BlueMaho (Bluetooth Security Testing Suite) updated to v.090417
BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulnerabilities.
Changelog for this release
- NEW: statistics (uniq devices by day/hour, vendors, services etc)
- NEW: handbook
- NEW: opush abuse (prompts flood) DoS attack
- NEW: OBEX stress tests
- NEW: DoS in OPUSH filename for Nokia 7610, 3210, N70, N73
- NEW: Mode 3 abuse attack: get pairing by using social engineering
- NEW: shows times device was found in defined place
- NEW: shows if different names were used by same bd_addr
- NEW: shows PSM and RFCOMM channels in SDP vrowse info
- NEW: added carwhisperer 0.2
- NEW: using ’lightblue’ package for OBEX some operations
- FIX: some code improvements for more usability and stability
- CHG: rewrited bluetracker.py for more stability
- CHG: fontsize can be changed in config
- CHG: add specifying of local hci device to atshell.c, psm_scan.c, rfcomm_scan.c (added timeout, scans more accuracy)
- CHG: oui.txt is now used original format
- CHG: greenplague removed
Features
- scan for devices, show advanced info, SDP records, vendor etc
- loop scan - it can scan all time, showing you online devices
- alerts with sound if new device found
- on_new_device - you can specify what command should it run when it founds new device
- it can use separate dongles - one for scanning (loop scan) and one for running tools or exploits
- send files
- change name, class, mode, BD_ADDR of local HCI devices
- save results in database
- tracking - it can show when remote device was seen first and how many times
- position feature - it can write to database WHERE scanned device was found (you specify location by yourself)
- test remote device for known vulnerabilities (see exploits for more details)
- test remote device for unknown vulnerabilities (see tools for more details)
- themes! you can customize it
tools:
- atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
- bccmd by Marcel Holtmann
- bdaddr.c by Marcel Holtmann
- bluetracker.py by smiley
- psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
- BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
- btftp v0.1 by Marcel Holtmann
- btobex v0.1 by Marcel Holtmann
- greenplaque v1.5 by digitalmunition.com
- L2CAP packetgenerator by Bastian Ballmann
- redfang v2.50 by Ollie Whitehouse
- ussp-push v0.10 by Davide Libenzi
exploits:
- Bluebugger v0.1 by Martin J. Muench
- bluePIMp by Kevin Finisterre
- BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
- helomoto by Adam Laurie
- hidattack v0.1 by Collin R. Mulliner
- Nokia N70 l2cap packet DoS PoC Pierre Betouin
- Sony-Ericsson reset display PoC by Pierre Betouin
Post scriptum
Compliance Mandates
|
Related Articles
BlueMaho |
|
Bluetooth |
|
Vulnerability Scanner |
|