Skip to content

Instantly share code, notes, and snippets.

@cutaway

cutaway/offline_python_install.md

Last active December 5, 2025 14:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save cutaway/49a82ca46ec2a77a83b8fc0d5a6ca52f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save cutaway/49a82ca46ec2a77a83b8fc0d5a6ca52f to your computer and use it in GitHub Desktop.
Download ZIP
Python Offline Install Windows, Ubuntu, and Kali
Raw
offline_python_install.md

OT / ICS Python Testing & Challenge Requirements (USB Transfer Only)

This section defines the minimum Python modules and system dependencies required to support:

  • OT protocol testing
  • ICS traffic analysis
  • Control system security challenges
  • Adversary emulation in cyber ranges
  • Engineering workstation simulation

All files are assumed to be transferred via USB only.

Core Python Requirements (All OT Test Systems)

The following must be installed offline before any testing begins:

  • Python 3.x (exact version must match staging system)

  • pip

  • Virtual environment support:

    • Windows: venv via Python installer
    • Ubuntu: python3-venv
    • Kali: python3-venv

Core Python OT Testing Modules (Required)

These modules support the majority of OT security testing and protocol interaction use cases.

  • requests – API and device web interface interaction
  • scapy – Packet crafting and manipulation
  • pyshark – Live packet capture and pcap analysis
  • pymodbus – Modbus/TCP client and server simulation
  • minimalmodbus – Modbus RTU over serial
  • opcua – OPC UA client/server testing
  • python-can – CAN bus testing and ECU simulation
  • BACpypes – BACnet/IP protocol testing
  • cpppo – EtherNet/IP / CIP interaction
  • pycomm3 – Allen-Bradley EtherNet/IP communication
  • python-nmap – Nmap automation for OT-safe scanning
  • ipython – Interactive OT testing shell

These should be downloaded on the staging system using:

pip download ipython requests pyshark scapy pycomm3 cpppo pymodbus python-nmap opcua python-can BACpypes minimalmodbus -d ~/python-offline/modules

Advanced OT Protocol & Industrial Challenge Modules (Optional but Recommended)

These support more advanced detection evasion, protocol fuzzing, and cyber range challenges.

  • boofuzz – Protocol fuzzing for PLC services
  • pydnp3 – DNP3 protocol interaction
  • pyiec104 – IEC-60870-5-104 testing
  • snap7 – Siemens S7 testing
  • s7comm – Raw Siemens S7 packet crafting
  • modbus-tk – Alternate Modbus stack
  • construct – Binary protocol parsing
  • bitstring – Bit-level field manipulation
  • hexdump – Binary payload inspection
  • pyserial – RS-232/RS-485 serial access
  • crcmod – Frame checksum generation

USB staging command (optional set):

pip download boofuzz pydnp3 pyiec104 python-snap7 modbus-tk construct bitstring hexdump pyserial crcmod -d ~/python-offline/modules-advanced

OT Packet Capture & Crypto System Requirements

These are mandatory for Scapy, PyShark, OPC UA, and encrypted OT traffic testing.

Windows System Requirements (Offline Install via USB)

  • Npcap (WinPcap-compatible mode)
  • Wireshark (for tshark)
  • OpenSSL libraries
  • Visual C++ Redistributable (x64)

Installation order:

  • Visual C++ Redistributable
  • OpenSSL
  • Npcap
  • Wireshark

Ubuntu System Requirements (Offline via apt)

  • libpcap0.8
  • tshark
  • openssl
  • build-essential
  • python3-dev
  • python3-venv

Kali Linux System Requirements (Offline via apt)

  • libpcap0.8
  • tshark
  • openssl
  • build-essential
  • python3-dev
  • python3-venv

Privilege Requirements for OT Testing

Several OT testing modules require elevated execution.

  • Windows:

    • PowerShell must be run as Administrator
    • Npcap must be installed with raw capture support

  • Ubuntu & Kali:

    • Commands must be run using sudo
    • User must be in the wireshark group if live capture is required

OT Testing Virtual Environment Rules

Each assessment system must use isolated Python environments.

  • One virtual environment per project
  • No system-wide pip installs
  • No auto-updates
  • No direct Internet access

Example (Linux):

python3 -m venv ~/ot-env
source ~/ot-env/bin/activate

Example (Windows):

python -m venv C:\User\user\ot-env
C:\User\user\ot-env\Scripts\activate

OT requirements.txt Locking (Strongly Required for Challenges)

Every OT test environment must use a locked dependency file.

  • Generate on the staging system:

    • pip freeze > requirements.txt

  • Download with:

    • pip download -r requirements.txt

  • Install on offline system with:

    • pip install --no-index --find-links=. -r requirements.txt

This ensures:

  • Identical challenge environments
  • No version drift
  • Repeatable scoring and packet behavior

OT USB Handling Rules

All USB transfer media must meet the following:

  • Virus scanned on IT system before use
  • Used only as one-way transfer into OT
  • Never reused between IT and OT without reformatting
  • Auto-run disabled at OS level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment