A Bluetooth device scanner, support both BR and LE!
Project description
bluescan
A useful Bluetooth scanner that supports scanning:
- BR devices
- LE devices
- GATT
- SDP
- Vulnerabilities (demo)
Requirements
sudo apt install libglib2.0-dev libbluetooth-dev
# if you want to try vulnerabilities scanning, see requirements in
# README.md of https://github.com/ojasookert/CVE-2017-0785
Install
pip3 install bluescan
Usage
# bluescan -h
Usage:
bluescan (-h | --help)
bluescan (-v | --version)
bluescan [-i <hcix>] -m br [--inquiry-len=<n>] [--async]
bluescan [-i <hcix>] -m le [--timeout=<sec>] [--le-scan-type=<type>] [--sort=<key>]
bluescan [-i <hcix>] -m sdp BD_ADDR
bluescan [-i <hcix>] -m gatt --addr-type=<type> BD_ADDR
bluescan [-i <hcix>] -m vuln --addr-type=br BD_ADDR
Arguments:
BD_ADDR Target Bluetooth device address
Options:
-h, --help Display this help
-v, --version Show the version
-i <hcix> HCI device for scan [default: hci0]
-m <mode> Scan mode, support BR, LE, SDP, GATT and vuln
--inquiry-len=<n> Inquiry_Length parameter of HCI_Inquiry command [default: 8]
--timeout=<sec> Duration of LE scan [default: 10]
--le-scan-type=<type> Active or passive scan for LE scan [default: active]
--sort=<key> Sort the discovered devices by key, only support RSSI now [default: rssi]
--async Asynchronous scan for BR scan
--addr-type=<type> Public, random or BR
Example
-
Scan LE device
# bluescan -m le [Warnning] Before doing active scan, make sure you spoof your BD_ADDR. LE active scanning on hci0...timeout 10 sec BD_ADDR: 4c:34:78:26:ad:71 Addr type: random Connectable: True RSSI: -94 dB General Access Profile: Flags (0x01): 06 Manufacturer (0xFF): 4c0010054b1c3debf9 BD_ADDR: 28:11:a5:41:28:27 Addr type: public Connectable: True RSSI: -91 dB General Access Profile: Flags (0x01): 19 Complete 16b Services (0x03): 0000febe-0000-1000-8000-00805f9b34fb,0000fe26-0000-1000-8000-00805f9b34fb Manufacturer (0xFF): 010951100d8851abf2f196f2 Tx Power (0x0A): f6 ... ... -
Scan BR device
# bluescan -m br BR scanning on hci0...timeout 10.24 sec [BR scan] discovered new device addr: EC:51:BC:ED:6E:DC name: OPPO R11 class: 0x5A020C [BR scan] discovered new device addr: 9C:2E:A1:43:EB:5F name: 360syh class: 0x5A020C ... ...
-
Scan (Discover) GATT
# bluescan -m gatt --addr-type=random ??:??:??:??:??:?? Number of services: 5 Service declaration (3 characteristics) Handle: "attr handle" by using gatttool -b <BD_ADDR> --primary Type: (May be primary service 00002800-0000-1000-8000-00805f9b34fb) Value (Service UUID): 00001800-0000-1000-8000-00805f9b34fb (Generic Access) Permission: Read Only, No Authentication, No Authorization Characteristic declaration (0 descriptors) Handle: 0x0002 Type: 00002803-0000-1000-8000-00805f9b34fb Value: Characteristic properties: READ WRITE Characteristic value handle: 0x0003 Characteristic UUID: 00002a00-0000-1000-8000-00805f9b34fb (Device Name) Permission: Read Only, No Authentication, No Authorization Characteristic value declaration Handle: 0x0003 Type: 00002a00-0000-1000-8000-00805f9b34fb Value: b'???????' Permission: Higher layer profile or implementation specific ... ... -
Scan (Discover) SDP
# bluescan -m sdp ??:??:??:??:??:?? Name: Headset Gateway Protocol RFCOMM Port 2 Service Class: ['1112', '1203'] Profiles: [('1108', 258)] Description: None Provider: None Service-id None Name: Handsfree Gateway Protocol RFCOMM Port 3 Service Class: ['111F', '1203'] Profiles: [('111E', 262)] Description: None Provider: None Service-id None ... ... -
Vulnerability (demo)
bluescan -m vuln --addr-type=br ??:??:??:??:??:?? ... ... CVE-2017-0785
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bluescan-0.0.5.tar.gz
(16.4 kB
view details)
Built Distribution
bluescan-0.0.5-py3-none-any.whl
(30.6 kB
view details)
File details
Details for the file bluescan-0.0.5.tar.gz.
File metadata
- Download URL: bluescan-0.0.5.tar.gz
- Upload date:
- Size: 16.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/44.0.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.7.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7987c0fa74d04ba2072c3ab4586ee4c5483c9ce9ddcae09ba67502d9feb8fb14
|
|
| MD5 |
b17cb5b05f58136464f80145bb9bc4fa
|
|
| BLAKE2b-256 |
3cc0b030763625cbeac58a4b7f5a299ff574c07ef6df4baa4d1f8819a6b36a13
|
File details
Details for the file bluescan-0.0.5-py3-none-any.whl.
File metadata
- Download URL: bluescan-0.0.5-py3-none-any.whl
- Upload date:
- Size: 30.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/44.0.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.7.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
84c588410ff87de04e7d8a7d343e0d337212c15ee0eefe87884f0a3c0cab63c2
|
|
| MD5 |
26ac02a0d955533838a90beb09da3e69
|
|
| BLAKE2b-256 |
7b087a2fe292f883b3c8a65f0971e601acc98d325984e187df7f67df88598e5f
|
