brownfinesecurity/iothackbot

IoT HackBot: A collection of Claude Skills and custom tooling for hybrid IoT pentesting

517 stars84 forksUpdated Jan 8, 2026
npx skills add brownfinesecurity/iothackbot

README

IoTHackBot

Open-source IoT security testing toolkit with integrated Claude Code skills for automated vulnerability discovery.

Overview

IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments.

Tools Included

Network Discovery & Reconnaissance

  • wsdiscovery - WS-Discovery protocol scanner for discovering ONVIF cameras and IoT devices
  • iotnet - IoT network traffic analyzer for detecting protocols and vulnerabilities
  • nmap (skill) - Professional network reconnaissance with two-phase scanning strategy

Device-Specific Testing

  • onvifscan - ONVIF device security scanner
    • Authentication bypass testing
    • Credential brute-forcing

Firmware & File Analysis

  • chipsec (skill) - UEFI/BIOS firmware static analysis

    • Detect known rootkits (LoJax, ThinkPwn, HackingTeam)
    • Generate EFI executable inventories with hashes
    • Decode firmware structure and extract NVRAM

  • ffind - Advanced file finder with type detection and filesystem extraction

    • Identifies artifact file types
    • Extracts ext2/3/4 and F2FS filesystems
    • Designed for firmware analysis

Android Analysis

  • apktool (skill) - APK unpacking and resource extraction

    • Decode AndroidManifest.xml
    • Extract resources, layouts, strings
    • Disassemble to smali code

  • jadx (skill) - APK decompilation

    • Convert DEX to readable Java source
    • Search for hardcoded credentials
    • Analyze app logic

Hardware & Console Access

  • picocom (skill) - IoT UART console interaction for hardware testing

    • Bootloader manipulation
    • Shell enumeration
    • Firmware extraction
    • Includes Python helper script for automated interaction

  • telnetshell (skill) - IoT telnet shell interaction

    • Unauthenticated shell testing
    • Device enumeration
    • BusyBox command handling
    • Includes Python helper script and pre-built enumeration scripts

Installation

Prerequisites

# Python dependencies
pip install colorama pyserial pexpect requests

# System dependencies (Arch Linux)
sudo pacman -S nmap e2fsprogs f2fs-tools python python-pip inetutils

# For other distributions, install equivalent packages

Setup

  1. Clone the repository:
git clone https://github.com/BrownFineSecurity/iothackbot.git
cd iothackbot
  1. Add the bin directory to your PATH:
export PATH="$PATH:$(pwd)/bin"
  1. For permanent setup, add to your shell configuration:
echo 'export PATH="$PATH:/path/to/iothackbot/bin"' >> ~/.bashrc

Usage

Quick Start Examples

Discover ONVIF Devices

wsdiscovery 192.168.1.0/24

Test ONVIF Device Security

onvifscan auth http://192.168.1.100
onvifscan brute http://192.168.1.100

Analyze Network Traffic

# Analyze PCAP file
iotnet capture.pcap

# Live capture
sudo iotnet -i eth0 -d 60

Analyze Firmware

# Identify file types
ffind firmware.bin

# Extract filesystems (requires sudo)
sudo ffind firmware.bin -e

Claude Code Plugin

IoTHackBot is available as a Claude Code plugin, providing AI-assisted security testing with specialized skills.

Available Skills

SkillDescription
chipsecUEFI/BIOS firmware static analysis - malware detection, EFI inventory
apktoolAndroid APK unpacking and resource extraction
jadxAndroid APK decompilation to Java source
ffindFirmware file analysis with filesystem extraction
iotnetIoT network traffic analysis
nmapProfessional network reconnaissance
onvifscanONVIF device security testing
picocomUART console interaction
telnetshellTelnet shell enumeration
wsdiscoveryWS-Discovery device discovery

Plugin Installation

Option 1: Use directly during development

claude --plugin-dir /path/to/iothackbot

Option 2: Install as local marketplace (persistent)

Add to ~/.claude/settings.json:

{
  "extraKnownMarketplaces": {
    "iothackbot-local": {
      "source": {
        "source": "directory",
        "path": "/path/to/iothackbot"
      }
    }
  },
  "enabledPlugins": {
    "iothackbot": true
  }
}

Then restart Claude Code for the settings to take effect.

Option 3: Project-specific setup

For use within a specific project, the skills are also available via the .claude/skills/ symlink for backwards compatibility.

Tool Architecture

All tools follow a consistent design pattern:

  • CLI Layer (tools/iothackbot/*.py) - Command-line interface with argparse
  • Core Layer (tools/iothackbot/core/*_core.py) - Core functionality implementing ToolInterface
  • Binary (bin/*) - Executable wrapper scripts

This separation enables:

  • Easy automation and

...

Read full README

Publisher

brownfinesecuritybrownfinesecurity

Statistics

Stars517
Forks84
Open Issues3
LicenseMIT License
CreatedNov 17, 2025