MCP.directory

picocom

by BrownFineSecurity
0
0
Source

Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.

Install

mkdir -p .claude/skills/picocom && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6684" && unzip -o skill.zip -d .claude/skills/picocom && rm skill.zip

Installs to .claude/skills/picocom

About this skill

IoT UART Console (picocom)

This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery.

Prerequisites

  • picocom must be installed on the system
  • Python 3 with pyserial library (sudo pacman -S python-pyserial on Arch, or pip install pyserial)
  • UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.)
  • Appropriate permissions to access serial devices (typically /dev/ttyUSB* or /dev/ttyACM*)

Recommended Approach: Serial Helper Script

IMPORTANT: This skill includes a Python helper script (serial_helper.py) that provides a clean, reliable interface for serial communication. This is the RECOMMENDED method for interacting with IoT devices.

Default Session Logging

ALL commands run by Claude will be logged to /tmp/serial_session.log by default.

To observe what Claude is doing in real-time:

# In a separate terminal, run:
tail -f /tmp/serial_session.log

This allows you to watch all serial I/O as it happens without interfering with the connection.

Why Use the Serial Helper?

The helper script solves many problems with direct picocom usage:

  • Clean output: Automatically removes command echoes, prompts, and ANSI codes
  • Prompt detection: Automatically detects and waits for device prompts
  • Timeout handling: Proper timeout management with no arbitrary sleeps
  • Easy scripting: Simple command-line interface for single commands or batch operations
  • Session logging: All I/O logged to /tmp/serial_session.log for observation
  • Reliable: No issues with TTY requirements or background processes

Quick Start with Serial Helper

Single Command:

python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help"

With Custom Prompt (recommended for known devices):

python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --prompt "User@[^>]+>" --command "ifconfig"

Interactive Mode:

python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --interactive

Batch Commands from File:

# Create a file with commands (one per line)
echo -e "help\ndate\nifconfig\nps" > commands.txt
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --script commands.txt

JSON Output (for parsing):

python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help" --json

Debug Mode:

python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help" --debug

Session Logging (for observation):

# Terminal 1 - Run with logging
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --prompt "User@[^>]+>" \
  --logfile /tmp/session.log \
  --interactive

# Terminal 2 - Watch the session in real-time
tail -f /tmp/session.log

Note: See OBSERVING_SESSIONS.md for comprehensive guide on monitoring serial sessions.

Monitor Mode (Passive Listening)

NEW FEATURE: Monitor mode is designed for passive UART monitoring where the device outputs logs without prompts or interaction.

Use cases:

  • Monitoring boot logs from devices without interactive consoles
  • Capturing triggered output when external actions are performed
  • Testing if network requests or hardware events generate UART logs
  • Baseline vs triggered output comparison

Basic passive monitoring:

python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 30 \
  --logfile /tmp/uart.log

Monitor with external trigger script:

# Run external script after 5 seconds and capture triggered UART output
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 60 \
  --trigger-script "python3 /path/to/test_script.py" \
  --trigger-delay 5 \
  --logfile /tmp/triggered_uart.log

Monitor with baseline capture:

# Capture 10s baseline, run trigger at 15s, continue for total 60s
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 60 \
  --trigger-script "curl http://192.168.1.100/api/reboot" \
  --trigger-delay 15 \
  --baseline-duration 10 \
  --logfile /tmp/reboot_monitor.log

Monitor mode options:

  • --duration SECONDS - Total monitoring time (default: 30)
  • --trigger-script CMD - External command/script to run during monitoring
  • --trigger-delay SECONDS - When to run trigger (default: 5)
  • --baseline-duration SECONDS - Capture baseline before trigger (default: 0)
  • --logfile FILE - Log all I/O to file
  • --json - Output results in JSON format

Output includes:

  • Real-time timestamped console output
  • Baseline vs trigger vs post-trigger categorization
  • Trigger script exit code and output
  • Summary statistics (bytes captured in each phase)
  • Timeline with all captured data

Serial Helper Options

Required (one of):
  --command, -c CMD         Execute single command
  --interactive, -i         Enter interactive mode
  --script, -s FILE         Execute commands from file
  --monitor, -m             Passive monitoring mode (just listen, no commands)

Connection Options:
  --device, -d DEV          Serial device (default: /dev/ttyUSB0)
  --baud, -b RATE           Baud rate (default: 115200)
  --timeout, -t SECONDS     Command timeout (default: 3.0)
  --prompt, -p PATTERN      Custom prompt regex pattern
  --at-mode, -a             AT command mode for cellular/satellite modems

Monitor Mode Options:
  --duration SECONDS        Monitoring duration (default: 30.0)
  --trigger-script CMD      External script/command to run during monitoring
  --trigger-delay SECONDS   Seconds before running trigger (default: 5.0)
  --baseline-duration SEC   Baseline capture duration (default: 0.0)

Output Options:
  --raw, -r                 Don't clean output (show echoes, prompts)
  --json, -j                Output in JSON format
  --logfile, -l FILE        Log all I/O to file (can tail -f in another terminal)
  --debug                   Show debug information

Common Prompt Patterns

The helper script includes common prompt patterns, but you can specify custom ones:

# Uniview camera
--prompt "User@[^>]+>"

# Standard root/user prompts
--prompt "[#\$]\s*$"

# U-Boot bootloader
--prompt "=>\s*$"

# Custom device
--prompt "MyDevice>"

AT Command Mode (Cellular/Satellite Modems)

IMPORTANT: When interacting with AT command interfaces (cellular modems, satellite modems, GPS modules), use the --at-mode flag. AT interfaces do NOT use shell prompts - they respond with OK, ERROR, or specific result codes.

When to use AT mode:

  • Cellular modems (Quectel, Sierra Wireless, u-blox, SIMCom, Telit)
  • Satellite modems (Iridium, Globalstar)
  • GPS modules with AT interface
  • Any device that responds to AT commands with OK/ERROR

Basic AT command usage:

# Single AT command
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "AT" \
  --logfile /tmp/serial_session.log

# Get modem info
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "ATI" \
  --logfile /tmp/serial_session.log

# Get IMEI
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "AT+CGSN" \
  --logfile /tmp/serial_session.log

AT mode enumeration example:

HELPER="python3 .claude/skills/picocom/serial_helper.py"
DEVICE="/dev/ttyUSB0"
LOGFILE="/tmp/serial_session.log"

# Basic connectivity test
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT"

# Device identification
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "ATI"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CGMI"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CGMM"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CGMR"

# SIM and network info
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CGSN"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CIMI"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CCID"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CSQ"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+CREG?"
$HELPER --device $DEVICE --at-mode --logfile "$LOGFILE" --command "AT+COPS?"

Batch AT commands from file:

# Create AT command script
cat > at_enum.txt << 'EOF'
AT
ATI
AT+CGMI
AT+CGMM
AT+CGMR
AT+CGSN
AT+CSQ
AT+CREG?
AT+COPS?
EOF

# Execute batch
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --script at_enum.txt \
  --logfile /tmp/serial_session.log

Interactive AT session:

python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --interactive \
  --logfile /tmp/serial_session.log

AT mode response handling:

  • OK - Command succeeded
  • ERROR - Command failed (generic)
  • +CME ERROR: <code> - Mobile equipment error with code
  • +CMS ERROR: <code> - SMS-related error with code
  • NO CARRIER - Connection lost/failed
  • CONNECT - Data connection established

Common AT command categories for pentesting:

# Network and connectivity
AT+CGDCONT?     # PDP context (APN settings)
AT+QIOPEN       # Open socket (Quectel)
AT+QISTATE?     # Socket state (Quectel)

# Device management
AT+CFUN?        # Phone functionality
AT+CPIN?        # SIM PIN status
AT+CLCK         # Facility lock (SIM lock status)

# Firmware and updates
AT+CGMR         # Firmware version
AT+QGMR         # Extended firmware info (Quectel)

# Debug/engineering mo

---

*Content truncated.*

More by BrownFineSecurity

View all skills by BrownFineSecurity

apktool

BrownFineSecurity

Android APK unpacking and resource extraction tool for reverse engineering. Use when you need to decode APK files, extract resources, examine AndroidManifest.xml, analyze smali code, or repackage modified APKs.

32

onvifscan

BrownFineSecurity

ONVIF device security scanner for testing authentication and brute-forcing credentials. Use when you need to assess security of IP cameras or ONVIF-enabled devices.

220

iotnet

BrownFineSecurity

IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.

00

ffind

BrownFineSecurity

Advanced file finder with type detection and filesystem extraction for analyzing firmware and extracting embedded filesystems. Use when you need to analyze firmware files, identify file types, or extract ext2/3/4 or F2FS filesystems.

10

telnetshell

BrownFineSecurity

Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services.

20

wsdiscovery

BrownFineSecurity

WS-Discovery protocol scanner for discovering and enumerating ONVIF cameras and IoT devices on the network. Use when you need to discover ONVIF devices, cameras, or WS-Discovery enabled equipment on a network.

50

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

641968

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

590705

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

338397

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318395

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

450339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
Mobile NextMobile Next

Mobile Next offers fast, seamless mobile automation for iOS and Android. Automate apps, extract data, and simplify mobil

3,75219 tools
iOS SimulatoriOS Simulator

Use iOS Simulator for testing with tools like UI interaction and device info retrieval. Perfect as an iPhone emulator fo

1,72113 tools
Android MCPAndroid MCP

Android MCP — lightweight bridge enabling AI agents for Android to perform Android automation and Android UI testing: ap

4390 tools
SerialSerial

Connect real-world devices like Raspberry Pi using asynchronous serial interface and comms port for advanced IoT and rob

400 tools
Android Debug BridgeAndroid Debug Bridge

Integrate with Android devices via ADB for effective android device management, app control, and automated testing workf

189 tools
Serial Hardware BridgeSerial Hardware Bridge

Serial Hardware Bridge connects LLMs with real devices via serial communication for powerful IoT and hardware control ap

80 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.