🟨 #1 Industrial Cyber Lab

Labshock provides a ready-to-use environment to learn, simulate and test defensive strategies.

Why Labshock

• save 90% of time on setup and maintenance
• reduce costs by 95% compared to physical testbeds
• safe and real OT environments for learning and testing

Who can use Labshock

• Individuals: learn OT security in practical hands-on style
• Universities & Mentors: create hands-on and practical OT cources
• Companies: create custom Labs and test your Red/Blue teams

What gives you Labshock

• build a complete OT test lab in less than 10 minutes
• deploy a full OT/ICS cyber range with SCADA & PLC & EWS & DMZ
• capture traffic, test SIEM rules and refine IDS detection

⭐ please put Star ⭐

🟨 Support Labshock

help us keep Labshock growing!

Support Labshock with a small donation

Collaborate with your OT security projects

🟨 Requirements

what you need to run Labshock

Install Docker, thats all.
min: CPU 2 | RAM 2G | HDD 10G
max: CPU 4 | RAM 8G | HDD 20G

🟨 Trial License Info

free with time limitations

Labshock is free to explore with a built-in trial mode. No license needed to get started.

When you run Labshock without a license, it starts in trial mode:

• 5-minute initialization delay — every start in trial mode requires a short wait
• 40-minute session limit — after that, Labshock automatically stops
• You can restart Labshock as many times as you like

Reach out for long-term use, education, or enterprise deployments.

🟨 Install & Update

⚠️ Disclaimer You are running this lab at your own risk. Labshock is intended for educational and lawful testing in isolated environments only. The author is not responsible for any damage, data loss, legal issues, or misuse of this tool. Never run Labshock or its components against production systems or networks you do not own or have explicit permission to test.

Guide: Quickstart
Videos: Linux Windows

🟨 Services

For more info check Wiki

PORTAL       # Web                  # https://localhost, pwd: labshock/labshock
PLC          # OpenPLC              # http://localhost:8080
SCADA        # FUXA                 # http://localhost:1881, pwd: openplc/openplc
EWS          # Kali Linux           # http://localhost:5911/vnc.html, pwd: engineer
PENTEST      # Pentest Fury         # http://localhost:3443
IDS          # Network Swiftness    # http://localhost:1443
COLLECTOR    # Tidal Collector      # http://localhost:2443
TRANSFER     # HTTP/FTP Server      # http://localhost:4443
FIREWALL     # Linux Based          # http://localhost:5443
And more...

🟨 Portal

central hub

Labshock contains Portal for accessing all services, documentation and resources:

• access all Labshock services
• single interface for OT/DMZ/IT
• navigate directly to documentation
• find configuration guides, support

Usage:

• open web interface http://localhost
• user/password labshock/labshock
• check more info on wiki

🟨 PLC

modified version of OpenPLC

PLC supports all five languages defined in the IEC 61131-3 standard:

• LD Ladder Logic
• IL Instruction List
• ST Structured Text
• FBD Function Block Diagram
• SFC Sequential Function Chart

PLC supports protocols:

• Modbus
• DNP3
• S7 (soon)

Usage:

• open http://localhost:8080
• user/password openplc/openplc
• check more info on wiki

🟨 SCADA

modified version of FUXA

SCADA supports protocols:

• Modbus RTU/TCP
• Ethernet/IP
• BACnet IP
• OPC UA
• WebAPI
• MQTT
• S7

Usage:

• open http://localhost:1881
• user/password you can set in settings
• check more info on wiki

🟨 Pentest Fury

Kali inside for OT-focused pentest

Pentest Station tailored for OT and ICS security testing:

• integrated web interface
• tools for working with OT protocols
• pre-installed Kali minimal setup
• simulate your own scenarious
• learn different tactics and pentesting

Usage:

• open http://localhost:3443
• check more info on wiki

🔒 License:

• Pentest Fury is for personal, non-commercial use only.
• Redistribution, modification, or commercial use is prohibited.
• See LICENSE for details.

⚠️ Disclaimer: This tool is intended for use only in the Labshock virtual environment. The developer is not responsible for any misuse or unauthorized access attempts. Using this tool against systems without explicit permission may violate local laws or regulations.

🟨 Network Swiftness

best IDS for OT monitoring

Labshock includes Network Swiftness for real-time network monitoring and analysis in OT environments:

• monitor live network traffic
• track active connections
• detect and classify protocols
• generate network topology maps
• capture, analyze and save packets
• web based: simple & easy

Usage:

• open http://localhost:1443
• check more info on wiki

⚠️ Windows/Mac Users:

• navigate to Settings > Resources > Network, and check the "Enable host networking" option.

🔒 License:

• Network Swiftness is for personal, non-commercial use only.
• Redistribution, modification, or commercial use is prohibited.
• See LICENSE for details.

External IDS

You can easily connect other IDS, for example Zeek

🟨 Tidal Collector

ready SIEM integration

Efficient OT data collection and forwarding:

• collect logs from OT devices
• normalize and forward data to SIEM
• filter and enrich data before forwarding
• lightweight and efficient
• web based: simple & easy

Usage:

• open http://localhost:2443
• find more info on wiki

🔒 License:

• Tidal Collector is for personal, non-commercial use only.
• Redistribution, modification, or commercial use is prohibited.
• See LICENSE for details.

🟨 EWS

learn ICS

Engineering Station for programming SCADA and PLC:

• IDE OpenPLC Editor
• Interface to PLC
• Interface to SCADA
• Saved PLC/SCADA projects

Usage:

• login http://localhost:5911/vnc.html
• password engineer
• access PLC/SCADA via browser
• access IDE via OpenPLC Editor
• check more info on wiki

Windows

It's also possible to run Windows inside Labshock:

• check & use this repo dockur/windows
• use at your own risk & effort

🟨 Firewall

test and learn DMZ

Firewall service allows you to simulate and explore network segmentation in OT environments:

• simulate DMZ firewall rules
• analyze network flows between IT/OT
• test segmentation controls
• block / allow traffic

Usage:

• open http://localhost:5443
• check more info on wiki

🟨 Transfer

test DMZ pivoting and secure file movement

Transfer service simulates typical IT/OT file transfer scenarios:

• learn OT/IT file transfer architecture
• simulate pivoting via public services
• test detection of DMZ abuse

Usage:

• open http://localhost:4443
• check more info on wiki

🟨 SIEM

integrate with your existing SIEM

Labshock can forward OT events directly into your SIEM:

• ready Splunk integration (community request)
• collectors pre-configured for quick setup
• supports log forwarding to any SIEM
• send events from OpenPLC, SCADA, IDS, and more
• real OT data for correlation and detection testing

Usage:

• open Portal IT section
• click start/connect

• login to your SIEM (here is Splunk)

🟨 Versioning

Using SemVer for versioning.

For the versions available, see the tags on this repository.

🟨 Authors

• Zakhar Bernhardt - Initial work - Ze

See also the list of contributors who participated in this project.

🟨 License

© 2025 Zakhar Bernhardt
Labshock contains open-source and proprietary components.
See the LICENSE file for details.