Summary

IoTHackBot is an open-source toolkit designed for hybrid IoT penetration testing, offering a suite of command-line tools and integrated Claude Code skills for automated vulnerability discovery. It targets security professionals and researchers seeking to assess the security posture of IoT devices, IP cameras, and embedded systems efficiently.

How It Works

The project combines specialized Python-based CLI tools with AI-assisted workflows powered by Claude Code skills. Its architecture separates concerns into CLI, Core, and Binary layers, enabling automation, consistent output formats (text, JSON, quiet), and tool composition. The integration of Claude Code skills provides guided, interactive security testing experiences for various modules.

Quick Start & Requirements

Installation involves cloning the repository, installing Python dependencies (colorama, pyserial, pexpect, requests), and system dependencies (e.g., nmap, e2fsprogs, f2fs-tools on Arch Linux). The bin directory must be added to the system's PATH for executable access. Users should consult the repository for specific commands and equivalent system package installations on non-Arch distributions.

Highlighted Details

• Network Reconnaissance: Includes wsdiscovery for WS-Discovery protocol scanning and iotnet for network traffic analysis.
• Device-Specific Testing: Features onvifscan for ONVIF device security, supporting authentication bypass and credential brute-forcing.
• Firmware Analysis: ffind identifies file types within firmware images and extracts common Linux filesystems (ext2/3/4, F2FS).
• Hardware Access: Integrates picocom (skill) for UART console interaction and telnetshell (skill) for unauthenticated telnet enumeration.
• AI Integration: Offers Claude Code skills for guided testing across discovery, analysis, and device interaction modules.

Maintenance & Community

Contributions are welcomed, with guidelines provided for adding new tools and ensuring adherence to project architecture and output standards. Specific details on active maintainers, community channels, or roadmap are not detailed in the provided README excerpt.

Licensing & Compatibility

The project is released under the MIT License, permitting broad usage and modification. No explicit restrictions for commercial use are noted, though the disclaimer emphasizes authorized testing contexts.

Limitations & Caveats

This toolkit is strictly intended for authorized security testing and educational purposes. Users bear full responsibility for obtaining necessary permissions before testing any systems and must adhere to ethical hacking practices, including respecting scope limitations and avoiding denial-of-service impacts. The authors disclaim liability for any misuse or damage.