1. Cybersecurity >
  2. Cybersecurity Nachrichten >
  3. Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!


Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!

IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung

Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license.

This document is also available in Chinese. See README-Chinese.md

Aren't the previous Bluetooth scanning tools scattered and in disrepair? So we have this powerful Bluetooth scanner based on modern Python 3 ---- bluescan.
When hacking new Bluetooth targets, the scanner can help us to collect intelligence, such as:
  • BR devices
  • LE devices
  • LMP features
  • GATT services
  • SDP services
  • Vulnerabilities (demo)

This tool is based on BlueZ, the official Linux Bluetooth stack. The following packages need to be installed:
sudo apt install libglib2.0-dev libbluetooth-dev
When you play this tool in a Linux virtual machine, making a USB Bluetooth adapter exclusive to it is recommended, like the Ostran Bluetooth USB Adapter OST-105 CSR 8150 v4.0 for 99 RMB. Of course, the best one to use is the little bit expensive Parani UD100-G03, 560 RMB. And if you want to try the vulnerability scanning, see README.md of ojasookert/CVE-2017-0785.

The lastest bluescan will be uploaded to PyPI, so the following command can install bluescan:
sudo pip3 install bluescan

$ bluescan -h  bluescan v0.2.1    A powerful Bluetooth scanner.    Author: Sourcell Xu from DBAPP Security HatLab.    License: GPL-3.0    Usage:      bluescan (-h | --help)      bluescan (-v | --version)      bluescan [-i <hcix>] -m br [--inquiry-len=<n>]      bluescan [-i <hcix>] -m lmp BD_ADDR      bluescan [-i <hcix>] -m sdp BD_ADDR      bluescan [-i <hcix>] -m le [--timeout=<sec>] [--le-scan-type=<type>] [--sort=<key>]      bluescan [-i <hcix>] -m gatt [--include-descriptor] --addr-type=<type> BD_ADDR      bluescan [-i <hcix>] -m vuln --addr-type=br BD_ADDR    Arguments:      BD_ADDR    Target Bluetooth device address    Options:      -h, --help                  Display this help.      -v, --version               Show the version.      -i <hcix>                   HCI device for scan. [default: hci0]      -m <mode>                   Scan mode, support BR, LE, LMP, SDP, GATT and vuln.      --inquiry-len=<n>           Inquiry_Length parameter of HCI_Inquiry command. [default: 8]      --timeout=<sec>             Duration of LE scan. [default: 10]      --le-scan-type=<type>       Active or passive scan for LE scan. [default: active]      --sort=<key>                Sort the discovered devices by key, only support RSSI now. [default: rssi]      --include-descriptor        Fetch descriptor information.      --addr-type=<type>          Public, random or BR.  

Scan BR devices -m br
Classic Bluetooth devices may use three technologies: BR (Basic Rate), EDR (Enhanced Data Rate), and AMP (Alternate MAC/PHY). Since they all belong to the Basic Rate system, so when scanning these devices we call them BR device scanning:

As shown above, through BR device scanning, we can get the address, page scan repetition mode, class of device, clock offset, RSSI, and the extended inquiry response (Name, TX power, and so on) of the surrounding classic Bluetooth devices.

Scan LE devices -m le
Bluetooth technology, in addition to the Basic Rate system, is Low Energy (LE) system. When scanning Bluetooth low energy devices, it is called LE device scanning:

As shown above, through LE device scanning, we can get the address, address type, connection status, RSSI, and GAP data of the surrounding LE devices.

Scan SDP services
Classic Bluetooth devices tell the outside world about their open services through SDP. After SDP scanning, we can get service records of the specified classic Bluetooth device:

You can try to connect to these services for further hacking.

Scan LMP features
Detecting the LMP features of classic Bluetooth devices allows us to judge the underlying security features of the classic Bluetooth device:

Scan GATT services
LE devices tell the outside world about their open services through GATT. After GATT scanning, we can get the GATT service of the specified LE device. You can try to read and write these GATT data for further hacking:

Vulnerabilities scanning (demo)
Vulnerability scanning is still in the demo stage, and currently only supports CVE-2017-0785:
$ sudo bluescan -m vuln --addr-type=br ??:??:??:??:??:??  ... ...  CVE-2017-0785  


Externe Quelle mit kompletten Inhalt anzeigen

Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!

vom 1589.11 Punkte ic_school_black_18dp
Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license.This document is also available in Chinese. See README-Chinese.mdAren't the previous

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

vom 469.34 Punkte ic_school_black_18dp
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities.NEWS Modules PTF UPDATEPTF OPtions

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

vom 331.23 Punkte ic_school_black_18dp
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting.WeaponsType Name DescriptionArmy-Knife/ALL BurpSuite the BurpSuite project Army-Knife/SCAN jaeles The Swiss Army knife for automated Web Application Testing Army

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

vom 307.75 Punkte ic_school_black_18dp
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be

Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux

vom 298.59 Punkte ic_school_black_18dp
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In i

TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

vom 245.92 Punkte ic_school_black_18dp
Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analy

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

vom 229.45 Punkte ic_school_black_18dp
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your dir

Strelka - Scanning Files At Scale With Python And ZeroMQ

vom 228.04 Punkte ic_school_black_18dp
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perfor

Btlejack - Bluetooth Low Energy Swiss-army Knife

vom 216.79 Punkte ic_school_black_18dp
Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

vom 211.02 Punkte ic_school_black_18dp
Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and com

What’s New in Android: Q Beta 3 & More

vom 177.79 Punkte ic_school_black_18dp
Posted by Dave Burke, VP, Engineering Today Android is celebrating two amazing milestones. It’s Android’s version 10! And today, Android is running on more than 2.5B active Android devices. With Android Q, we’ve focused on three themes: innovation, security and privacy, and digital wellbeing. We want to he

AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services

vom 177.09 Punkte ic_school_black_18dp
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans/service detection scans. From those initial results, the tool will launch further enum

Team Security Diskussion über Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!