Labshock lets you build and test ICS security labs - without expensive hardware.
- save 90% of time on setup and maintenance
- reduce costs by 95% compared to physical testbeds
- Security Teams: test security tools, train staff, simulate real threats
- Universities: hands-on ICStraining, SCADA/PLC setup
- Red Team: exploit ICS systems with Pentest Fury
- Blue Team: validate SIEM rules with Tidal Collector
- Researchers: analyze OT traffic with Network Swiftness
- Build a complete ICS test lab in 5 minutes
- Simulate SCADA & PLCs for attack/defense training
- Capture traffic, test SIEM rules and refine detection
Start Now β Quick Start Guide
Community β Discord
If you find this project useful, please consider giving it Star β
If you find this project useful, please consider helping:
Use How to on wiki
Install Docker components, thats all:
- Docker
- Docker-compose
- Git (optional)
Minimal System Requirements PLC + SCADA + EWS + Pentest + Switch:
CPU 2|RAM 1G|HDD 10G
Install
git clone https://github.com/zakharb/labshock.git
cd labshock/labshock
docker-compose build
Run
docker-compose up
Update
git pull
cd labshock
docker-compose down -v
docker-compose build
π If you install Labshock, consider supporting my work:
PLC # OpenPLC
SCADA # FUXA
ROUTER # Custom
EWS & OWS # Linux / Windows
PENTESTING # Kali Linux
FIREWALL # Iptables
TRANSFER # FTP
REMOTE # VNC / RDP
SIEM # Multi Vendor
IDS # Multi Vendor
And more...SCADA # http://localhost:1881
PLC # http://localhost:8080, user/pwd: openplc/openplc
EWS # http://localhost:5911/vnc.html, user/pwd: engineer/engineer
Pentest # ssh pentest@localhost -p 2222
IDS # http://localhost:1443
Collector # http://localhost:2443Labshock contains modified version of OpenPLC
Source code for service: forkedOpenPLC
PLC supports all five languages defined in the IEC 61131-3 standard:
LDLadder LogicILInstruction ListSTStructured TextFBDFunction Block DiagramSFCSequential Function Chart
PLC supports protocols
- Modbus
- DNP3
With PLC you can:
- login into dashboard http://localhost:8080
- user/password
openplc/openplc - start/stop PLC
- upload project
- monitor status
- change settings
Labshock contains modified version of FUXA
SCADA supports protocols:
- Modbus RTU/TCP
- Ethernet/IP
- BACnet IP
- OPC UA
- WebAPI
- MQTT
- S7
With SCADA you can:
- login into main interface http://localhost:1881
- user/password you can set in settings
- interact with controls
- check alarms
- edit layout
- edit connections/tags
Labshock contains Engineering Station based on Kali Linux
EWS comes pre-configured and ready to use:
- IDE OpenPLC Editor
- Interface to PLC
- Interface to SCADA
- Saved PLC/SCADA projects
With EWS you can:
- login into noVNC interface http://localhost:5911/vnc.html
- password
engineer - all links/projects are on Desktop
- access PLC/SCADA via browser
- access IDE via OpenPLC Editor
It's also possible to run Windows inside Labshock:
- check & use this github repo dockur/windows
- use at your own risk & effort
To run inside labshock include in docker-compose.yml service:
ews-win:
image: dockurr/windows
container_name: windows
environment:
VERSION: "11"
devices:
- /dev/kvm
- /dev/net/tun
cap_add:
- NET_ADMIN
ports:
- 8006:8006
- 3389:3389/tcp
- 3389:3389/udp
stop_grace_period: 2m
Labshock contains modified version of Kali Linux
Labshock includes Pentest Station tailored for OT and ICS security testing:
- Tools for Modbus, DNP3, IEC 60870-5-104, OPC UA analysis
- SCADA/PLC fuzzing, packet manipulation, and vulnerability scanning
- Pre-installed Kali tools like Nmap, Wireshark & Metasploit
Use Cases:
- Test OT system security and ICS networks
- Simulate attacks: replay, MITM, command injection
- Decode and analyze SCADA traffic
Usage:
ssh pentest@localhost -p 2222
pwd: pentest
Ready for OT-focused pentesting.
Labshock includes Network Swiftness for real-time network monitoring and analysis in OT environments.
Features:
- Monitor live network traffic
- Track active connections
- Detect and classify protocols
- Generate network topology maps
- Capture, analyze and save packets
- Web based: simple & easy
Use Cases:
- Gain visibility into OT network activity
- Identify unauthorized connections and protocol anomalies
- Analyze SCADA/ICS traffic patterns
- Save packet data for forensic analysis
Usage:
- open web interface http://localhost:1443
Windows Docker Desktop Users:
- navigate to Settings > Resources > Network, and check the "Enable host networking" option.
π License:
- Network Swiftness is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
Ready for OT network monitoring and analysis.
Now You cab easily connect other IDS, for example Zeek:
ids:
image: zeek/zeek:latest
network_mode: host
command: tail -f /dev/null
Labshock includes Tidal Collector for efficient OT data collection and forwarding.
Features:
- Collect logs and metrics from OT devices
- Normalize and forward data to SIEM
- Filter and enrich data before forwarding
- Lightweight and efficient
- Web based: simple & easy
Use Cases:
- Centralize OT data collection for analysis
- Enhance SIEM visibility with OT-specific logs
- Normalize diverse log formats
- Reduce noise with smart filtering
Usage:
- open web interface http://localhost:2443
π License:
- Tidal Collector is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
Ready for OT data collection and integration.
Using SemVer for versioning.
For the versions available, see the tags on this repository.
- Zakhar Bernhardt - Initial work - Ze
See also the list of contributors who participated in this project.
This program is free software for personal, non-commercial use only.
See the LICENSE file for details.