Pentest Tools

Published on December 22nd, 2015 📆 | 1929 Views ⚑


BluPhish — Bluetooth Service Discovery Tool


Bluetooth device and service discovery tool that can be used for security assessment and penetration testing.ย BluPhish is written in Java, and relies on the Bluecove 2.1.1 API

[adsense size='1']


Run the script run.script, which contains the following command:

java -cp .;bluecove-2.1.1-SNAPSHOT.jar BluPhish


The application will try to discover all the locally reachable bluetooth devices and services, attempt to connect to the services, and print their information.

The information about a service will have the following format: Device Name, Service Name, Connection URL, Requires Pairing, where:

  • Device Name is the user-friendly name given to the device.
  • Service Name is the name of the service discovered associated with the device.
  • Connection URL is an URL-formatted string that contains the connection type used by the service (BTSPP, BTL2CAP, BTGOEP), the address of the device, service port, and whether the servcie requires authentication, authorization and has to be master in the communication.
  • Requires Pairing says whether the application could connect to the service without pairing (generally meaning an unsafe connection could be made with the service). This value is irrelevant when the โ€˜โ€“no-pairโ€™ directive is provided to BluPhish.

[adsense size='1']

An example output is the following:

iPhone | STRING Phonebook | btgoep://D896959D35B9:13;authenticate=false;encrypt=false;master=false | Yes


This output says that โ€˜iPhoneโ€™ has a service named โ€˜STRING Phonebookโ€™ that connects through โ€˜btgoepโ€™. The Bluetooth address of โ€˜iPhoneโ€™ is D896959D35B9, the service is listening to port 13, doesnโ€™t require authentication nor encryption, and doesnโ€™t have to be master. The service also requires explicit pairing between the device and another application attempting to connect to it, so itโ€™s secure in that sense.

By default BluPhish will attempt to discover and pair with all the bluetooth services in order to probe for vulnerabilities. This will result in a pairing notification sent to the device.

[adsense size='1']

In order to perform a non-pairing discovery, invoke BluPhish with the โ€˜โ€“no-pairโ€™ directive:

java -cp .;bluecove-2.1.1-SNAPSHOT.jar BluPhish --no-pair



Source && Download

Leave a Reply

Your email address will not be published.