BlueMaho Bluetooth Security Testing Suite v.080422 beta released

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulnerabilities.

Features

  • scan for devices, show advanced info, SDP records, vendor etc
  • loop scan - it can scan all time, showing you online devices
  • alerts with sound if new device found
  • on_new_device - you can specify what command should it run when it founds new device
  • it can use separate dongles - one for scanning (loop scan) and one for running tools or exploits
  • send files
  • change name, class, mode, BD_ADDR of local HCI devices
  • save results in database
  • tracking - it can show when remote device was seen first and how many times
  • position feature - it can write to database WHERE scanned device was found (you specify location by yourself)
  • test remote device for known vulnerabilities (see exploits for more details)
  • test remote device for unknown vulnerabilities (see tools for more details)
  • themes! you can customize it

tools:

  • atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
  • bccmd by Marcel Holtmann
  • bdaddr.c by Marcel Holtmann
  • bluetracker.py by smiley
  • psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
  • BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
  • btftp v0.1 by Marcel Holtmann
  • btobex v0.1 by Marcel Holtmann
  • greenplaque v1.5 by digitalmunition.com
  • L2CAP packetgenerator by Bastian Ballmann
  • redfang v2.50 by Ollie Whitehouse
  • ussp-push v0.10 by Davide Libenzi

exploits:

  • Bluebugger v0.1 by Martin J. Muench
  • bluePIMp by Kevin Finisterre
  • BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
  • helomoto by Adam Laurie
  • hidattack v0.1 by Collin R. Mulliner
  • Nokia N70 l2cap packet DoS PoC Pierre Betouin
  • Sony-Ericsson reset display PoC by Pierre Betouin

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

BlueMaho
Bluetooth
Vulnerability Scanner