Open-source IoT security testing toolkit with integrated Claude Code skills for automated vulnerability discovery.
IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments.
- wsdiscovery - WS-Discovery protocol scanner for discovering ONVIF cameras and IoT devices
- iotnet - IoT network traffic analyzer for detecting protocols and vulnerabilities
- nmap (skill) - Professional network reconnaissance with two-phase scanning strategy
- onvifscan - ONVIF device security scanner
- Authentication bypass testing
- Credential brute-forcing
-
chipsec (skill) - UEFI/BIOS firmware static analysis
- Detect known rootkits (LoJax, ThinkPwn, HackingTeam)
- Generate EFI executable inventories with hashes
- Decode firmware structure and extract NVRAM
-
ffind - Advanced file finder with type detection and filesystem extraction
- Identifies artifact file types
- Extracts ext2/3/4 and F2FS filesystems
- Designed for firmware analysis
-
apktool (skill) - APK unpacking and resource extraction
- Decode AndroidManifest.xml
- Extract resources, layouts, strings
- Disassemble to smali code
-
jadx (skill) - APK decompilation
- Convert DEX to readable Java source
- Search for hardcoded credentials
- Analyze app logic
-
picocom (skill) - IoT UART console interaction for hardware testing
- Bootloader manipulation
- Shell enumeration
- Firmware extraction
- Includes Python helper script for automated interaction
-
telnetshell (skill) - IoT telnet shell interaction
- Unauthenticated shell testing
- Device enumeration
- BusyBox command handling
- Includes Python helper script and pre-built enumeration scripts
# Python dependencies pip install colorama pyserial pexpect requests # System dependencies (Arch Linux) sudo pacman -S nmap e2fsprogs f2fs-tools python python-pip inetutils # For other distributions, install equivalent packages
- Clone the repository:
git clone https://github.com/BrownFineSecurity/iothackbot.git
cd iothackbot- Add the bin directory to your PATH:
export PATH="$PATH:$(pwd)/bin"
- For permanent setup, add to your shell configuration:
echo 'export PATH="$PATH:/path/to/iothackbot/bin"' >> ~/.bashrc
wsdiscovery 192.168.1.0/24
onvifscan auth http://192.168.1.100 onvifscan brute http://192.168.1.100
# Analyze PCAP file iotnet capture.pcap # Live capture sudo iotnet -i eth0 -d 60
# Identify file types ffind firmware.bin # Extract filesystems (requires sudo) sudo ffind firmware.bin -e
IoTHackBot is available as a Claude Code plugin, providing AI-assisted security testing with specialized skills.
| Skill | Description |
|---|---|
| chipsec | UEFI/BIOS firmware static analysis - malware detection, EFI inventory |
| apktool | Android APK unpacking and resource extraction |
| jadx | Android APK decompilation to Java source |
| ffind | Firmware file analysis with filesystem extraction |
| iotnet | IoT network traffic analysis |
| nmap | Professional network reconnaissance |
| onvifscan | ONVIF device security testing |
| picocom | UART console interaction |
| telnetshell | Telnet shell enumeration |
| wsdiscovery | WS-Discovery device discovery |
Option 1: Use directly during development
claude --plugin-dir /path/to/iothackbot
Option 2: Install as local marketplace (persistent)
Add to ~/.claude/settings.json:
{
"extraKnownMarketplaces": {
"iothackbot-local": {
"source": {
"source": "directory",
"path": "/path/to/iothackbot"
}
}
},
"enabledPlugins": {
"iothackbot": true
}
}Then restart Claude Code for the settings to take effect.
Option 3: Project-specific setup
For use within a specific project, the skills are also available via the .claude/skills/ symlink for backwards compatibility.
All tools follow a consistent design pattern:
- CLI Layer (
tools/iothackbot/*.py) - Command-line interface with argparse - Core Layer (
tools/iothackbot/core/*_core.py) - Core functionality implementing ToolInterface - Binary (
bin/*) - Executable wrapper scripts
This separation enables:
- Easy automation and chaining
- Consistent output formats (text, JSON, quiet)
- Standardized error handling
- Tool composition and pipelines
config/iot/detection_rules.json - Custom IoT protocol detection rules for iotnet
wordlists/onvif-usernames.txt- Default usernames for ONVIF deviceswordlists/onvif-passwords.txt- Default passwords for ONVIF devices
See TOOL_DEVELOPMENT_GUIDE.md for detailed information on:
- Project structure standards
- Development patterns
- Output formatting guidelines
- Testing and integration
- ToolInterface - Base interface for all tools
- ToolConfig - Standardized configuration object
- ToolResult - Standardized result object with success, data, errors, and metadata
All tools support multiple output formats:
# Human-readable text with colors (default) onvifscan auth 192.168.1.100 # Machine-readable JSON onvifscan auth 192.168.1.100 --format json # Minimal output onvifscan auth 192.168.1.100 --format quiet
IMPORTANT: These tools are designed for authorized security testing only.
- Only test devices you own or have explicit permission to test
- Respect scope limitations and rules of engagement
- Be aware of the impact on production systems
- Use appropriate timing to avoid denial of service
- Document all testing activities
- Follow responsible disclosure practices
Contributions are welcome! Please ensure:
- New tools follow the architecture patterns in
TOOL_DEVELOPMENT_GUIDE.md - All tools support text, JSON, and quiet output formats
- Code includes proper error handling
- Documentation is clear and comprehensive
MIT License - See LICENSE file for details
This toolkit is provided for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors are not responsible for misuse or damage caused by this toolkit.