Skip to content
/ otlighthouse Public

OT Lighthouse is a project to help ICS / OT administrators with hardware / software asset management, vulnerability assessment, information gathering, regulatory compliance, and system hardening. The focus of this project is to address standalone workstations, servers, and smaller ICS / OT deployments.

otlighthouse.com/

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cutaway-security/otlighthouse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

188 Commits
checks
checks
 
 
config
config
 
 
docs
docs
 
 
images
images
 
 
lib
lib
 
 
.gitignore
.gitignore
 
 
CNAME
CNAME
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RELEASE_NOTES.md
RELEASE_NOTES.md
 
 
RunAudit.bat
RunAudit.bat
 
 
RunAudit.ps1
RunAudit.ps1
 
 

Repository files navigation

OT Lighthouse Security Auditing Toolkit

A Windows security and configuration auditing toolkit designed for standalone OT/ICS systems. Performs read-only security assessments with no system modifications.

Features

  • 68 security checks across 4 audit categories
  • Standalone PowerShell and Batch implementations (no external dependencies)
  • Supports Windows XP through Windows 11/Server 2022
  • Text and HTML report output with detailed recommendations
  • Reference ID system for tracking findings

Quick Start

PowerShell

.\RunAudit.ps1 -AuditClass All -OutputPath C:\Audits -OutputFormat Both

Batch (for systems without PowerShell)

RunAudit.bat -AuditClass All -OutputPath C:\Audits -OutputFormat Both

Usage

Parameters

Parameter Values Description
-AuditClass Inventory, Hardening, DFIR, NERC_CIP, All Category of checks to run
-OutputPath Directory path Where to save results
-OutputFormat Text, HTML, Both Report format
-QuietMode (flag) Suppress console output

Legacy Support

For backward compatibility, -AuditLevel is still supported:

  • Basic = Inventory
  • Standard = Hardening
  • Comprehensive = All

Audit Categories

Category Description Checks
Inventory Asset baseline and system information 13
Hardening Security configuration assessment 47
DFIR Digital forensics and incident response 8
NERC_CIP NERC CIP-010-5 compliance 13

Output Structure

OutputPath/
  Reports/          # Consolidated HTML/TXT audit reports
  Results/          # Individual check result files (HTML and TXT)
  Summary/          # JSON summary data
  Logs/             # Execution logs

Note: HTML consolidated reports link directly to individual HTML check result files for detailed drill-down.

Running Individual Checks

Each check can run standalone for troubleshooting:

.\checks\powershell\SMBv1Check.ps1 -OutputPath C:\temp\debug
checks\batch\SMBv1Check.bat -OutputPath C:\temp\debug

Documentation

See the docs/ directory for detailed documentation:

User Guides

Reference

Developer

Requirements

  • Windows XP SP3 or later
  • Administrator privileges recommended (some checks work as standard user)
  • No external dependencies - all scripts are self-contained

License

GPL v3 - See LICENSE file for details.

Support

Report issues at: https://github.com/cutaway-security/otlighthouse/issues

About

OT Lighthouse is a project to help ICS / OT administrators with hardware / software asset management, vulnerability assessment, information gathering, regulatory compliance, and system hardening. The focus of this project is to address standalone workstations, servers, and smaller ICS / OT deployments.

otlighthouse.com/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages