|
BlueSweep |
|
Windows |
AirMagnet |
http://www.airmagnet.com/products/bluesweep.htm |
|
BlueSweep™, an easy-to-use freeware utility to identify
and analyze any nearby Bluetooth device. With AirMagnet BlueSweep, users
can:
-
Identify every local Bluetooth device
-
See interconnections between Bluetooth devices
-
Identify all services available on each device
This provides a simple way to gain visibility into
your Bluetooth environment and identify related security issues that
otherwise would go unnoticed. To insure ubiquitous access to this tool,
AirMagnet is providing BlueSweep at no charge, and without technical
support. |
|
|
Information
Updated:01 Nov 2005
|
|
 |
|
btscanner |
|
Linux |
Pentest
Limited |
http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads |
|
btscanner 2.0 is a completely revamped version of the original. With all
the features of 1.0, version 2.0 now boasts the ability to do brute
force scans of OUI ranges. Both inquiry and brute force scan types are
able to utilise multiple dongles to increase coverage and the chance of
finding a device. Additional features include the ability to export the
scan results to a text file and improved sorting. A detailed information
screen extracts HCI and SDP information, and maintains an open
connection to monitor the RSSI and link quality. btscanner is based on
the BlueZ Bluetooth stack, which is included with recent Linux kernels,
and the BlueZ toolset. btscanner also contains a complete listing of the
IEEE OUI numbers and class lookup tables. Using the information gathered
from these sources it is possible to make educated guesses as to the
host device type.
|
|
|
Information Updated:02 Nov 2005
|
|
T-BEAR |
|
Linux |
Beyond
Security |
http://www.transec.org/~tbear/ |
|
T-BEAR
is a developing suite of applications designed to improve slash "audit"
the security of Bluetooth environments. By environment, we mean anything
from a home PAN, to your PDA or cell phone. The suite currently consists
of the following utilities, all of which are either included in this
package, or are under development |
|
|
Information Updated:02 Nov 2005
|
|
Greenplaque |
|
Linux |
kf lists |
http://www.digitalmunition.com/bluetooth.html |
|
Greenplaque is an application that finds discoverable bluetooth devices.
Greenplaque is inspired by Ollie Whitehouse and Redfang. The latest
versions of Greenplaque requires the Affix Bluetooth protocol libraries |
|
|
Information Updated:02 Nov 2005
|
|
RedFang |
|
|
Ollie
Whitehouse |
Unofficial Site
http://www.net-security.org/software.php?id=519 |
|
Redfang
v2.5 is an enhanced version of the original application that finds
non-discoverable Bluetooth devices by brute-forcing the last six bytes
of the device's Bluetooth address and doing a read_remote_name(). This
new version has streamlined code, enumerates service information, and
supports multiple threads for substantial speed gains using multiple
devices (maximum theoretical limit of 127 USB devices). This release of
Redfang was developed in collaboration with QinetiQ as part of their
work in the DTI Next Wave Technologies project FORWARD |
|
|
Information Updated:02 Nov 2005
|
|
BlueSpam |
|
PalmOS |
|
Unethical
http://www.mulliner.org/palm/bluespam.php |
|
BlueSpam
searches for all discoverable bluetooth devices and sends a file to them
(spams them) if they support OBEX. By default a small text will be send.
To customize the message that should be send you need a palm with an SD/MMC
card, then you create the directory /PALM/programs/BlueSpam/Send/ and
put the file (any type of file will work .jpg is allways fun) you would
like to send into this directory. |
|
|
Information
Updated:03 Nov 2005
|
|
BluePrint |
|
Linux |
Collin
Mulliner and Martin Herfurt |
http://trifinite.org/trifinite_stuff_blueprinting.html |
|
Blueprinting is a method to remotely find out details about bluetooth-enabled
devices. Blueprinting can be used for generating statistics about
manufacturers and models and to find out whether there are devices in
range that have issues with Bluetooth security. |
|
|
Information
Updated:03 Nov 2005
|
|
Bloover |
|
J2ME Phones |
Martin Herfurt |
http://trifinite.org/trifinite_stuff_blooover.html |
|
Blooover is a proof-of-concept tool that is intended to run on
J2ME-enabled cell phones that appear to be comparably seamless. Blooover
is a tool that is intended to serve as an audit tool that people can use
to check whether their phones and phones of friends and employees are
vulnerable. |
|
|
Information
Updated:03 Nov 2005
|
|
Car Whisperer |
|
Use Responsibly |
Martin Herfurt |
http://trifinite.org/trifinite_stuff_carwhisperer.html |
|
The carwhisperer project
intends to sensibilise manufacturers of carkits and other Bluetooth
appliances without display and keyboard for the possible security threat
evolving from the use of standard passkeys.
Once the connection has been successfully established, the carwhisperer
binary starts sending audio to, and recording audio from the headset.
This allows attackers to inject audio data into the car. This could be
fake
traffic announcements or nice words. Attackers are also able to
eavesdrop conversations among people sitting in the car. |
|
|
Information
Updated:03 Nov 2005
|
|
Last page update: 04 Oct 2007 |
|
Computer Network Defence Ltd
Information Security Consultancy and Recruiting
enquiries@securitywizardry.com
Copyright © 2004 Computer
Network Defence Ltd. All Rights Reserved.
|
PO Box 2680, Corsham, Wiltshire, SN13 0ZR, UK
Phone 0870 3219014
International +44 (0) 1225 811806
|
|
