iotnet_skill

This skill analyzes IoT network traffic to detect protocols and vulnerabilities, helping you secure devices and identify unencrypted communications.
  • Python

520

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill brownfinesecurity/iothackbot --skill iotnet

  • SKILL.md3.9 KB

Overview

This skill is an IoT network traffic analyzer that detects IoT protocols and identifies security vulnerabilities in network communications. It inspects packet captures or performs live captures to find unencrypted traffic, weak authentication, and insecure device behavior. Results include protocol distribution, detailed findings, severity levels, and remediation recommendations.

How this skill works

The tool accepts one or more PCAP files for offline analysis or performs live captures on a specified network interface and duration. It detects IoT-specific protocols (MQTT, CoAP, Zigbee, Z-Wave, ONVIF, UPnP/SSDP, Modbus, etc.), applies detection rules, and scans traffic for security issues like plaintext credentials, missing TLS, and insecure protocol versions. Output can be produced as text or JSON and includes packet counts, protocol breakdowns, vulnerability details, and suggested fixes.

When to use it

  • Assess security posture of IoT devices on your network
  • Analyze PCAPs from audits, honeypots, or incident response
  • Perform live captures to profile device behavior and protocols
  • Verify whether IoT traffic is encrypted and authenticated
  • Validate custom detection rules or IoT-specific filters

Best practices

  • Use PCAP analysis for forensic review and live capture for behavior profiling
  • Run live captures with elevated privileges and define a short focused duration to limit data volume
  • Supply BPF or display filters to target specific protocols or IPs and reduce noise
  • Provide custom detection rules when analyzing proprietary or uncommon protocols
  • Export JSON output for integration with dashboards or automated reporting

Example use cases

  • Analyze a saved capture: iotnet /path/to/capture.pcap to detect MQTT/CoAP leaks
  • Live capture on Wi-Fi for device discovery: sudo iotnet -i wlan0 -d 60
  • Filter traffic to a device IP: iotnet capture.pcap --ip 192.168.1.100 to check plaintext credentials
  • Use BPF to focus on IoT ports: sudo iotnet -i eth0 -c "port 1883 or port 5683" -d 45
  • Combine multiple PCAPs and a custom rule set: iotnet f1.pcap f2.pcap --config custom-rules.json

FAQ

Yes. Live capture requires root or sudo privileges to access the network interface.

Can I analyze multiple PCAPs at once?

Yes. Provide multiple PCAP file paths and the tool will aggregate protocol detection and vulnerability findings.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
iotnet skill by brownfinesecurity/iothackbot | VeilStrat