iotnet_skill
- Python
520
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill brownfinesecurity/iothackbot --skill iotnet- SKILL.md3.9 KB
Overview
This skill is an IoT network traffic analyzer that detects IoT protocols and identifies security vulnerabilities in network communications. It inspects packet captures or performs live captures to find unencrypted traffic, weak authentication, and insecure device behavior. Results include protocol distribution, detailed findings, severity levels, and remediation recommendations.
How this skill works
The tool accepts one or more PCAP files for offline analysis or performs live captures on a specified network interface and duration. It detects IoT-specific protocols (MQTT, CoAP, Zigbee, Z-Wave, ONVIF, UPnP/SSDP, Modbus, etc.), applies detection rules, and scans traffic for security issues like plaintext credentials, missing TLS, and insecure protocol versions. Output can be produced as text or JSON and includes packet counts, protocol breakdowns, vulnerability details, and suggested fixes.
When to use it
- Assess security posture of IoT devices on your network
- Analyze PCAPs from audits, honeypots, or incident response
- Perform live captures to profile device behavior and protocols
- Verify whether IoT traffic is encrypted and authenticated
- Validate custom detection rules or IoT-specific filters
Best practices
- Use PCAP analysis for forensic review and live capture for behavior profiling
- Run live captures with elevated privileges and define a short focused duration to limit data volume
- Supply BPF or display filters to target specific protocols or IPs and reduce noise
- Provide custom detection rules when analyzing proprietary or uncommon protocols
- Export JSON output for integration with dashboards or automated reporting
Example use cases
- Analyze a saved capture: iotnet /path/to/capture.pcap to detect MQTT/CoAP leaks
- Live capture on Wi-Fi for device discovery: sudo iotnet -i wlan0 -d 60
- Filter traffic to a device IP: iotnet capture.pcap --ip 192.168.1.100 to check plaintext credentials
- Use BPF to focus on IoT ports: sudo iotnet -i eth0 -c "port 1883 or port 5683" -d 45
- Combine multiple PCAPs and a custom rule set: iotnet f1.pcap f2.pcap --config custom-rules.json
FAQ
Yes. Live capture requires root or sudo privileges to access the network interface.
Can I analyze multiple PCAPs at once?
Yes. Provide multiple PCAP file paths and the tool will aggregate protocol detection and vulnerability findings.