Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license.
This document is also available in Chinese. See README-Chinese.md
Aren't the previous Bluetooth scanning tools scattered and in disrepair? So we have this powerful Bluetooth scanner based on modern Python 3 ---- bluescan.
When hacking new Bluetooth targets, the scanner can help us to collect intelligence, such as:
- BR devices
- LE devices
- LMP features
- GATT services
- SDP services
- Vulnerabilities (demo)
Requirements
This tool is based on BlueZ, the official Linux Bluetooth stack. The following packages need to be installed:
sudo apt install libglib2.0-dev libbluetooth-dev
README.md
of ojasookert/CVE-2017-0785.Install
The lastest bluescan will be uploaded to PyPI, so the following command can install bluescan:
sudo pip3 install bluescan
Usage
$ bluescan -h bluescan v0.2.1 A powerful Bluetooth scanner. Author: Sourcell Xu from DBAPP Security HatLab. License: GPL-3.0 Usage: bluescan (-h | --help) bluescan (-v | --version) bluescan [-i <hcix>] -m br [--inquiry-len=<n>] bluescan [-i <hcix>] -m lmp BD_ADDR bluescan [-i <hcix>] -m sdp BD_ADDR bluescan [-i <hcix>] -m le [--timeout=<sec>] [--le-scan-type=<type>] [--sort=<key>] bluescan [-i <hcix>] -m gatt [--include-descriptor] --addr-type=<type> BD_ADDR bluescan [-i <hcix>] -m vuln --addr-type=br BD_ADDR Arguments: BD_ADDR Target Bluetooth device address Options: -h, --help Display this help. -v, --version Show the version. -i <hcix> HCI device for scan. [default: hci0] -m <mode> Scan mode, support BR, LE, LMP, SDP, GATT and vuln. --inquiry-len=<n> Inquiry_Length parameter of HCI_Inquiry command. [default: 8] --timeout=<sec> Duration of LE scan. [default: 10] --le-scan-type=<type> Active or passive scan for LE scan. [default: active] --sort=<key> Sort the discovered devices by key, only support RSSI now. [default: rssi] --include-descriptor Fetch descriptor information. --addr-type=<type> Public, random or BR.
Scan BR devices
-m br
Classic Bluetooth devices may use three technologies: BR (Basic Rate), EDR (Enhanced Data Rate), and AMP (Alternate MAC/PHY). Since they all belong to the Basic Rate system, so when scanning these devices we call them BR device scanning:
As shown above, through BR device scanning, we can get the address, page scan repetition mode, class of device, clock offset, RSSI, and the extended inquiry response (Name, TX power, and so on) of the surrounding classic Bluetooth devices.
Scan LE devices
-m le
Bluetooth technology, in addition to the Basic Rate system, is Low Energy (LE) system. When scanning Bluetooth low energy devices, it is called LE device scanning:
As shown above, through LE device scanning, we can get the address, address type, connection status, RSSI, and GAP data of the surrounding LE devices.
Scan SDP services
Classic Bluetooth devices tell the outside world about their open services through SDP. After SDP scanning, we can get service records of the specified classic Bluetooth device:
You can try to connect to these services for further hacking.
Scan LMP features
Detecting the LMP features of classic Bluetooth devices allows us to judge the underlying security features of the classic Bluetooth device:
Scan GATT services
LE devices tell the outside world about their open services through GATT. After GATT scanning, we can get the GATT service of the specified LE device. You can try to read and write these GATT data for further hacking:
Vulnerabilities scanning (demo)
Vulnerability scanning is still in the demo stage, and currently only supports CVE-2017-0785:
$ sudo bluescan -m vuln --addr-type=br ??:??:??:??:??:?? ... ... CVE-2017-0785
via KitPloit
More info
- Hacker Tools Apk
- Pentest Tools Windows
- New Hacker Tools
- Hacking Tools For Windows 7
- Hacking Tools Kit
- Hack Tools For Games
- Hacking Tools For Windows 7
- Hacking Tools Mac
- Hacking Tools Hardware
- Hack Tools For Mac
- Pentest Tools Bluekeep
- Pentest Tools Kali Linux
- Nsa Hack Tools Download
- Game Hacking
- Hacker
- Pentest Tools Apk
- Hack App
- Pentest Tools Android
- Hack Tools For Ubuntu
- Hacking Tools 2019
- Hack Tools
- Pentest Tools Kali Linux
- Hack Tools Mac
- Hacker Tools List
- Hacker Tools Linux
- Pentest Tools For Windows
- World No 1 Hacker Software
- How To Hack
- Hack Tools For Pc
- Hack Tools For Pc
- Hacking App
- Hacking Tools Windows
- Pentest Tools Apk
- Hacking Tools Usb
- New Hacker Tools
- Hacking Tools Hardware
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Tools For Hacker
- Hack Tools For Games
- Hack Tools Online
- Nsa Hack Tools Download
- Pentest Tools Review
- World No 1 Hacker Software
- Hacking Tools And Software
- Hacking Tools Free Download
- Pentest Tools For Mac
- Hack Tools For Ubuntu
- Hack Website Online Tool
- Hacker Tools Online
- Pentest Tools Nmap
- Pentest Tools Port Scanner
- Pentest Tools Website
- Hacking Tools
- Tools Used For Hacking
- What Are Hacking Tools
- Hack Apps
- Hacker Tools Free Download
- Hack Tools Download
- Hacker
- Hacker Techniques Tools And Incident Handling
- Hacker Tools For Windows
- Pentest Tools Find Subdomains
- Ethical Hacker Tools
- How To Hack
- How To Hack
- Hacker Tools Windows
- Free Pentest Tools For Windows
- Hack Tool Apk
- Hack Tools For Games
- Pentest Tools For Mac
- Hack Tool Apk
- Hacking Tools Windows 10
- Github Hacking Tools
- Beginner Hacker Tools
- Hacking Tools Name
- Hacker Tools Mac
- Hacker Tools Mac
- How To Hack
- Hacker Tools For Ios
- Pentest Tools
- Hack Tools For Games
- Pentest Tools Review
- Hacker Hardware Tools
- Hacking Tools For Mac
- Hacking Tools
- Tools For Hacker
- Blackhat Hacker Tools
- Hacker Search Tools
- Pentest Tools Windows
- Growth Hacker Tools
- Pentest Tools Online
- Pentest Tools Bluekeep
- Hacks And Tools
- Hacking Tools Name
- Hack Tools Github
- Hacker Tools Free Download
- Install Pentest Tools Ubuntu
- Pentest Tools Download
- Best Pentesting Tools 2018
- Hacking Tools Pc
- Hacker Tools 2020
- Hacking Tools For Pc
- Hack Tools Online