Claude
Skills
Sign in
Back

picocom

Included with Lifetime
$97 forever

Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.

Security

What this skill does


# IoT UART Console (picocom)

This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery.

## Prerequisites

- picocom must be installed on the system
- Python 3 with pyserial library (`sudo pacman -S python-pyserial` on Arch, or `pip install pyserial`)
- UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.)
- Appropriate permissions to access serial devices (typically /dev/ttyUSB* or /dev/ttyACM*)

## Recommended Approach: Serial Helper Script

**IMPORTANT**: This skill includes a Python helper script (`serial_helper.py`) that provides a clean, reliable interface for serial communication. **This is the RECOMMENDED method** for interacting with IoT devices.

### Default Session Logging

**ALL commands run by Claude will be logged to `/tmp/serial_session.log` by default.**

To observe what Claude is doing in real-time:
```bash
# In a separate terminal, run:
tail -f /tmp/serial_session.log
```

This allows you to watch all serial I/O as it happens without interfering with the connection.

### Why Use the Serial Helper?

The helper script solves many problems with direct picocom usage:
- **Clean output**: Automatically removes command echoes, prompts, and ANSI codes
- **Prompt detection**: Automatically detects and waits for device prompts
- **Timeout handling**: Proper timeout management with no arbitrary sleeps
- **Easy scripting**: Simple command-line interface for single commands or batch operations
- **Session logging**: All I/O logged to `/tmp/serial_session.log` for observation
- **Reliable**: No issues with TTY requirements or background processes

### Quick Start with Serial Helper

**Single Command:**
```bash
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help"
```

**With Custom Prompt (recommended for known devices):**
```bash
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --prompt "User@[^>]+>" --command "ifconfig"
```

**Interactive Mode:**
```bash
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --interactive
```

**Batch Commands from File:**
```bash
# Create a file with commands (one per line)
echo -e "help\ndate\nifconfig\nps" > commands.txt
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --script commands.txt
```

**JSON Output (for parsing):**
```bash
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help" --json
```

**Debug Mode:**
```bash
python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command "help" --debug
```

**Session Logging (for observation):**
```bash
# Terminal 1 - Run with logging
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --prompt "User@[^>]+>" \
  --logfile /tmp/session.log \
  --interactive

# Terminal 2 - Watch the session in real-time
tail -f /tmp/session.log
```

**Note:** See `OBSERVING_SESSIONS.md` for comprehensive guide on monitoring serial sessions.

See [examples.md](examples.md) for full worked attack walkthroughs: basic connection/enumeration, U-Boot bootloader exploitation, login-auth bypass, privilege escalation from a limited user, and firmware extraction.

### Monitor Mode (Passive Listening)

**NEW FEATURE**: Monitor mode is designed for passive UART monitoring where the device outputs logs without prompts or interaction.

**Use cases:**
- Monitoring boot logs from devices without interactive consoles
- Capturing triggered output when external actions are performed
- Testing if network requests or hardware events generate UART logs
- Baseline vs triggered output comparison

**Basic passive monitoring:**
```bash
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 30 \
  --logfile /tmp/uart.log
```

**Monitor with external trigger script:**
```bash
# Run external script after 5 seconds and capture triggered UART output
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 60 \
  --trigger-script "python3 /path/to/test_script.py" \
  --trigger-delay 5 \
  --logfile /tmp/triggered_uart.log
```

**Monitor with baseline capture:**
```bash
# Capture 10s baseline, run trigger at 15s, continue for total 60s
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --monitor \
  --duration 60 \
  --trigger-script "curl http://192.168.1.100/api/reboot" \
  --trigger-delay 15 \
  --baseline-duration 10 \
  --logfile /tmp/reboot_monitor.log
```

**Monitor mode options:**
- `--duration SECONDS` - Total monitoring time (default: 30)
- `--trigger-script CMD` - External command/script to run during monitoring
- `--trigger-delay SECONDS` - When to run trigger (default: 5)
- `--baseline-duration SECONDS` - Capture baseline before trigger (default: 0)
- `--logfile FILE` - Log all I/O to file
- `--json` - Output results in JSON format

**Output includes:**
- Real-time timestamped console output
- Baseline vs trigger vs post-trigger categorization
- Trigger script exit code and output
- Summary statistics (bytes captured in each phase)
- Timeline with all captured data

### Serial Helper Options

```
Required (one of):
  --command, -c CMD         Execute single command
  --interactive, -i         Enter interactive mode
  --script, -s FILE         Execute commands from file
  --monitor, -m             Passive monitoring mode (just listen, no commands)

Connection Options:
  --device, -d DEV          Serial device (default: /dev/ttyUSB0)
  --baud, -b RATE           Baud rate (default: 115200)
  --timeout, -t SECONDS     Command timeout (default: 3.0)
  --prompt, -p PATTERN      Custom prompt regex pattern
  --at-mode, -a             AT command mode for cellular/satellite modems

Monitor Mode Options:
  --duration SECONDS        Monitoring duration (default: 30.0)
  --trigger-script CMD      External script/command to run during monitoring
  --trigger-delay SECONDS   Seconds before running trigger (default: 5.0)
  --baseline-duration SEC   Baseline capture duration (default: 0.0)

Output Options:
  --raw, -r                 Don't clean output (show echoes, prompts)
  --json, -j                Output in JSON format
  --logfile, -l FILE        Log all I/O to file (can tail -f in another terminal)
  --debug                   Show debug information
```

### Common Prompt Patterns

The helper script includes common prompt patterns, but you can specify custom ones:

```bash
# Uniview camera
--prompt "User@[^>]+>"

# Standard root/user prompts
--prompt "[#\$]\s*$"

# U-Boot bootloader
--prompt "=>\s*$"

# Custom device
--prompt "MyDevice>"
```

### AT Command Mode (Cellular/Satellite Modems)

**IMPORTANT**: When interacting with AT command interfaces (cellular modems, satellite modems, GPS modules), use the `--at-mode` flag. AT interfaces do NOT use shell prompts - they respond with `OK`, `ERROR`, or specific result codes.

**When to use AT mode:**
- Cellular modems (Quectel, Sierra Wireless, u-blox, SIMCom, Telit)
- Satellite modems (Iridium, Globalstar)
- GPS modules with AT interface
- Any device that responds to AT commands with OK/ERROR

**Basic AT command usage:**
```bash
# Single AT command
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "AT" \
  --logfile /tmp/serial_session.log

# Get modem info
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "ATI" \
  --logfile /tmp/serial_session.log

# Get IMEI
python3 .claude/skills/picocom/serial_helper.py \
  --device /dev/ttyUSB0 \
  --at-mode \
  --command "AT+CGSN" \
  --logfile /tmp/serial_session.log
```

**AT mode enumeration example:**
```bash
HELPER="python3 .claude/skills/picocom/serial_helper.py"
DEVICE="/dev/ttyUSB0"
LOGFILE="/tmp/serial
Files: 4
Size: 78.2 KB
Complexity: 38/100
Category: Security
Source: https://github.com/brownfinesecurity/iothackbot/tree/main/skills/picocom

Related in Security

mac-ops

Included

Comprehensive macOS workstation operations — diagnose kernel panics, identify failing drives, audit launchd startup items, decode wake reasons, triage TCC permission denials, manage APFS snapshots, recover from no-boot. Use for: Mac is slow, slow bootup, won't boot, kernel panic, kernel_task hot, mds_stores CPU, photoanalysisd, cloudd, login loop, gray screen, sleep wake failure, drive failing, IO errors, APFS snapshots eating space, Time Machine local snapshots, Spotlight indexing, launchd, LaunchAgent, LaunchDaemon, login items, TCC permissions, Full Disk Access, Screen Recording denied, Gatekeeper, quarantine, com.apple.quarantine, app is damaged, helper tool, /Library/PrivilegedHelperTools, pmset, wake reasons, dark wake, sysdiagnose, panic.ips, DiagnosticReports, configuration profile, MDM profile, remote diagnostics over SSH.

Securityscripts

a11y-audit

Included

Run accessibility audits on web projects combining automated scanning (axe-core, Lighthouse) with WCAG 2.1 AA compliance mapping, manual check guidance, and structured reporting. Output is configurable: markdown report only, markdown plus machine-readable JSON, or markdown plus issue tracker integration. Use this skill whenever the user mentions "accessibility audit", "a11y audit", "WCAG audit", "accessibility check", "compliance scan", or asks to check a web project for accessibility issues. Also trigger when the user wants to verify WCAG conformance or map findings to a specific standard (CAN-ASC-6.2, EN 301 549, ADA/AODA).

Securityscripts

erpclaw

Included

AI-native ERP system with self-extending OS. Full accounting, invoicing, inventory, purchasing, tax, billing, HR, payroll, advanced accounting (ASC 606/842, intercompany, consolidation), and financial reporting. 413 actions across 14 domains, 43 expansion modules. Constitutional guardrails, adversarial audit, schema migration. Double-entry GL, immutable audit trail, US GAAP.

Securityscripts

assess

Included

Assesses and rates quality 0-10 across multiple dimensions (correctness, maintainability, security, performance, testability, simplicity) with pros/cons analysis. Compares against project conventions and prior decisions from memory. Produces structured evaluation reports with actionable improvement suggestions. Use when evaluating code, designs, architectures, or comparing alternative approaches.

Securityscripts

spring-boot-security-jwt

Included

Provides JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x. Use when implementing authentication or authorization in Spring Boot applications.

Securityscripts

code-hardcode-audit

Included

Detect hardcoded values, magic numbers, and leaked secrets. TRIGGERS - hardcode audit, magic numbers, PLR2004, secret scanning.

Securityscripts
Sign up & unlock — $97