Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license.
This document is also available in Chinese. See README-Chinese.md
Aren't the previous Bluetooth scanning tools scattered and in disrepair? So we have this powerful Bluetooth scanner based on modern Python 3 ---- bluescan.
When hacking new Bluetooth targets, the scanner can help us to collect intelligence, such as:
- BR devices
- LE devices
- LMP features
- GATT services
- SDP services
- Vulnerabilities (demo)
Requirements
This tool is based on BlueZ, the official Linux Bluetooth stack. The following packages need to be installed:
sudo apt install libglib2.0-dev libbluetooth-devREADME.md of ojasookert/CVE-2017-0785.Install
The lastest bluescan will be uploaded to PyPI, so the following command can install bluescan:
sudo pip3 install bluescanUsage
$ bluescan -h bluescan v0.2.1 A powerful Bluetooth scanner. Author: Sourcell Xu from DBAPP Security HatLab. License: GPL-3.0 Usage: bluescan (-h | --help) bluescan (-v | --version) bluescan [-i <hcix>] -m br [--inquiry-len=<n>] bluescan [-i <hcix>] -m lmp BD_ADDR bluescan [-i <hcix>] -m sdp BD_ADDR bluescan [-i <hcix>] -m le [--timeout=<sec>] [--le-scan-type=<type>] [--sort=<key>] bluescan [-i <hcix>] -m gatt [--include-descriptor] --addr-type=<type> BD_ADDR bluescan [-i <hcix>] -m vuln --addr-type=br BD_ADDR Arguments: BD_ADDR Target Bluetooth device address Options: -h, --help Display this help. -v, --version Show the version. -i <hcix> HCI device for scan. [default: hci0] -m <mode> Scan mode, support BR, LE, LMP, SDP, GATT and vuln. --inquiry-len=<n> Inquiry_Length parameter of HCI_Inquiry command. [default: 8] --timeout=<sec> Duration of LE scan. [default: 10] --le-scan-type=<type> Active or passive scan for LE scan. [default: active] --sort=<key> Sort the discovered devices by key, only support RSSI now. [default: rssi] --include-descriptor Fetch descriptor information. --addr-type=<type> Public, random or BR. Scan BR devices
-m brClassic Bluetooth devices may use three technologies: BR (Basic Rate), EDR (Enhanced Data Rate), and AMP (Alternate MAC/PHY). Since they all belong to the Basic Rate system, so when scanning these devices we call them BR device scanning:
As shown above, through BR device scanning, we can get the address, page scan repetition mode, class of device, clock offset, RSSI, and the extended inquiry response (Name, TX power, and so on) of the surrounding classic Bluetooth devices.
Scan LE devices
-m leBluetooth technology, in addition to the Basic Rate system, is Low Energy (LE) system. When scanning Bluetooth low energy devices, it is called LE device scanning:
As shown above, through LE device scanning, we can get the address, address type, connection status, RSSI, and GAP data of the surrounding LE devices.
Scan SDP services
Classic Bluetooth devices tell the outside world about their open services through SDP. After SDP scanning, we can get service records of the specified classic Bluetooth device:
You can try to connect to these services for further hacking.
Scan LMP features
Detecting the LMP features of classic Bluetooth devices allows us to judge the underlying security features of the classic Bluetooth device:
Scan GATT services
LE devices tell the outside world about their open services through GATT. After GATT scanning, we can get the GATT service of the specified LE device. You can try to read and write these GATT data for further hacking:
Vulnerabilities scanning (demo)
Vulnerability scanning is still in the demo stage, and currently only supports CVE-2017-0785:
$ sudo bluescan -m vuln --addr-type=br ??:??:??:??:??:?? ... ... CVE-2017-0785 via KitPloit
Related articles
- Hacker Tools Online
- How To Make Hacking Tools
- Hacking Tools For Beginners
- Hacker Tools Apk
- Hackers Toolbox
- Hacks And Tools
- Usb Pentest Tools
- Hacking Tools Hardware
- Hacker Tools For Mac
- Pentest Tools Review
- Best Hacking Tools 2020
- Nsa Hack Tools Download
- Hackrf Tools
- Pentest Automation Tools
- Hacking Tools Pc
- Hacker Search Tools
- Ethical Hacker Tools
- Blackhat Hacker Tools
- Pentest Tools
- Tools 4 Hack
- Free Pentest Tools For Windows
- Computer Hacker
- Tools Used For Hacking
- Pentest Tools Bluekeep
- Hacking Tools Mac
- Hacking Tools For Pc
- Hacker Tools Windows
- Hack And Tools
- Hacker Hardware Tools
- Pentest Reporting Tools
- Hack Website Online Tool
- Hacks And Tools
- Hacker Techniques Tools And Incident Handling
- Hack Tools For Pc
- Hacking Tools For Kali Linux
- How To Hack
- How To Hack
- Hacker Tools Hardware
- Hacker Hardware Tools
- Android Hack Tools Github
- Hacking Tools Mac
- Hacker Techniques Tools And Incident Handling
- Hacker Tools
- Wifi Hacker Tools For Windows
- Hackers Toolbox
- Blackhat Hacker Tools
- Computer Hacker
- Pentest Tools Download
- Tools For Hacker
- Hack Tools
- Pentest Tools Open Source
- Android Hack Tools Github
- Hacking Tools Windows 10
- Usb Pentest Tools
- Hacker Tools Software
- Hacker
- Hacker Techniques Tools And Incident Handling
- Hacking Tools For Games
- Hack Tools Mac
- Hacker Tools 2020
- Hack Tools
- Nsa Hack Tools Download
- Hacker Techniques Tools And Incident Handling
- Hackrf Tools
- Hack And Tools
- Hack Tools For Mac
- Physical Pentest Tools
- Hacking Apps
- Nsa Hacker Tools
- Kik Hack Tools
- Hacking Tools Name
- Hacks And Tools
- World No 1 Hacker Software
- Hack Tools For Mac
- Hack Tools Github
- Hacking Tools 2020
- Hack Tools For Windows
- Hack Tools 2019
- Hacking Tools And Software
- Top Pentest Tools
- Hacker Tools 2019
- Hacking App
- Pentest Tools Github
- Android Hack Tools Github
- Android Hack Tools Github
- Ethical Hacker Tools
- Hack Tools Download
- Hacker Tools Free
- Beginner Hacker Tools
- Tools 4 Hack
- Pentest Tools Bluekeep
- Pentest Tools Website Vulnerability
- Hack Tools
- Pentest Tools Alternative
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Review
- Pentest Automation Tools
- Underground Hacker Sites
- Hack Website Online Tool
- Hacking Tools For Pc
- Hacking Tools
- Pentest Tools Review
- Hacking Tools Free Download
- Pentest Tools For Android
- Hacking Tools Name
- Best Pentesting Tools 2018
- Pentest Tools Tcp Port Scanner
- Hacking Tools Free Download
- Pentest Tools For Android
- Pentest Tools Bluekeep
- Black Hat Hacker Tools
- Hacker Tools Github
- Hack And Tools
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Windows
- Hack App
- Hacker Tools Mac
- Pentest Tools Find Subdomains
- Hack Tools Pc
- Hacking Tools Name
- Kik Hack Tools
- Hackers Toolbox
- Pentest Tools Windows
- Hak5 Tools
- Game Hacking
- Hack Tools
- World No 1 Hacker Software
- Hacking Tools Windows 10
- Hacking Tools 2020
- Hackrf Tools
- Pentest Tools Linux
- Pentest Tools Download
- Beginner Hacker Tools
- Hacks And Tools
- Hacking Tools 2020
- Pentest Tools Review
- Pentest Tools Open Source
- Hacking Apps
- Physical Pentest Tools
- Pentest Reporting Tools
- Pentest Tools
- Hacking Tools For Games
- Underground Hacker Sites
- Pentest Tools Port Scanner
- What Are Hacking Tools
- Hacker Techniques Tools And Incident Handling
- Hackers Toolbox
- Hacker Tools List
- Hacking Tools Pc
- Hacking Tools 2020
- Hacker Security Tools
- Hacker
- Blackhat Hacker Tools
- How To Make Hacking Tools
- Hacker Security Tools
- Hack Tools
- How To Install Pentest Tools In Ubuntu
- Hacker Tools Apk Download
- Computer Hacker
- Pentest Automation Tools
- Pentest Tools Url Fuzzer
- Pentest Tools For Ubuntu
- Underground Hacker Sites
- Hacker Security Tools
- Hacker Tools Free Download
- New Hacker Tools
- Pentest Recon Tools
- Install Pentest Tools Ubuntu
- Hacking Apps
- Termux Hacking Tools 2019
- Hacker Tools List
No comments:
Post a Comment