Focus on Bluetooth Penetration Testing Framework
e-mail: bluetooth-pentest@narod.ru
+ Apr 21: new version (090417) of BlueMaho – GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics. web
+ Feb 04: obexstress.py – script for testing remote OBEX service for some potential vulnerabilities. tests available commands, may find directory transversing, tests if some characters in file name can cause a DoS, tests if long file name can cause a DoS. download v0.1
+ Jan 10: bluesquirrel – set of tools and scripts for automation of scaning for devices, breaking pairing relashionships between them, sniffing pairing procedure with frontline.c, cracking PIN and linkkey with btpincrack, and then emulating (spoofing) connection. for sniffing you need dongle with FTS4BT firmware. download v0.1
+ Jan 04: ibluetoothproject.tk – bringing fully functional bluetooth to your iPhone!
+ Jan 02: Where and how bluetooth stacks storing linkkeys?
BlueZ – Official Linux Bluetooth protocol stack, BlueZ Wiki
PyBluez – PyBluez is an effort to create python wrappers around system Bluetooth resources to allow Python developers to easily and quickly create Bluetooth applications.
LightBlue – a cross-platform Python Bluetooth API
– – – multifunctional security tools
BlueMaho – BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics. web, download v090417
Bluediving – Bluetooth penetration testing suite for GNU Linux 2.4 / 2.6 and FreeBSD. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode (using more than one hci device). download v0.9 / web
BT Browser MIDlet is a J2ME MIDP MIDlet that can browse and explore the technical specification of surrounding bluetooth devices. You can browse device bluetooth information and all supported profiles and service records on each device. This is a great utility tool to sniff bluetooth information as well as to validate your Bluetooth applications. BT Browser 2.0 works on phones that support JSR-82 (Java Bluetooth or JABWT) specification. download v2.0
btCrawler btCrawler is a simple bluetooth scanner for Windows Mobile based devices. It scans for other visible devices in range and can perform a service query. You can also query for services of your own device and do some selfdiagnostic stuff. In the device list: COD means “Class of Device” (see bluetooth specification for more info). In the output window, when the sdp services are listed, “ChId” means Channel ID, which is the RFCOMM Channel the service is listening on. It supports both, landscape and portrait screens. As of version 1.0 bluejacking and bluesnarfing is supported. download v1.1, web