ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing

TL;DR

ICSSPulse is a novel, open-source platform that combines network scanning, protocol-specific interactions, and LLM-assisted reporting to enhance the security testing of industrial control systems in a safe, reproducible, and user-friendly manner.

Contribution

This work introduces ICSSPulse, the first web-based, modular platform integrating ICS protocol testing with LLM-assisted reporting for comprehensive security assessments.

Findings

Successfully identified active industrial services and assets.

Demonstrated manipulation of process variables in simulated environments.

Automated report generation with mitigation guidance.

Abstract

It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we present ICSSPulse, an open-source, modular, and extensible penetration testing platform designed for the security assessment of ICS communication protocols. To the best of our knowledge, ICSSPulse is the first web-based platform that unifies network scanning, protocol-aware Modbus and OPC~UA interaction, and Large Language Model (LLM)-assisted reporting within a single, lightweight ecosystem. Our platform provides a user-friendly graphical interface that orchestrates enumeration, exploitation, and reporting activities over simulated industrial services, enabling safe and reproducible experimentation. It supports protocol-level discovery, asset enumeration, and controlled read/write interactions, while preserving protocol fidelity and operational transparency. Experimental evaluation using synthetic Modbus test servers, a Factory I/O water treatment scenario, and a custom OPC~UA production-line model demonstrated ICSSPulse's potential to discover active industrial services, enumerate process-relevant assets, and manipulate process variables. A key contribution of this work lies in the integration of an LLM-assisted reporting module that automatically translates technical findings into structured executive and technical reports, with mitigation guidance informed by the ICS MITRE ATT&CK ICS matrix.