer, and PLC worm research. Default credentials spreadsheet (Scada_Password.csv) and Google dorks (Scada_Dorks.csv) are the kind of thing that takes hours to assemble manually.
Dead since January 2019 — ICS vulnerabilities have moved significantly since then, and nothing here reflects post-2018 threats like TRITON/TRISIS beyond one document. The repo is a flat file dump with no tooling, no tests, no documentation beyond the README list, and no way to know if the exploit scripts actually work against current firmware versions. Many tools are just binary blobs (APK, RAR, ZIP) with no source — you're trusting whatever was uploaded years ago. The protocol libraries under /protocol are stubs with almost no content. If you need anything beyond the NSE scripts and pcaps, you'll quickly hit a wall.