BlueMaho - Bluetooth Security Testing Suite
BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice statistics.
What it can do? (features)
- scan for devices, show advanced info, SDP records, vendor etc
- track devices - show where and how much times device was seen, its name changes
- loop scan - it can scan all time, showing you online devices
- alerts with sound if new device found
- on_new_device - you can spacify what command should it run when it founds new device
- it can use separate dongles - one for scaning (loop scan) and one for running tools or exploits
- send files
- change name, class, mode, BD_ADDR of local HCI devices
- save results in database
- form nice statistics (uniq devices by day/hour, vendors, services etc)
- test remote device for known vulnerabilities (see exploits for more details)
- test remote device for unknown vulnerabilities (see tools for more details)
- themes! you can customize it
What tools and exploits it consist of?
- Tools:
- atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
- bccmd by Marcel Holtmann
- bdaddr.c by Marcel Holtmann
- bluetracker.py by smiley
- carwhisperer v0.2 by Martin Herfurt
- psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
- BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
- btftp v0.1 by Marcel Holtmann
- btobex v0.1 by Marcel Holtmann
- greenplaque v1.5 by digitalmunition.com
- L2CAP packetgenerator by Bastian Ballmann
- obex stress tests 0.1
- redfang v2.50 by Ollie Whitehouse
- ussp-push v0.10 by Davide Libenzi
- exploits/attacks:
- Bluebugger v0.1 by Martin J. Muench
- bluePIMp by Kevin Finisterre
- BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
- helomoto by Adam Laurie
- hidattack v0.1 by Collin R. Mulliner
- Mode 3 abuse attack
- Nokia N70 l2cap packet DoS PoC Pierre Betouin
- opush abuse (prompts flood) DoS attack
- Sony-Ericsson reset display PoC by Pierre Betouin
- you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst'
Requirements
- OS (tested with Debian 4.0 Etch / 2.6.18)
- python (python 2.4 http://www.python.org)
- wxPython (python-wxgtk2.6 http://www.wxpython.org)
- BlueZ (3.9/3.24) http://www.bluez.org
- Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver)
- pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp
- libopenobex1 + libopenobex-dev (needed by ussp-push)
- libxml2, libxml2-dev (needed by btftp)
- libusb-dev (needed by bccmd)
- libreadline5-dev (needed by atshell.c)
- lightblue-0.3.3 (needed by obexstress.py)
- hardware: any bluez compatible bluetooth-device