BlueMaho Project – Bluetooth Security Testing Suite


BlueMaho is GUI-shell (interface) for a suite of tools best used for Bluetooth security testing. It is freeware, opensource, written on python, uses wxPython. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.

I did get interested in Bluetooth for a while and the security implications of a personal area network protocol which includes discovery/broadcast etc. I ended up only posting one article at the time though which was about Haraldscan – BlueTooth Discovery Scanner.

BlueMaho Project - Bluetooth Security Testing Suite

I have a bunch more Bluetooth related resources to share though, so I’ll be putting them out from time to time. Some (like this) aren’t particularly up to date, but give you a great base to start with and play around.

Features

  • Scan for devices, show advanced info, SDP records, vendor etc
  • Track devices – show where and how much times device was seen, its name changes
  • Loop scan – it can scan all time, showing you online devices
  • Alerts with sound if new device found
  • on_new_device – you can spacify what command should it run when it founds new device
  • It can use separate dongles – one for scaning (loop scan) and one for running tools or exploits
  • Send files
  • Change name, class, mode, BD_ADDR of local HCI devices
  • Save results in database
  • Form nice statistics (uniq devices by day/hour, vendors, services etc)
  • Test remote device for known vulnerabilities (see exploits for more details)
  • Test remote device for unknown vulnerabilities (see tools for more details)
  • Themes! you can customize it

Requirements

The main requirements are:

  • OS (tested with Debian 4.0 Etch / 2.6.18)
  • Python 2.4
  • wxPython
  • BlueZ

You can download BlueMaho here:

bluemaho_v090417.tgz

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

, ,


Latest Posts:


GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.


Comments are closed.