Labshock lets you build and test ICS security labs - without expensive hardware.
- check Website
- save 90% of time on setup and maintenance
- reduce costs by 95% compared to physical testbeds
- provide safe, real-world OT environments for security testing
- solve global gap in hands-on OT/ICS cybersecurity training
- Labshock Into Video
- Security & OT Teams > test security tools, train staff, simulate real threats
- Universities & Proffesionals > hands-on ICS training, SCADA/PLC setup
- Red & Blue Teams > exploit ICS systems and validate OT SIEM/IDS rules
- Labshock Demo Video
- Build a complete ICS test lab in 5 minutes
- Simulate SCADA & PLCs for attack/defense training
- Capture traffic, test SIEM rules and refine detection
β If you find this project useful, please put Star β
If you find this project useful, please consider helping:
Install Docker components, thats all:
- Docker
- Docker-compose
- Git (optional)
Minimal: CPU 2 | RAM 4G | HDD 10G
Recommended: CPU 4 | RAM 8G | HDD 20G
How-to: Quickstart Guide
Videos: Linux, Windows
Install
git clone https://github.com/zakharb/labshock.git
cd labshock/labshock
docker-compose build
Run
docker-compose up
Update
git pull
cd labshock
docker-compose down -v
docker-compose build
β€οΈ If you install Labshock, consider supporting Labshock:
For more info check Wiki Documentation
PORTAL # Web # https://localhost
PLC # OpenPLC # http://localhost:8080
SCADA # FUXA # http://localhost:1881, pwd: openplc/openplc
EWS # Kali Linux # http://localhost:5911/vnc.html, pwd: engineer
PENTEST # Pentest Fury # http://localhost:3443
IDS # Network Swiftness # http://localhost:1443
COLLECTOR # Tidal Collector # http://localhost:2443
And more...Labshock contains Portal as central hub for accessing all services, documentation and resources.
With Portal Service you can:
- access all Labshock tools from a single interface: https://localhost
- navigate directly to documentation, configuration guides
- connect to services like Network Swiftness, Tidal Collector and Pentest Fury
- use built-in links to troubleshooting and support resources
Usage:
- open web interface http://localhost
- check more info on wiki
Labshock contains modified version of OpenPLC
PLC supports all five languages defined in the IEC 61131-3 standard:
LDLadder LogicILInstruction ListSTStructured TextFBDFunction Block DiagramSFCSequential Function Chart
PLC supports protocols
- Modbus
- DNP3
- S7 (soon)
Usage:
- login into dashboard http://localhost:8080
- user/password
openplc/openplc - check more info on wiki
- find source code on forkedOpenPLC
Labshock contains modified version of FUXA
SCADA supports protocols:
- Modbus RTU/TCP
- Ethernet/IP
- BACnet IP
- OPC UA
- WebAPI
- MQTT
- S7
Usage:
- login into main interface http://localhost:1881
- user/password you can set in settings
- check more info on wiki
Labshock includes Pentest Station tailored for OT and ICS security testing.
Features:
- Tools for Modbus, DNP3, IEC 60870-5-104, S7, OPC UA analysis
- SCADA/PLC fuzzing, packet manipulation, and vulnerability scanning
- Pre-installed Kali tools like Nmap, Wireshark & Metasploit
Use Cases:
- Test OT system security and ICS networks
- Simulate attacks: replay, MITM, command injection
- Decode and analyze SCADA traffic
Usage:
- open web interface http://localhost:1443
- or use command line
ssh pentest@localhost -p 2222
pwd: pentest
- check more info on wiki
π License:
- Pentest Fury is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
Ready for OT-focused pentesting.
Labshock includes Network Swiftness for real-time network monitoring and analysis in OT environments.
Features:
- Monitor live network traffic
- Track active connections
- Detect and classify protocols
- Generate network topology maps
- Capture, analyze and save packets
- Web based: simple & easy
Use Cases:
- Gain visibility into OT network activity
- Identify unauthorized connections and protocol anomalies
- Analyze SCADA/ICS traffic patterns
- Save packet data for forensic analysis
Usage:
- open web interface http://localhost:1443
- check more info on wiki
- navigate to Settings > Resources > Network, and check the "Enable host networking" option.
π License:
- Network Swiftness is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
Ready for OT network monitoring and analysis.
You can easily connect other IDS, for example Zeek
Labshock includes Tidal Collector for efficient OT data collection and forwarding.
Features:
- Collect logs and metrics from OT devices
- Normalize and forward data to SIEM
- Filter and enrich data before forwarding
- Lightweight and efficient
- Web based: simple & easy
Use Cases:
- Centralize OT data collection for analysis
- Enhance SIEM visibility with OT-specific logs
- Normalize diverse log formats
- Reduce noise with smart filtering
Usage:
- open web interface http://localhost:2443
- find more info on wiki
π License:
- Tidal Collector is for personal, non-commercial use only.
- Redistribution, modification, or commercial use is prohibited.
- See LICENSE for details.
Ready for OT data collection and integration.
Labshock contains Engineering Station for programming SCADA and PLC.
EWS comes pre-configured and ready to use:
- IDE OpenPLC Editor
- Interface to PLC
- Interface to SCADA
- Saved PLC/SCADA projects
Usage:
- login into noVNC interface http://localhost:5911/vnc.html
- password
engineer - all links/projects are on Desktop
- access PLC/SCADA via browser
- access IDE via OpenPLC Editor
- check more info on wiki
It's also possible to run Windows inside Labshock:
- check & use this github repo dockur/windows
- use at your own risk & effort
Using SemVer for versioning.
For the versions available, see the tags on this repository.
- Zakhar Bernhardt - Initial work - Ze
See also the list of contributors who participated in this project.
Β© 2025 Zakhar Bernhardt
Labshock contains open-source and proprietary components.
See the LICENSE file for details.