## https://sploitus.com/exploit?id=E2C059C1-C667-5102-9D78-9A4D1D4C4378
# BlueScan - Bluetooth Security Scanner
A comprehensive Bluetooth security assessment tool for discovering, analyzing, and testing vulnerabilities in Classic Bluetooth and BLE devices.
## Features
- **Device Discovery**: Active scanning for both Classic Bluetooth and BLE devices
- **Vulnerability Assessment**: Automated detection of common Bluetooth security issues
- **Service Enumeration**: Detailed service and characteristic discovery
- **Exploit Testing**: Tests for exploitable services including:
- OBEX file transfer vulnerabilities
- Audio streaming access
- BLE notification hijacking
- GATT characteristic access
- HCI command execution
- Pairing mechanism analysis
- **Risk Categorization**: Devices classified as HIGH, MEDIUM, LOW, or NONE risk
- **JSON Reporting**: Detailed scan reports with findings and recommendations
- **Active/Cached Device Tracking**: Distinguishes between currently broadcasting and previously paired devices
## Installation
### Prerequisites
```bash
# Install required system packages
sudo apt update
sudo apt install -y bluetooth bluez bluez-tools golang-go
```
### Build
```bash
# Clone or download the project
cd bluescan
# Build the binary
go build -o bluescan ./cmd/scanner
```
## Usage
```bash
# Run scanner with root privileges (required for Bluetooth access)
sudo ./bluescan
```
### Output
The scanner generates:
- Console output with real-time scan progress
- JSON report saved as `bluetooth_security_scan_YYYY-MM-DD_HH-MM-SS.json`
### Example Output
```
=== Bluetooth Security Scanner ===
Starting assessment...
[1/3] Discovering Bluetooth devices...
Scanning for Classic Bluetooth devices (30 second timeout)...
Found 3 Classic Bluetooth devices
Scanning for BLE devices (15s)...
Found 1 BLE devices
[2/3] Assessing device security and testing exploits...
[1/4] Assessing: TWS (41:42:C0:17:F3:70)
โโ Device is ACTIVE - Running security tests...
โโ Probing for vulnerable services...
โ โโ Handsfree/Headset detected
โโ Enumerating GATT services...
โโ Testing pairing mechanism...
=== SECURITY ASSESSMENT SUMMARY ===
Total Devices Scanned: 4
High Risk Devices: 0
Medium Risk Devices: 1
Low Risk Devices: 0
=== ACTIVELY DISCOVERED DEVICES (1) ===
1. TWS (41:42:C0:17:F3:70)
โโ Risk Level: MEDIUM
โโ Vulnerabilities: Audio Gateway exposure
โโ Recommendations: Disable audio services when not in use
```
## File Structure
```
bluescan/
โโโ cmd/scanner/
โ โโโ main.go # Main entry point
โโโ internal/
โ โโโ assessment/ # Vulnerability assessment logic
โ โโโ exploits/ # Exploit testing functions
โ โโโ recon/ # Device discovery and scanning
โ โโโ reporting/ # Report generation
โโโ go.mod
โโโ go.sum
```
## Configuration
Adjust scan duration in `cmd/scanner/main.go`:
```go
bleDevices, err := recon.ScanBLEDevices(15 * time.Second) // Change duration here
```
Adjust Classic Bluetooth timeout in `internal/recon/ble_scanner.go`:
```go
cmd := exec.Command("timeout", "30", "hcitool", "scan") // Change timeout here
```
## Scan Times
- Classic Bluetooth: ~30 seconds (configurable)
- BLE: ~15 seconds (configurable)
- Total with analysis: ~1-2 minutes depending on devices found
## Supported Tests
| Test | Type | Device Type |
|------|------|-------------|
| Service Probing | Info Gathering | Both |
| OBEX File Transfer | Exploit | Classic |
| Audio Streaming | Access Test | Classic/BLE |
| BLE Notifications | Exploit | BLE |
| GATT Enumeration | Discovery | BLE |
| HCI Commands | Communication | Classic |
| Pairing Mechanism | Analysis | Both |
## Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized testing of Bluetooth devices you don't own is illegal. Always obtain permission before scanning or testing devices.
## Requirements
- Linux system with Bluetooth adapter
- Root/sudo privileges
- Go 1.16+
- Bluetooth tools installed (hcitool, bluetoothctl, sdptool)
## Troubleshooting
**No devices found:**
- Ensure Bluetooth adapter is enabled: `hciconfig`
- Check device is powered on and discoverable
- Verify you have proper permissions: use `sudo`
**Scan hangs:**
- Timeouts prevent indefinite hangs (30s classic, 15s BLE)
- If still hanging, your Bluetooth adapter may have issues
**Permission denied:**
- Always run with `sudo`
- Check Bluetooth group permissions
## License
This project is provided for educational and authorized security testing purposes only.
---
**Note**: For best results, keep target devices nearby and powered on. Some devices require pairing before accessing all services.