AeroFuzz

AeroFuzz is a contained Modbus TCP protocol-robustness research lab for learning ICS/OT security safely. It uses Python, Scapy, and Docker to study how industrial protocol implementations behave when exposed to abnormal or malformed inputs — entirely against a simulated PLC inside an isolated lab, never live infrastructure.

⚠️ Authorized, lab-only research. AeroFuzz is built strictly for education and controlled testing against the simulated Modbus endpoint shipped in the repo. It is not for production OT systems or any target you don’t own.

Why it exists

Industrial environments lean on legacy protocols where availability and safety are critical, so security testing there demands restraint. AeroFuzz explores the methodology questions — how to generate and log abnormal protocol inputs, how to reproduce failure cases for defensive analysis, and how to isolate all of it from production networks — without touching anything real.

How it works

A modular Python pipeline:

• Generator — builds baseline Modbus TCP request structures.
• Mutator — applies controlled mutations (bit flips, byte-level changes, boundary-value inputs) to protocol fields and payloads.
• Transceiver — communicates with the simulated target inside the Docker lab.
• Watchdog — monitors target availability and detects service instability in real time, capturing the reproducible test case that triggered it.
• Persistence — logs campaign metadata, payloads, and observed failures to SQLite for offline analysis.
• Analyzer — replays and inspects recorded failure-triggering cases for defensive review.

Safety by design

The whole thing runs in an isolated Docker bridge network against a Dockerized pymodbus target. Deterministic seeds make campaigns replayable, and rate-limited execution keeps traffic generation controlled. It’s an educational research lab, full stop — not a tool for live systems.