Open-Source Cybersecurity Tools: OT / ICS / IoT Security

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 5 documented tools. It focuses on capabilities used for asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

  • Coverage depth against your highest-priority threats and compliance obligations.
  • Operational overhead for deployment, tuning, and long-term maintenance.
  • Signal quality versus analyst workload and false-positive pressure.
  • Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
  • Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

A | D | I | S

Letter A

This letter section contains 1 tools.

A Modbus/TCP Fuzzer for testing internetworked industrial systems, 2015

  • Website: https://doi.org/10.1109/ETFA.2015.7301400
  • Model: Open Source
  • Category: OT / ICS / IoT Security
  • Source Lists: Awesome Fuzzing

What it does: A Modbus/TCP Fuzzer for testing internetworked industrial systems, 2015 is used in ot / ics / iot security programs to support asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

Letter D

This letter section contains 1 tools.

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021

  • Website: https://conand.me/publications/redini-diane-2021.pdf
  • Model: Open Source
  • Category: OT / ICS / IoT Security
  • Source Lists: Awesome Fuzzing

What it does: DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021 is used in ot / ics / iot security programs to support asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Letter I

This letter section contains 2 tools.

ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021

  • Website: https://www.usenix.org/conference/usenixsecurity21/presentation/tychalas
  • Model: Open Source
  • Category: OT / ICS / IoT Security
  • Source Lists: Awesome Fuzzing

What it does: ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021 is used in ot / ics / iot security programs to support asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Industrial Control System Security

  • Website: https://github.com/hslatman/awesome-industrial-control-system-security
  • Model: Open Source
  • Category: OT / ICS / IoT Security
  • Source Lists: Awesome Malware Analysis

What it does: Industrial Control System Security is used in ot / ics / iot security programs to support asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Related Awesome Lists.

Back to Name Jump

Letter S

This letter section contains 1 tools.

SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, 2021

  • Website: https://arxiv.org/pdf/2105.05445.pdf
  • Model: Open Source
  • Category: OT / ICS / IoT Security
  • Source Lists: Awesome Fuzzing

What it does: SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, 2021 is used in ot / ics / iot security programs to support asset visibility, protocol-aware detection, and resilience for cyber-physical systems. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump