IoTHackBot
Open-source IoT security testing toolkit with integrated Claude Code skills for automated vulnerability discovery.
Overview
IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments.
Tools Included
Network Discovery & Reconnaissance
- wsdiscovery - WS-Discovery protocol scanner for discovering ONVIF cameras and IoT devices
- iotnet - IoT network traffic analyzer for detecting protocols and vulnerabilities
- netflows - Network flow extractor with DNS hostname resolution from pcap files
- nmap (skill) - Professional network reconnaissance with two-phase scanning strategy
Device-Specific Testing
- onvifscan - ONVIF device security scanner
- Authentication bypass testing
- Credential brute-forcing
Firmware & File Analysis
Android Analysis
Hardware & Console Access
-
jtagprobe - SWD/JTAG debug interface probe via SEGGER J-Link
- Classifies targets as OPEN / LOCKED / DEAD
- Sweeps SWD then JTAG across multiple clock speeds
- Decodes DPIDR / IDCODE to vendor (STM32, NXP, Nordic, TI, ...)
- Halt + memory read to confirm true debugger control
- Per-attempt JLinkExe stdout captured for pentest evidence
-
picocom (skill) - IoT UART console interaction for hardware testing
- Bootloader manipulation
- Shell enumeration
- Firmware extraction
- Includes Python helper script for automated interaction
-
telnetshell (skill) - IoT telnet shell interaction
- Unauthenticated shell testing
- Device enumeration
- BusyBox command handling
- Includes Python helper script and pre-built enumeration scripts
Installation
Prerequisites
# Python dependencies
pip install colorama pyserial pexpect requests
# System dependencies (Arch Linux)
sudo pacman -S nmap e2fsprogs f2fs-tools python python-pip inetutils
# For other distributions, install equivalent packages
Setup
- Clone the repository:
git clone https://github.com/BrownFineSecurity/iothackbot.git
cd iothackbot
- Add the bin directory to your PATH:
export PATH="$PATH:$(pwd)/bin"
- For permanent setup, add to your shell configuration:
echo 'export PATH="$PATH:/path/to/iothackbot/bin"' >> ~/.bashrc
Usage
Quick Start Examples
Discover ONVIF Devices
wsdiscovery 192.168.1.0/24
Test ONVIF Device Security
onvifscan auth http://192.168.1.100
onvifscan brute http://192.168.1.100
Analyze Network Traffic
# Analyze PCAP file for IoT protocols
iotnet capture.pcap
# Live capture
sudo iotnet -i eth0 -d 60
Extract Network Flows
# Extract flows from device with DNS resolution
netflows capture.pcap --source-ip 192.168.1.100
# Get just hostname:port list
netflows capture.pcap -s 192.168.1.100 --format quiet
Analyze Firmware
# Identify file types
ffind firmware.bin
# Extract filesystems (requires sudo)
sudo ffind firmware.bin -e
Claude Code Plugin
IoTHackBot is available as a Claude Code plugin, providing AI-assisted security testing with specialized skills.
Available Skills
| Skill | Description |
|---|
| chipsec | UEFI/BIOS firmware static analysis - malware detection, EFI inventory |
| apktool | Android APK unpacking and resource extraction |
| jadx | Android APK decompilation to Java source |
| ffind | Firmware file analysis with filesystem extraction |
| iotnet | IoT network traffic analysis |
| jtagprobe | SWD/JTAG debug interface probe via J-Link |
| netflows | Network flow extraction with DNS hostname resolution |
| nmap | Professional network reconnaissance |
| onvifscan | ONVIF device security testing |
| picocom | UART console interaction |
| telnetshell | Telnet shell enumeration |
| wsdiscovery | WS-Discovery device discovery |
Plugin Installation
Option 1: Use directly during development
claude --plugin-dir /path/to/iothackbot
Option 2: Install as local marketplace (persistent)
