CoreFlareSec ICSforge
Open Source Tool

ICS/SCADA
Penetration
Testing Toolkit

Web-based GUI for scanning, reading, writing and attacking industrial control systems. Built for authorized security testing, CTF competitions, and ICS security research.

GitHub — munpao/icsforge Download ZIP
v3.0 Python 3.8+ MIT License
ICSforge Web GUI — Modbus Scan Results
terminal
$ ./start.sh
[+] ICSforge v3.0 started
[+] http://localhost:5000
[!] Modbus scan: 10.10.20.10:502
[+] Found 16 coils, 44 regs
$
3+
ICS Protocols
25+
Attack Modules
100%
Open Source
MIT
License
Live Preview

ICSforge Web GUI

Full-featured web interface — scan, read, write, and attack industrial protocols from your browser.

ICSforge Web GUI — Modbus scan showing coils, registers, target controls

ICSforge is a web-based ICS/SCADA penetration testing toolkit built for security professionals, CTF competitors, and industrial cybersecurity researchers.

It provides a unified GUI for interacting with industrial protocols — Modbus/TCP, EtherNet/IP CIP, and S7comm — with features ranging from basic scanning to advanced attack simulation.

  • Web-based GUI — no CLI required
  • Multi-protocol support in a single interface
  • Built-in OT network scanner
  • Real-time SSE log streaming
  • Payload presets for auth bypass and fuzzing
  • MIT licensed — free for lab and research use
Address Start
920
Address End
940
Payload Values
0xDEAD,0xBEEF,0xABCD,0x1337,0xFFFF
| × 0xDEAD
| × 0xBEEF
| × 0xABCD
| × 0x1337
↶ addr=939 END — no writes succeeded
 
Addr 940 — testing 7 value(s)
| × 0xDEAD
| × 0xBEEF
Features

Protocol Coverage

Complete feature matrix across all supported industrial protocols.

Modbus/TCP
Default Port: 502 | Function Codes: FC01-FC06
OpenPLCSchneiderGeneric
FeatureDescriptionImpact
Scan (FC01-FC04)Coil/register scan with secret detectionRECON
Write Coil (FC05)Force output ON/OFF, trigger shutdownsHIGH
Write Register (FC06)Modify setpoints, thresholdsHIGH
Auth BypassFuzz auth registers with preset payloadsHIGH
Value BruteforceWrite payloads across address rangeMED
Race ConditionBurst write with value cyclingHIGH
Crash TestMalformed PDU fuzzingHIGH
EtherNet/IP CIP
Default Port: 44818 | Allen-Bradley / Rockwell
ControlLogixCompactLogix
FeatureDescriptionImpact
ScanListIdentity + tag enumerationRECON
Read/Write TagsTag read/write via pycomm3HIGH
Auth BypassTag-based auth fuzzingHIGH
Tag BruteforceValue bruteforce across tagsHIGH
Race ConditionBurst write with value cyclingHIGH
S7comm (Siemens)
Default Port: 102 | S7-300/400/1200
PLCSIMS7-300
FeatureDescriptionImpact
ScanCPU info + firmware via SZLRECON
DB Read/WriteData block operationsHIGH
CPU STOPSend PLC stop commandHIGH
Memory FuzzerWrite fuzz values to DBHIGH
Replay AttackReplay captured S7 PDU hexHIGH
OT Network Scanner
Multi-protocol device discovery
ModbusENIPS7DNP3BACnet
ProtocolPortDetectionInfo
Modbus/TCP502FC43 Device IDVendor, firmware, unit IDs
EtherNet/IP44818ListIdentityDevice type, serial
S7comm102COTP + SZLCPU type, firmware
DNP320000Data link probeDevice address
BACnet47808Who-Is broadcastDevice ID, vendor
Installation

Get Started in 30 Seconds

No separate install step — dependencies auto-install on first run.

Linux / macOS
Ubuntu 20.04+ / macOS 12+
$git clone https://github.com/munpao/icsforge
$cd icsforge && ./start.sh
# Opens browser at localhost:5000
Windows
Windows 10/11 + Python 3.8+
>git clone https://github.com/munpao/icsforge
>cd icsforge && start.bat
# Opens browser automatically
Get Started

Start Testing Your
ICS Security Today

Free and open source. Use in your lab, CTF competitions, or authorized assessments.

View on GitHub Contact CoreFlareSec