{"id":50406283,"url":"https://github.com/mrhenrike/industrialxpl-forge","last_synced_at":"2026-05-31T02:00:29.985Z","repository":{"id":361332996,"uuid":"1253939739","full_name":"mrhenrike/IndustrialXPL-Forge","owner":"mrhenrike","description":"The World's Largest OT/ICS/SCADA Security Assessment \u0026 Exploitation Framework. Python-First. No Metasploit required. Part of the XPL-Forge suite.","archived":false,"fork":false,"pushed_at":"2026-05-31T01:05:37.000Z","size":8424,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-31T01:12:35.226Z","etag":null,"topics":["bacnet","dnp3","enip","exploitation","hmi","ics-security","industrial-control-systems","modbus","ot-security","plc","python","s7comm","scada"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrhenrike.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-30T00:56:31.000Z","updated_at":"2026-05-31T01:05:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mrhenrike/IndustrialXPL-Forge","commit_stats":null,"previous_names":["uniao-geek/industrialxpl-forge","mrhenrike/industrialxpl-forge"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/mrhenrike/IndustrialXPL-Forge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrhenrike%2FIndustrialXPL-Forge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrhenrike%2FIndustrialXPL-Forge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrhenrike%2FIndustrialXPL-Forge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrhenrike%2FIndustrialXPL-Forge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrhenrike","download_url":"https://codeload.github.com/mrhenrike/IndustrialXPL-Forge/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrhenrike%2FIndustrialXPL-Forge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33716339,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bacnet","dnp3","enip","exploitation","hmi","ics-security","industrial-control-systems","modbus","ot-security","plc","python","s7comm","scada"],"created_at":"2026-05-31T02:00:22.520Z","updated_at":"2026-05-31T02:00:29.967Z","avatar_url":"https://github.com/mrhenrike.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![IndustrialXPL-Forge](docs/img/industrialxpl_forge-banner_16x9-en_us.png)\n\n# IndustrialXPL-Forge (IXF)\n\n\u003e **The World's Largest OT/ICS/SCADA Security Assessment \u0026 Exploitation Framework**\n\u003e Part of the XPL-Forge suite | Author: André Henrique ([@mrhenrike](https://github.com/mrhenrike)) | [União Geek](https://uniaogeek.com.br/)\n\n[![PyPI version](https://img.shields.io/pypi/v/industrialxpl-forge?color=red\u0026label=PyPI)](https://pypi.org/project/industrialxpl-forge/)\n[![Python](https://img.shields.io/pypi/pyversions/industrialxpl-forge?color=blue\u0026label=Python)](https://pypi.org/project/industrialxpl-forge/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![CI](https://img.shields.io/github/actions/workflow/status/mrhenrike/IndustrialXPL-Forge/ci.yml?branch=master\u0026label=CI)](https://github.com/mrhenrike/IndustrialXPL-Forge/actions)\n[![Modules](https://img.shields.io/badge/Modules-911%2B-brightgreen)](https://github.com/mrhenrike/IndustrialXPL-Forge)\n[![Vendors](https://img.shields.io/badge/Vendors-150%2B-orange)](https://github.com/mrhenrike/IndustrialXPL-Forge)\n[![Protocols](https://img.shields.io/badge/Protocols-50%2B-blue)](https://github.com/mrhenrike/IndustrialXPL-Forge)\n[![MITRE ATT\u0026CK ICS](https://img.shields.io/badge/MITRE%20ATT%26CK%20ICS-v19-red)](https://attack.mitre.org/matrices/ics/)\n[![Platform](https://img.shields.io/badge/Platform-OT%20%7C%20ICS%20%7C%20SCADA%20%7C%20IIoT-darkred)](https://github.com/mrhenrike/IndustrialXPL-Forge)\n\n**Python-First. Pure Python implementation — install and run with a single `pip install`.**\n\n---\n\n## Quick Start\n\n```bash\npip install industrialxpl\nixf\n```\n\nOr from source:\n\n```bash\ngit clone https://github.com/mrhenrike/IndustrialXPL-Forge\ncd IndustrialXPL-Forge\npip install -r requirements.txt\npython ixf.py\n```\n\n---\n\n## What is IXF?\n\nIndustrialXPL-Forge is a modular, Python-native security assessment and exploitation framework for **Operational Technology (OT)**, **Industrial Control Systems (ICS)**, **SCADA**, **HMI**, **PLC**, **RTU**, **DCS**, and **IIoT** environments.\n\nIt covers the **complete attack lifecycle**:\n\n```\nOSINT → Discovery → Fingerprint → Vulnerability Check → Exploit → Report\n```\n\n**Key features:**\n- **Python-First**: all core functionality works with `pip install industrialxpl` — external runtimes (C, Go, Java) are optional accelerators with Python fallbacks built in\n- **SafeMode by default**: every module runs in simulate mode — prints payload without sending\n- **MITRE ATT\u0026CK for ICS v19**: 79 techniques mapped, `ttp T0843 192.168.1.100` syntax\n- **CVE coverage**: 3,300+ ICS/OT CVEs from CVSS 0.1 to 10.0\n- **50 vendors**: Siemens, Schneider, Rockwell, ABB, Honeywell, Emerson, WEG, and more\n- **50 protocols**: Modbus, S7comm, EtherNet/IP, DNP3, BACnet, IEC-104, OPC UA, PROFINET, and more\n\n---\n\n## Module Catalog\n\n| Category | Modules | Description |\n|----------|---------|-------------|\n| `exploits/protocols/` | ~50 | Modbus, S7, ENIP, DNP3, BACnet, Profinet, IEC104, OPC UA |\n| `exploits/plc/` | ~80 | Siemens, Schneider, Rockwell, GE, Beckhoff, Unitronics, ABB |\n| `exploits/scada/` | ~60 | IGSS, RealWin, Genesis32, CoDeSys, FUXA, CitectSCADA |\n| `exploits/mes/` | ~25 | Ignition, ThinManager, SIMATIC Historian, DELMIA Apriso |\n| `scanners/ics/` | ~50 | Protocol-specific discovery (Modbus, S7, BACnet, DNP3...) |\n| `scanners/osint/` | ~8 | Shodan queries, ELITEWOLF web dorks, OT Hunt |\n| `creds/` | ~55 | Default credentials for 50+ OT/ICS vendors |\n| `cve/` | 3,300+ | All CVE severity levels (CVSS 0.1-10.0), 3 implementation tiers |\n| `cve/apt/` | ~10 | APT malware TTPs: FrostyGoop, Industroyer2, TRITON, INCONTROLLER |\n| `assessment/` | ~25 | IEC 62443, NIST 800-82r3, MITRE ICS, risk scoring, IR playbook |\n\n---\n\n## Usage Examples\n\n```\n# Open the IXF interactive shell\nixf\n\n# Load and run a module (simulate mode by default — safe)\nixf \u003e use scanners/ics/modbus_detect\nixf \u003e set target 192.168.1.100\nixf \u003e check\n\n# Search for modules\nixf \u003e search siemens\nixf \u003e search CVE-2015-5374\nixf \u003e search modbus\n\n# Execute a TTP-ID against a target\nixf \u003e ttp T0843 192.168.1.100          # Program Download — all modules\nixf \u003e ttp T0878 10.0.0.0/24            # Alarm Suppression — subnet sweep\nixf \u003e ttp-list --tactic evasion        # List all Evasion TTP-IDs\n\n# MITRE ATT\u0026CK for ICS sweep\nixf \u003e mitre-scan discovery 192.168.1.0/24\nixf \u003e mitre-scan evasion 192.168.1.100\nixf \u003e mitre-all 192.168.1.100          # All 79 techniques (simulate by default)\nixf \u003e mitre-coverage                   # Show coverage % per tactic\n\n# CVE-specific modules\nixf \u003e cve CVE-2026-25895               # FUXA SCADA pre-auth RCE\nixf \u003e cve CVE-2015-5374               # Siemens SIPROTEC4 DoS\nixf \u003e cve-scan 192.168.1.0/24         # Discover assets + test all CVEs\n\n# Generate reports\nixf \u003e report json\nixf \u003e mitre-report layer               # ATT\u0026CK Navigator JSON layer\n```\n\n---\n\n## SafeMode / DestructiveMode\n\n**Every module defaults to simulate mode** — it prints what it WOULD do without sending any packets.\n\n```\nixf (FrostyGoop) \u003e run                 # SIMULATE: prints payload, no send\nixf (FrostyGoop) \u003e set simulate false\nixf (FrostyGoop) \u003e set destructive true\nixf (FrostyGoop) \u003e run                 # LIVE: shows banner + requires confirmation\n```\n\nImpact levels require proportional confirmation:\n- `INFO/READ`: automatic\n- `LOW`: simple warning\n- `MEDIUM`: press Enter\n- `HIGH`: type `yes`\n- `CRITICAL`: type the full confirmation string\n- `CATASTROPHIC`: type string + wait 10 seconds\n\nAll destructive operations are logged to `.log/destructive_ops_YYYY-MM-DD.log`.\n\n---\n\n## Python-First Policy\n\n| Tier | Type | Examples | Required? |\n|------|------|----------|-----------|\n| **0** | Python stdlib | socket, struct, select | Always |\n| **1** | pip install | pymodbus, scapy, rich, requests | Yes |\n| **2** | pip extras | asyncua, cpppo, python-can | Optional |\n| **3** | External runtimes | ruby, node, java, gcc, go | **Optional — Python fallback always available** |\n\nAll SCADA framework modules are implemented natively in Python — no additional tools required.\n\n---\n\n## Legal Disclaimer\n\nThis tool is intended for **authorized security testing, research, and educational purposes only**.\n\nUsing IndustrialXPL-Forge against systems you do not own or do not have **explicit written authorization** to test is **illegal** and may violate computer fraud laws in your jurisdiction.\n\nOT/ICS systems control critical physical infrastructure. Unauthorized use may cause:\n- Physical damage to industrial equipment\n- Disruption of essential services (power, water, gas, manufacturing)\n- Personal injury or death\n- Significant legal penalties\n\n**The authors and União Geek assume no liability for misuse. Users bear full legal and ethical responsibility for all actions performed with this tool.**\n\n---\n\n## Author \u0026 Credits\n\n**Author:** André Henrique ([@mrhenrike](https://github.com/mrhenrike)) | [União Geek](https://uniaogeek.com.br/)\n\nModule sources: EmbedXPL-Forge (suite sibling), ISF/ICSSploit, ModBusSploit, n-days-poc-benchmark, InduGuard, ZeronTek OT Hunt research, CISA ICS-CERT advisories, Vedere Labs OT:ICEFALL, ExploitDB ICS catalog, GitHub public PoCs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrhenrike%2Findustrialxpl-forge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrhenrike%2Findustrialxpl-forge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrhenrike%2Findustrialxpl-forge/lists"}