telnetshell

from brownfinesecurity/iothackbot

IoT HackBot: A collection of Claude Skills and custom tooling for hybrid IoT pentesting

517 stars84 forksUpdated Jan 8, 2026
npx skills add https://github.com/brownfinesecurity/iothackbot --skill telnetshell

SKILL.md

IoT Telnet Shell (telnetshell)

This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities.

Prerequisites

  • Python 3 with pexpect library (pip install pexpect or sudo pacman -S python-pexpect)
  • telnet client installed on the system (sudo pacman -S inetutils on Arch)
  • Network access to the target device's telnet port

Recommended Approach: Telnet Helper Script

IMPORTANT: This skill includes a Python helper script (telnet_helper.py) that provides a clean, reliable interface for telnet communication. This is the RECOMMENDED method for interacting with IoT devices.

Default Session Logging

ALL commands run by Claude will be logged to /tmp/telnet_session.log by default.

To observe what Claude is doing in real-time:

# In a separate terminal, run:
tail -f /tmp/telnet_session.log

This allows you to watch all telnet I/O as it happens without interfering with the connection.

Why Use the Telnet Helper?

The helper script solves many problems with direct telnet usage:

  • Clean output: Automatically removes command echoes, prompts, and ANSI codes
  • Prompt detection: Automatically detects and waits for device prompts
  • Timeout handling: Proper timeout management with no arbitrary sleeps
  • Easy scripting: Simple command-line interface for single commands or batch operations
  • Session logging: All I/O logged to /tmp/telnet_session.log for observation
  • Reliable: No issues with TTY requirements or background processes
  • JSON output: For programmatic parsing and tool chaining

Quick Start with Telnet Helper

Single Command:

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "uname -a"

Custom Port:

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --command "ls /"

With Custom Prompt (recommended for known devices):

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --prompt "^/ [#\$]" --command "ifconfig"

Interactive Mode:

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --interactive

Batch Commands from File:

# Create a file with commands (one per line)
echo -e "uname -a\ncat /proc/version\nifconfig\nps" > commands.txt
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --script commands.txt

JSON Output (for parsing):

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "uname -a" --json

Debug Mode:

python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "ls" --debug

Session Logging (for observation):

# Terminal 1 - Run with logging
python3 .claude/skills/telnetshell/telnet_helper.py \
  --host 192.168.1.100 \
  --port 2222 \
  --logfile /tmp/session.log \
  --interactive

# Terminal 2 - Watch the session in real-time
tail -f /tmp/session.log

Note: See OBSERVING_SESSIONS.md for comprehensive guide on monitoring telnet sessions.

Telnet Helper Options

Required (one of):
  --command, -c CMD         Execute single command
  --interactive, -i         Enter interactive mode
  --script, -s FILE         Execute commands from file

Connection Options:
  --host, -H HOST           Target host IP or hostname (required)
  --port, -P PORT           Telnet port (default: 23)
  --timeout, -t SECONDS     Command timeout (default: 3.0)
  --prompt, -p PATTERN      Custom prompt regex pattern

Output Options:
  --raw, -r                 Don't clean output (show echoes, prompts)
  --json, -j                Output in JSON format
  --logfile, -l FILE        Log all I/O to file (default: /tmp/telnet_session.log)
  --debug                   Show debug information

Common Prompt Patterns

The helper script includes common prompt patterns, but you can specify custom ones:

# BusyBox shell (common on IoT)
--prompt "/\s*[#\$]\s*$"

# Standard root/user prompts
--prompt "^[#\$]\s*$"

# Custom device
--prompt "^MyDevice>\s*$"

# Uniview cameras
--prompt "^User@[^>]+>\s*$"

Device Enumeration Example with Telnet Helper

Here's a complete example of safely enumerating a device:

# Set variables for convenience
HELPER="python3 .claude/skills/telnetshell/telnet_helper.py"
HOST="192.168.1.100"
PORT="2222"
LOGFILE="/tmp/telnet_session.log"

# System information
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "uname -a"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /proc/version"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /proc/cpuinfo"

# Check for BusyBox
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "busybox"

# Net

...
Read full content

Repository

brownfinesecurity
brownfinesecurity/iothackbotParent repository

Repository Stats

Stars517
Forks84
LicenseMIT License