picocom-claude-skill

🥈Silver

A Claude Code skill for using picocom to interact with IoT device UART consoles. Enables device enumeration, vulnerability discovery, bootloader manipulation, and root shell access. Ideal for penetration testing operations.

4460Updated 2mo ago

Intermediate30min to implementautomation

Saves ~120 min per use

Quick InstallView Source

git clone https://github.com/BrownFineSecurity/picocom-claude-skill.git

Works with:

Claude

Overview

About This Skill

This skill enables Claude to interact with IoT device UART consoles through picocom and a custom Python serial helper script for reliable communication. It supports device enumeration, vulnerability discovery, bootloader manipulation, privilege escalation, firmware extraction, and persistence establishment on embedded systems. The skill provides guidance on connection setup, console state detection, interactive command execution, and common IoT exploitation scenarios including direct root shell access, login bypass, U-Boot bootloader manipulation, and shell escape techniques. All serial activity is logged for real-time monitoring and analysis during penetration testing operations.

How to Use

Install picocom and python3-serial dependencies, then symlink the skill to ~/.claude/skills/picocom. Grant serial port permissions with 'sudo usermod -a -G dialout $USER'. Ask Claude to help with IoT device testing, specifying the serial device path (e.g., /dev/ttyUSB0). Monitor all serial activity in real-time by running 'tail -f /tmp/serial_session.log' in another terminal.

Use Cases

Enumerate system information from IoT devices connected via USB-to-serial adapters

Manipulate U-Boot bootloader parameters to gain unauthorized root shell access

Extract firmware from embedded Linux devices for offline security analysis

Discover and exploit privilege escalation vulnerabilities on IoT systems

Setup & Installation

Quick Install

No install command available. Check the GitHub repository for manual installation instructions.

Alternative Install (Git Clone)

git clone https://github.com/BrownFineSecurity/picocom-claude-skill

Requirements

Claude Code or compatible AI agent
Works with: Claude

Quick Start Guide

Install the Skill

Copy the install command above and run it in your terminal.

Open Your AI Agent

Launch Claude Code, Cursor, or your preferred AI coding agent.

Try It Out

Use the prompt template or examples below to test the skill.

Customize

Adapt the skill to your specific use case and workflow.

Usage Examples

Prompt Template

I'm using the picocom-claude-skill to interact with a [DEVICE_MODEL] in the [INDUSTRY] sector. Here's the UART connection details: [BAUD_RATE], [PARITY], [DATA_BITS], [STOP_BITS]. I need to [TASK: enumerate devices/vulnerability discovery/bootloader manipulation/root shell access]. Can you guide me through the process?

Example Output

# IoT Device UART Interaction Report

## Device Information
- **Model**: SmartThermostat XT-3000
- **Industry**: Home Automation
- **UART Connection**: 115200 baud, 8N1

## Enumeration Results
```
Device: SmartThermostat XT-3000
Firmware Version: 2.4.1 (outdated)
Bootloader Version: 1.2.0
Available Interfaces:
- UART
- WiFi
- Zigbee
```

## Vulnerability Assessment
- **Bootloader Vulnerability**: Found potential for bootloader manipulation
- **Root Shell Access**: Possible via undocumented command sequence
- **Recommendation**: Further testing required for exploitation

## Next Steps
1. Attempt bootloader manipulation with discovered vulnerability
2. Test root shell access sequence
3. Document findings for penetration testing report