iothackbot

IoTHackBot

Open-source IoT security testing toolkit with integrated Claude Code skills for automated vulnerability discovery.

Overview

IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments.

Tools Included

Network Discovery & Reconnaissance

• wsdiscovery - WS-Discovery protocol scanner for discovering ONVIF cameras and IoT devices
• iotnet - IoT network traffic analyzer for detecting protocols and vulnerabilities
• netflows - Network flow extractor with DNS hostname resolution from pcap files
• nmap (skill) - Professional network reconnaissance with two-phase scanning strategy

Device-Specific Testing

• onvifscan - ONVIF device security scanner
  • Authentication bypass testing
  • Credential brute-forcing

Firmware & File Analysis

• chipsec (skill) - UEFI/BIOS firmware static analysis

  • Detect known rootkits (LoJax, ThinkPwn, HackingTeam)
  • Generate EFI executable inventories with hashes
  • Decode firmware structure and extract NVRAM

• ffind - Advanced file finder with type detection and filesystem extraction

  • Identifies artifact file types
  • Extracts ext2/3/4 and F2FS filesystems
  • Designed for firmware analysis

Android Analysis

• apktool (skill) - APK unpacking and resource extraction

  • Decode AndroidManifest.xml
  • Extract resources, layouts, strings
  • Disassemble to smali code

• jadx (skill) - APK decompilation

  • Convert DEX to readable Java source
  • Search for hardcoded credentials
  • Analyze app logic

Hardware & Console Access

• jtagprobe - SWD/JTAG debug interface probe via SEGGER J-Link

  • Classifies targets as OPEN / LOCKED / DEAD
  • Sweeps SWD then JTAG across multiple clock speeds
  • Decodes DPIDR / IDCODE to vendor (STM32, NXP, Nordic, TI, ...)
  • Halt + memory read to confirm true debugger control
  • Per-attempt JLinkExe stdout captured for pentest evidence

• picocom (skill) - IoT UART console interaction for hardware testing

  • Bootloader manipulation
  • Shell enumeration
  • Firmware extraction
  • Includes Python helper script for automated interaction

• telnetshell (skill) - IoT telnet shell interaction

  • Unauthenticated shell testing
  • Device enumeration
  • BusyBox command handling
  • Includes Python helper script and pre-built enumeration scripts

Installation

Prerequisites

# Python dependencies
pip install colorama pyserial pexpect requests

# System dependencies (Arch Linux)
sudo pacman -S nmap e2fsprogs f2fs-tools python python-pip inetutils

# For other distributions, install equivalent packages

Setup

1. Clone the repository:

git clone https://github.com/BrownFineSecurity/iothackbot.git
cd iothackbot

2. Add the bin directory to your PATH:

export PATH="$PATH:$(pwd)/bin"

3. For permanent setup, add to your shell configuration:

echo 'export PATH="$PATH:/path/to/iothackbot/bin"' >> ~/.bashrc

Usage

Quick Start Examples

Discover ONVIF Devices

wsdiscovery 192.168.1.0/24

Test ONVIF Device Security

onvifscan auth http://192.168.1.100
onvifscan brute http://192.168.1.100

Analyze Network Traffic

# Analyze PCAP file for IoT protocols
iotnet capture.pcap

# Live capture
sudo iotnet -i eth0 -d 60

Extract Network Flows

# Extract flows from device with DNS resolution
netflows capture.pcap --source-ip 192.168.1.100

# Get just hostname:port list
netflows capture.pcap -s 192.168.1.100 --format quiet

Analyze Firmware

# Identify file types
ffind firmware.bin

# Extract filesystems (requires sudo)
sudo ffind firmware.bin -e

Claude Code Plugin

IoTHackBot is available as a Claude Code plugin, providing AI-assisted security testing with specialized skills.

Available Skills

Skill	Description
chipsec	UEFI/BIOS firmware static analysis - malware detection, EFI inventory
apktool	Android APK unpacking and resource extraction
jadx	Android APK decompilation to Java source
ffind	Firmware file analysis with filesystem extraction
iotnet	IoT network traffic analysis
jtagprobe	SWD/JTAG debug interface probe via J-Link
netflows	Network flow extraction with DNS hostname resolution
nmap	Professional network reconnaissance
onvifscan	ONVIF device security testing
picocom	UART console interaction
telnetshell	Telnet shell enumeration
wsdiscovery	WS-Discovery device discovery

Plugin Installation

Option 1: Use directly during development

claude --plugin-dir /path/to/iothackbot

Option 2: Install as local marketplace (persistent)