Breaking News



$ bluescan -h
bluescan

An impressive Bluetooth scanner.

Creator: Sourcell Xu from DBAPP Safety HatLab.

License: GPL-3.0

Utilization:
    bluescan (-h | --help)
    bluescan (-v | --version)
    bluescan [-i <hci>] --clean BD_ADDR
    bluescan [-i <hci>] -m br [--inquiry-len=<n>]
    bluescan [-i <hci>] -m br --lmp-feature BD_ADDR
    bluescan [-i <hci>] -m le [--scan-type=<type>] [--timeout=<sec>] [--sort=<key>]
    bluescan [-i <hci>] -m le [--ll-feature|--smp-feature] [--timeout=<sec>] --addr-type=<sort> BD_ADDR
    bluescan -m le --adv [--channel=<num>]
    bluescan [-i <hci>] -m sdp BD_ADDR
    bluescan [-i <hci>] -m gatt [--include-descriptor] [--io-capability=<name>] --addr-type=<sort> BD_ADDR
    bluescan [-i <hci>] -m vuln [--addr-type=<type>] BD_ADDR

Arguments:
    BD_ADDR    Goal Bluetooth software cope with. FF:FF:FF:00:00:00 way native 
               software.

Choices:
    -h, --help                Show this assist.
    -v, --version             Display the edition.
    -i <hci>                  HCI software used for next scans. [default: The first HCI device]
    -m <mode>                 Scan mode, strengthen BR, LE, SDP, GATT and vuln.
    --inquiry-len=<n>         Inquiry_Length parameter of HCI_Inquiry command. [default: 8]
    --lmp-feature             Scan LMP options of the far flung BR/EDR software.
    --scan-type=<sort>        Scan sort used for scanning LE gadgets, lively or 
                              passive. [default: active]
    --timeout=<sec>           Period of the LE scanning, however is probably not actual. [default: 10]
    --sort=<key>              Type the came upon gadgets via key, simplest strengthen 
                              RSSI now. [default: rssi]
    --adv                     Sniff promoting bodily channel PDU. Want at 
                              least one micro:bit.
    --ll-feature              Scan LL options of the far flung LE software.
    --smp-feature             Hit upon pairing options of the far flung LE software.
    --channel=<num>           LE promoting bodily channel, 37, 38 or 39). [default: 37,38,39]
    --include-descriptor      Fetch descriptor knowledge.
    --addr-type=<sort>        Form of the LE cope with, public or random.
    --io-capability=<title>    Set IO skill of the agent. To be had worth: DisplayOnly, DisplayYesNo, 
                              KeyboardOnly, NoInputNoOutput, KeyboardDisplay (KeyboardOnly) [default: NoInputNoOutput]
    --clean                   Blank the cached knowledge of a far flung software.

As proven above, thru BR software scanning, we will get the cope with, web page scan repetition mode, elegance of software, clock offset, RSSI, and the prolonged inquiry reaction (Title, TX energy, and so forth) of the encircling vintage Bluetooth gadgets.

As proven above, thru LE software scanning, we will get the cope with, cope with sort, connection standing, RSSI, and GAP knowledge of the encircling LE gadgets.

Scan LE LL options -m le --ll-feature

Detecting the LL (Hyperlink Layer) options for the LE gadgets:

Hit upon SMP Pairing options -m le --smp-feature

Detecting the SMP Pairing options of the far flung LE software:

Sniffing promoting bodily channel PDU -m le --adv

When compared with scanning above the HCI, the use of micro:bit to smell the promoting bodily channel PDU on the hyperlink layer, you’ll get richer LE software job knowledge:

💡 The scan mode has a hidden serve as.

You’ll check out to connect with those services and products for additional hacking.

Vulnerabilities scanning -m vuln (demo)

Vulnerability scanning continues to be within the demo degree, and lately simplest helps CVE-2017-0785:

Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X