By DarkAlguty
IoT security testing toolkit with skills for firmware analysis, network reconnaissance, UEFI security, and device exploitation
Android APK unpacking and resource extraction tool for reverse engineering. Use when you need to decode APK files, extract resources, examine AndroidManifest.xml, analyze smali code, or repackage modified APKs.
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.
Static analysis of UEFI/BIOS firmware dumps using Intel's chipsec framework. Decode firmware structure, detect known malware and rootkits (LoJax, ThinkPwn, HackingTeam, MosaicRegressor), generate EFI executable inventories with hashes, extract NVRAM variables, and parse SPI flash descriptors. Use when analyzing firmware .bin/.rom/.fd/.cap files offline without requiring hardware access.
Advanced file finder with type detection and filesystem extraction for analyzing firmware and extracting embedded filesystems. Use when you need to analyze firmware files, identify file types, or extract ext2/3/4 or F2FS filesystems.
IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Executables (bin/) — files in this plugin's bin/directory are added to the Bash tool's PATH while the plugin is enabled.
Open-source IoT security testing toolkit with integrated Claude Code skills for automated vulnerability discovery.
IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments.
chipsec (skill) - UEFI/BIOS firmware static analysis
ffind - Advanced file finder with type detection and filesystem extraction
apktool (skill) - APK unpacking and resource extraction
jadx (skill) - APK decompilation
picocom (skill) - IoT UART console interaction for hardware testing
telnetshell (skill) - IoT telnet shell interaction
# Python dependencies
pip install colorama pyserial pexpect requests
# System dependencies (Arch Linux)
sudo pacman -S nmap e2fsprogs f2fs-tools python python-pip inetutils
# For other distributions, install equivalent packages
git clone https://github.com/BrownFineSecurity/iothackbot.git
cd iothackbot
export PATH="$PATH:$(pwd)/bin"
echo 'export PATH="$PATH:/path/to/iothackbot/bin"' >> ~/.bashrc
wsdiscovery 192.168.1.0/24
onvifscan auth http://192.168.1.100
onvifscan brute http://192.168.1.100
# Analyze PCAP file for IoT protocols
iotnet capture.pcap
# Live capture
sudo iotnet -i eth0 -d 60
# Extract flows from device with DNS resolution
netflows capture.pcap --source-ip 192.168.1.100
# Get just hostname:port list
netflows capture.pcap -s 192.168.1.100 --format quiet
# Identify file types
ffind firmware.bin
# Extract filesystems (requires sudo)
sudo ffind firmware.bin -e
IoTHackBot is available as a Claude Code plugin, providing AI-assisted security testing with specialized skills.
| Skill | Description |
|---|---|
| chipsec | UEFI/BIOS firmware static analysis - malware detection, EFI inventory |
| apktool | Android APK unpacking and resource extraction |
| jadx | Android APK decompilation to Java source |
| ffind | Firmware file analysis with filesystem extraction |
| iotnet | IoT network traffic analysis |
| netflows | Network flow extraction with DNS hostname resolution |
| nmap | Professional network reconnaissance |
| onvifscan | ONVIF device security testing |
| picocom | UART console interaction |
| telnetshell | Telnet shell enumeration |
| wsdiscovery | WS-Discovery device discovery |
Option 1: Use directly during development
claude --plugin-dir /path/to/iothackbot
Option 2: Install as local marketplace (persistent)
Add to ~/.claude/settings.json:
{
"extraKnownMarketplaces": {
"iothackbot-local": {
"source": {
"source": "directory",
"path": "/path/to/iothackbot"
}
}
},
"enabledPlugins": {
"iothackbot": true
}
}
Then restart Claude Code for the settings to take effect.
Option 3: Project-specific setup
npx claudepluginhub darkalguty/iothackbotComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Lazy senior dev mode. Forces the simplest, shortest solution that actually works: YAGNI, stdlib first, no unrequested abstractions.
Develop, test, build, and deploy Godot 4.x games with Claude Code. Includes GdUnit4 testing, web/desktop exports, CI/CD pipelines, and deployment to Vercel/GitHub Pages/itch.io.
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Comprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review