- Modshaft - Modshaft is an IP-over-Modbus/TCP tunnel. It is useful for evading application-layer firewalls.
- Modbus-VCR - The Modbus VCR records and replays Modbus traffic
- PlcInjector - Modbus stager in assembly and some scripts to upload/download data to the holding register of a PLC. More info here.
- Metasploit - Exploitation framework.
- Bettercap - A complete, modular, portable and easily extensible MITM framework.
- ISF (Industrial Exploitation Framework) - an exploitation framework based on open source project routersploit
- ISF(Industrial Security Exploitation Framework) - ISF(Industrial Security Exploitation Framework) is an exploitation framework based on Python, claiming to be based on the NSA Equation Group Fuzzbunch toolkit, decceloped by the ICSMASTER team.
- Gleg SCADA+ Pack - Commercial
- S7 Metasplot pack - Initial s7 metasploit modules.
- Schneider Electric PLC / Modbus modules from DEFCON 25 - Downloading a program from the PLC, gathering information about the PLC and forcing the values of the digital outputs, START/STOP
- IEC 104 Module - IEC104 Client for Metasploit merged into mainline
Note: The following tools haven't necessarily been utilized in an ICS context, but could be helpful.
- Laika Boss - Laika is an object scanner and intrusion detection system that strives to achieve the goal of a scalable, flexible, and verbose system.
(creative commons license)