Jumat, 28 Agustus 2020

Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!


Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license.

This document is also available in Chinese. See README-Chinese.md

Aren't the previous Bluetooth scanning tools scattered and in disrepair? So we have this powerful Bluetooth scanner based on modern Python 3 ---- bluescan.
When hacking new Bluetooth targets, the scanner can help us to collect intelligence, such as:
  • BR devices
  • LE devices
  • LMP features
  • GATT services
  • SDP services
  • Vulnerabilities (demo)

Requirements
This tool is based on BlueZ, the official Linux Bluetooth stack. The following packages need to be installed:
sudo apt install libglib2.0-dev libbluetooth-dev
When you play this tool in a Linux virtual machine, making a USB Bluetooth adapter exclusive to it is recommended, like the Ostran Bluetooth USB Adapter OST-105 CSR 8150 v4.0 for 99 RMB. Of course, the best one to use is the little bit expensive Parani UD100-G03, 560 RMB. And if you want to try the vulnerability scanning, see README.md of ojasookert/CVE-2017-0785.

Install
The lastest bluescan will be uploaded to PyPI, so the following command can install bluescan:
sudo pip3 install bluescan

Usage
$ bluescan -h  bluescan v0.2.1    A powerful Bluetooth scanner.    Author: Sourcell Xu from DBAPP Security HatLab.    License: GPL-3.0    Usage:      bluescan (-h | --help)      bluescan (-v | --version)      bluescan [-i <hcix>] -m br [--inquiry-len=<n>]      bluescan [-i <hcix>] -m lmp BD_ADDR      bluescan [-i <hcix>] -m sdp BD_ADDR      bluescan [-i <hcix>] -m le [--timeout=<sec>] [--le-scan-type=<type>] [--sort=<key>]      bluescan [-i <hcix>] -m gatt [--include-descriptor] --addr-type=<type> BD_ADDR      bluescan [-i <hcix>] -m vuln --addr-type=br BD_ADDR    Arguments:      BD_ADDR    Target Bluetooth device address    Options:      -h, --help                  Display this help.      -v, --version               Show the version.      -i <hcix>                   HCI device for scan. [default: hci0]      -m <mode>                   Scan mode, support BR, LE, LMP, SDP, GATT and vuln.      --inquiry-len=<n>           Inquiry_Length parameter of HCI_Inquiry command. [default: 8]      --timeout=<sec>             Duration of LE scan. [default: 10]      --le-scan-type=<type>       Active or passive scan for LE scan. [default: active]      --sort=<key>                Sort the discovered devices by key, only support RSSI now. [default: rssi]      --include-descriptor        Fetch descriptor information.      --addr-type=<type>          Public, random or BR.

Scan BR devices -m br
Classic Bluetooth devices may use three technologies: BR (Basic Rate), EDR (Enhanced Data Rate), and AMP (Alternate MAC/PHY). Since they all belong to the Basic Rate system, so when scanning these devices we call them BR device scanning:


As shown above, through BR device scanning, we can get the address, page scan repetition mode, class of device, clock offset, RSSI, and the extended inquiry response (Name, TX power, and so on) of the surrounding classic Bluetooth devices.

Scan LE devices -m le
Bluetooth technology, in addition to the Basic Rate system, is Low Energy (LE) system. When scanning Bluetooth low energy devices, it is called LE device scanning:


As shown above, through LE device scanning, we can get the address, address type, connection status, RSSI, and GAP data of the surrounding LE devices.

Scan SDP services
Classic Bluetooth devices tell the outside world about their open services through SDP. After SDP scanning, we can get service records of the specified classic Bluetooth device:


You can try to connect to these services for further hacking.

Scan LMP features
Detecting the LMP features of classic Bluetooth devices allows us to judge the underlying security features of the classic Bluetooth device:


Scan GATT services
LE devices tell the outside world about their open services through GATT. After GATT scanning, we can get the GATT service of the specified LE device. You can try to read and write these GATT data for further hacking:


Vulnerabilities scanning (demo)
Vulnerability scanning is still in the demo stage, and currently only supports CVE-2017-0785:
$ sudo bluescan -m vuln --addr-type=br ??:??:??:??:??:??  ... ...  CVE-2017-0785




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Related word
  1. Pentest Tools Download
  2. Hacking Tools For Beginners
  3. Beginner Hacker Tools
  4. Hack Tool Apk
  5. Game Hacking
  6. Pentest Tools Apk
  7. Ethical Hacker Tools
  8. Hack Tools
  9. Hacking Tools For Beginners
  10. How To Hack
  11. Hack Tools Download
  12. Hacker Tools Free Download
  13. New Hacker Tools
  14. How To Install Pentest Tools In Ubuntu
  15. Hacking Tools Name
  16. Hacker Tools Apk
  17. Pentest Tools Port Scanner
  18. What Are Hacking Tools
  19. Pentest Recon Tools
  20. Hack Tools 2019
  21. Hacking Tools And Software
  22. Hacker Security Tools
  23. Hackrf Tools
  24. Hacking Tools Download
  25. Hacker Tools For Pc
  26. Hacker Tools Free
  27. Pentest Box Tools Download
  28. Underground Hacker Sites
  29. New Hack Tools
  30. Hacker Tools Apk Download
  31. Pentest Recon Tools
  32. Hack Tools 2019
  33. Pentest Tools Github
  34. Pentest Tools Url Fuzzer
  35. Hacker Tools For Mac
  36. Underground Hacker Sites
  37. Hacker Tools Apk Download
  38. Pentest Tools Kali Linux
  39. Pentest Tools Alternative
  40. Game Hacking
  41. Hacking App
  42. Pentest Tools Online
  43. Hacking Tools Windows
  44. Hacking Tools Github
  45. Hack Tools
  46. Pentest Tools Url Fuzzer
  47. Pentest Tools Windows
  48. Hacker Techniques Tools And Incident Handling
  49. Pentest Tools Github
  50. Hacking Tools For Mac
  51. Hack Apps
  52. Hacking Tools For Pc
  53. How To Make Hacking Tools
  54. Pentest Tools Url Fuzzer
  55. Hacker Tools Free Download
  56. Pentest Tools Tcp Port Scanner
  57. Pentest Tools Find Subdomains
  58. Black Hat Hacker Tools
  59. Hacker Tools For Ios
  60. Hacking Tools For Windows
  61. Hack Tool Apk
  62. Pentest Tools Download
  63. Pentest Automation Tools
  64. Hacks And Tools
  65. Hacking Tools Hardware
  66. Hack Tool Apk
  67. Hack Rom Tools
  68. Hack Tools Online
  69. Hacker Techniques Tools And Incident Handling
  70. New Hack Tools
  71. Hacking Tools For Windows 7
  72. Pentest Tools Windows
  73. Hacking Tools For Mac
  74. New Hack Tools
  75. Free Pentest Tools For Windows
  76. Hackers Toolbox
  77. Hack Tools Mac
  78. Hacking Tools Windows
  79. Hacker Tools Free Download
  80. Hackers Toolbox
  81. Hacking Tools Online
  82. Hacking Tools Hardware
  83. Pentest Tools Linux
  84. Hack Tools Download
  85. Hacking Tools 2020
  86. Pentest Tools
  87. Hack Tools Pc
  88. Hacker Tool Kit
  89. Hacking Tools Windows
  90. Termux Hacking Tools 2019
  91. Hacker Tools For Ios
  92. Hack Tools Github
  93. Hacking Tools Windows
  94. Hacks And Tools
  95. How To Make Hacking Tools
  96. Hack Apps
  97. Hacking Tools Download
  98. Hacking Tools Online
  99. Pentest Tools Linux
  100. Hacker Tools For Pc
  101. Pentest Tools Free
  102. Hack Apps
  103. Hacker Tools For Windows
  104. Game Hacking
  105. Hacking Tools Usb
  106. Hack And Tools
  107. Hacking Tools Name
  108. Hacking Tools
  109. Hacking Tools For Windows
  110. Hack Tool Apk No Root
  111. Hacker Hardware Tools
  112. Hacking Tools 2019
  113. Pentest Tools Alternative
  114. Install Pentest Tools Ubuntu
  115. Install Pentest Tools Ubuntu
  116. Hacker Tools 2020
  117. Hackers Toolbox
  118. How To Make Hacking Tools
  119. Hacking Tools For Kali Linux
  120. Hacker Tools Windows
  121. Hacker Tools Apk Download
  122. Tools Used For Hacking
  123. Beginner Hacker Tools
  124. How To Hack
  125. How To Install Pentest Tools In Ubuntu
  126. Hacker Tools Hardware
  127. How To Install Pentest Tools In Ubuntu
  128. Hacker Tools List
  129. Hacking Tools Hardware
  130. Hackers Toolbox
  131. Hack Tools For Windows
  132. Hacker Tools Software
  133. Hack Website Online Tool
  134. Hacker Tools 2019
  135. Hacking Apps
  136. Hack Tools Pc
  137. Hacking Tools Pc
  138. Tools 4 Hack
  139. Hacker Tools 2020
  140. Best Hacking Tools 2019
  141. Best Pentesting Tools 2018
  142. Ethical Hacker Tools
  143. Hack Tools 2019
  144. Hacking Tools For Pc
  145. Hack Tools Online
  146. World No 1 Hacker Software
  147. Hacker Tools Online
  148. Hacking Tools Kit
  149. Pentest Tools Nmap
  150. Install Pentest Tools Ubuntu
  151. Pentest Recon Tools
  152. Pentest Recon Tools
  153. Pentest Tools Apk
  154. Game Hacking
  155. Pentest Tools Find Subdomains
  156. Hacking Tools Github
  157. How To Install Pentest Tools In Ubuntu
  158. Hacker Tools List
  159. Hacking Tools For Kali Linux
  160. Pentest Tools Website Vulnerability
  161. Hack Tools For Pc
  162. Hacking Tools Name
  163. Pentest Tools Open Source
  164. Hacking Tools For Mac
  165. Hacking Tools 2019
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)