{"id":13462764,"url":"https://github.com/engn33r/awesome-bluetooth-security","last_synced_at":"2026-01-24T05:30:16.565Z","repository":{"id":43496284,"uuid":"273961365","full_name":"engn33r/awesome-bluetooth-security","owner":"engn33r","description":"List of Bluetooth BR/EDR/LE security resources","archived":false,"fork":false,"pushed_at":"2023-12-13T13:27:37.000Z","size":19,"stargazers_count":454,"open_issues_count":0,"forks_count":49,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-05-23T09:40:15.297Z","etag":null,"topics":["awesome","awesome-list","ble","bluetooth","bluetooth-hacking","bluetooth-low-energy","bluetooth-security","penetration-testing","pentesting","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/engn33r.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-06-21T18:27:05.000Z","updated_at":"2024-05-20T04:21:45.000Z","dependencies_parsed_at":"2023-12-13T14:37:03.232Z","dependency_job_id":"0c826a54-25ee-4b32-af8a-e8f97ceacd0b","html_url":"https://github.com/engn33r/awesome-bluetooth-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/engn33r%2Fawesome-bluetooth-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/engn33r%2Fawesome-bluetooth-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/engn33r%2Fawesome-bluetooth-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/engn33r%2Fawesome-bluetooth-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/engn33r","download_url":"https://codeload.github.com/engn33r/awesome-bluetooth-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239766732,"owners_count":19693369,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","ble","bluetooth","bluetooth-hacking","bluetooth-low-energy","bluetooth-security","penetration-testing","pentesting","security"],"created_at":"2024-07-31T13:00:29.880Z","updated_at":"2026-01-24T05:30:16.340Z","avatar_url":"https://github.com/engn33r.png","language":null,"funding_links":[],"categories":["HarmonyOS","Other Awesome Lists","Others","Wireless Protocols","Other Lists","Useful Resources","Security","Protocol","Education Best Practices","Awesome Lists"],"sub_categories":["Windows Manager","Other Security Awesome Lists","Bluetooth / BLE","TeX Lists","Security Awesome Lists","Secure OSes","Misc Tools"],"readme":"# Awesome Bluetooth Security (BR, EDR, LE, and Mesh)\n\n[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\nThis list links to useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.  \n\nSubmit a PR if something is missing!\n\n### To Do\n\n- Add list of useful research papers and whitepapers\n- Add list of useful articles\n- Add list of useful books\n\n------\n\n## Contents\n\n- [Notable Vulnerabilities](#notable_vulnerabilities)\n- [Conference Talks](#conference_talks)\n- [Bluetooth Security Tools](#bluetooth_security_tools)\n- [Primary Reference Materials](#primary_references)\n- [Useful Sites](#useful_sites)\n\n------\n\n## \u003ca name=\"notable_vulnerabilities\"\u003e\u003c/a\u003eNotable Vulnerabilities\n\n| Vulnerability name | Conference \u0026 Year published | Vulnerability website URL | Paper URL | Video URL | SIG Notice | Technology Impacted | Related CVE |\n| :---- | :---------- | :------------------------------- | :----------- | :------ | :------ | :------ | :----------- |\n| BlueBorne | Black Hat Europe 2017 | [Site](https://www.armis.com/blueborne/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf) | [Video](https://www.youtube.com/watch?v=LLNtZKpL0P8) | No Notice | BR/EDR | CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410 |\n| Bleedingbit | 2018 | [Site](https://www.armis.com/bleedingbit/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/Armis-BLEEDINGBIT-Technical-White-Paper-WP.pdf) | [Video](https://www.youtube.com/watch?v=pZpAUapKvGY) | No Notice | LE | CVE-2018-7080, CVE-2018-16986 |\n| Fixed Coordinate Invalid Curve Attack | 2018 | [Site](https://web.archive.org/web/20210226020244/https://www.cs.technion.ac.il/~biham/BT/) | [Paper](https://eprint.iacr.org/2019/1043) | [Video](https://www.youtube.com/watch?v=5x6GaqO24Fg) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bluetooth-sig-security-update/) | BR/EDR/LE | CVE-2018-5383 |\n| SweynTooth | 2019 | [Site](https://asset-group.github.io/disclosures/sweyntooth/) | [Paper](https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf) | [Video](https://www.youtube.com/watch?v=Iw8sIBLWE_w) | No Notice | LE | CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595 |\n| KNOB | USENIX 2019 | [Site](https://knobattack.com/)   | [Paper](https://www.usenix.org/system/files/sec19-antonioli.pdf) | [Video](https://www.youtube.com/watch?v=v9Xg9XcnNh0) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/statement-key-negotiation-of-bluetooth/) | BR/EDR  |  CVE-2019-9506 |\n| BIAS | IEEE S\u0026P 2020 | [Site](https://francozappa.github.io/about-bias/) | [Paper](https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf) | [Video](https://www.youtube.com/watch?v=fASGU7Og5_4) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/) | BR/EDR | CVE-2020-10135 |\n| Pairing Method Confusion | 2020 | [Site](https://github.com/maxdos64/BThack) | [Paper](https://www.computer.org/csdl/proceedings-article/sp/2021/893400a213/1mbmHzm2Q6c) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/) | BR/EDR/LE | CVE-2020-10134 |\n| BlueFrag | 2020 | [Article](https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/) | No Paper | No Video | No Notice | Android | CVE-2020-0022 |\n| Spectra | Black Hat USA 2020 | [Abstract](https://www.blackhat.com/us-20/briefings/schedule/index.html#spectra-breaking-separation-between-wireless-chips-20005) | TBD | [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 |\n| BLURtooth | 2020 | [Site](https://hexhive.epfl.ch/BLURtooth/) | [Paper](https://hexhive.epfl.ch/BLURtooth/22asiaccs.pdf) | [Video](https://www.youtube.com/watch?v=FzFQD3XTLlA) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/) | BR/EDR+LE | CVE-2020-15802, CVE-2022-20361 |\n| BLESA | WOOT 2020 | [Site](https://www.usenix.org/conference/woot20/presentation/wu) | [Paper](https://www.usenix.org/system/files/woot20-paper-wu-updated.pdf) | [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) | No Notice | LE | CVE-2020-9770 |\n| BleedingTooth | 2020 | [Site](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html) | [Writeup](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup) | [Video](https://www.youtube.com/watch?v=qPYrLRausSw) | No Notice | Linux | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 |\n| BlueMirror | WOOT 2021 | [Site](https://kb.cert.org/vuls/id/799380) | [Paper](https://ieeexplore.ieee.org/abstract/document/9474325) | [Video](https://www.youtube.com/watch?v=Ai5-IrCI3kg) | [Multiple SIG Notices](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/) | BR/EDR/LE/Mesh | CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560 |\n| InjectaBLE | IEEE DSN 2021 | [Site](https://github.com/RCayre/injectable-firmware) | [Paper](https://archivesic.ccsd.cnrs.fr/LAAS-TSF/hal-03193297v2) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/) | LE | CVE-2021-31615 |\n| BrakTooth | 2021 | [Site](https://asset-group.github.io/disclosures/braktooth/) | [Paper](https://asset-group.github.io/disclosures/braktooth/braktooth.pdf) | [Video](https://www.youtube.com/watch?v=F7VjuOiUsNk) | No Notice | BR/EDR | CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150 |\n| Pairing Mode Confusion | 2022 | No Site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/) | LE | CVE-2022-25836 |\n| Pairing Mode Confusion | 2022 | No Site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-br-edr/) | BR/EDR | CVE-2022-25837 |\n| BLUFFS | 2023 | [Site](https://francozappa.github.io/post/2023/bluffs-ccs23/) | [Paper](https://dl.acm.org/doi/pdf/10.1145/3576915.3623066) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/) | BR/EDR | CVE-2023-24023 |\n------\n\n## \u003ca name=\"conference_talks\"\u003e\u003c/a\u003eConference Talks\n\n### 2003\n\n- DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving [Video](https://www.youtube.com/watch?v=T-8m0jBdLF0)\n\n### 2004\n\n- 21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking [Video](https://media.ccc.de/v/066_Bluetooth_Hacking)\n- Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets [Video](https://www.youtube.com/watch?v=B7GOxh-DLlw)\n\n### 2005\n\n- 22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art [Video](https://media.ccc.de/v/22C3-536-en-bluetooth_hacking)\n\n### 2006\n\n- 23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited [Video](https://media.ccc.de/v/23C3-1733-en-bluetooth_hacking_revisited)\n- Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat [Video](https://www.youtube.com/watch?v=fsahDgOjv_I)\n\n### 2007\n\n- DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1 [Video](https://www.youtube.com/watch?v=jXtDhQTqhKg)\n\n### 2009\n\n- DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken [Video](https://www.youtube.com/watch?v=Ru8RshSVkGI)  \n- Shmoocon 2009 - Bluetooth-Ossman.m4v [Video](https://www.youtube.com/watch?v=KPp4TjJVJb8)  \n\n### 2010\n\n- Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes? [Video](https://www.youtube.com/watch?v=X0RUN6SB6c8)  \n- DEF CON 18: Breaking Bluetooth by Being Bored 1/3 [Video](https://www.youtube.com/watch?v=Ibia1Bn2Er8)  \n\n### 2011\n\n- ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter [Video](https://www.youtube.com/watch?v=KSd_1FE6z4Y)  \n- DeepSec 2011 - Tommi Makila \u0026 Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother? [Video](https://www.youtube.com/watch?v=Rvzrr_jfH64)\n\n### 2012\n\n- Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth [Video](https://www.youtube.com/watch?v=HU5qi7wimAM)\n- Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor [Video](https://www.youtube.com/watch?v=4POOiVrdnX8)\n- DEF CON 20 - Passive Bluetooth Monitoring in Scapy [Video](https://www.youtube.com/watch?v=FruyviVhvR8)\n\n### 2013\n\n- USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security [Video](https://www.youtube.com/watch?v=Mo-FsEmaqpo)  \n- ShmooCon 9 - How Smart Is Bluetooth Smart? [Video](https://www.youtube.com/watch?v=0FfvLxW_cZg)  \n- Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! [Video](https://www.youtube.com/watch?v=SoH11fi-FcA)  \n- DeepSec 2013 - Veronica Valeros \u0026 Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices [Video](https://www.youtube.com/watch?v=j3fWjpxZFQE)\n\n### 2014\n\n- CanSecWest 2014 - Outsmarting Bluetooth Smart [Video](https://www.youtube.com/watch?v=dYj6bpDzID0)  \n- DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools [Video](https://www.youtube.com/watch?v=_Z4gYyrKVFM)  \n- DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems [Video](https://www.youtube.com/watch?v=85uwy0ACJJw)  \n\n### 2015\n\n- DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards [Video](https://www.youtube.com/watch?v=JZ3EB68v_B0)  \n\n### 2016\n\n- DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away [Video](https://www.youtube.com/watch?v=KrOReHwjCKI)  \n- DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra [Video](https://www.youtube.com/watch?v=p5AnZHY7g1M)  \n- DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework [Video](https://www.youtube.com/watch?v=lcn07TclnS0)  \n- Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool [Video](https://www.youtube.com/watch?v=uKqdb4lF0XU)  \n- Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework [Video](https://www.youtube.com/watch?v=G08fh5Sa7TU)  \n- EMF16 - Michael Ossmann - My Ubertooth Year [Video](https://www.youtube.com/watch?v=8lGCKO13zuo)  \n\n### 2017\n\n- Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks [Video](https://www.youtube.com/watch?v=WWQTlogqF1I)\n\n### 2018\n\n- DEF CON 26 - Damien Cauquil - You had better secure your BLE devices [Video](https://www.youtube.com/watch?v=VHJfd9h6G2s)  \n- 35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth [Video](https://www.youtube.com/watch?v=4_nI9ok7iQg)  \n- MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware [Video](https://www.youtube.com/watch?v=iYPPOMQOev0)\n- Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us [Video](https://www.youtube.com/watch?v=ZI-E37e6UHA)\n\n### 2019\n\n- DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming [Video](https://www.youtube.com/watch?v=wkIdpK7mAk4)  \n- USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE [Video](https://www.youtube.com/watch?v=C1TNuxSCz9Y)  \n- RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques [Video](https://www.youtube.com/watch?v=gCQ3iSy6R-U)  \n- Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques [Video](https://www.youtube.com/watch?v=8kXbu2Htteg)  \n- Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5 [Video](https://www.youtube.com/watch?v=nClZzdvGlKg)  \n- MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth [Video](https://www.youtube.com/watch?v=uwkR8bcni38)\n- BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming [Video](https://www.youtube.com/watch?v=rtaSCqngvqU)  \n- Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming [Video](https://www.youtube.com/watch?v=4TaimqlQCew)  \n- CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices [Video](https://www.youtube.com/watch?v=v4YxIlNyiSI)\n\n### 2020\n\n- Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days [Video](https://www.youtube.com/watch?v=ZVSbF11uxuk)  \n- DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets  [Video](https://www.youtube.com/watch?v=GZd66uVGKn8)\n- DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 [Video](https://www.youtube.com/watch?v=X2ARyfjzxhY)\n- USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8)\n- USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack [Video](https://www.youtube.com/watch?v=hwJX1F11peU)\n- USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks [Video](https://www.youtube.com/watch?v=vcv6agrH4J8)\n- Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands [Video](https://www.youtube.com/watch?v=KIcsci60So4)\n- Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 [Video](https://www.youtube.com/watch?v=2sirVrJpI30)\n- rC3 2020 - Jiska Classen - Exposure Notification Security [Video](https://www.youtube.com/watch?v=w9yuTZzsP_w)\n\n### 2021\n\n- CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator [Video](https://www.youtube.com/watch?v=cxlxc4Yc3tQ)\n- CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security [Video](https://www.youtube.com/watch?v=7tIQjPjjJQc)\n- WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols [Video](https://www.youtube.com/watch?v=Ai5-IrCI3kg)\n- Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols [Video](https://www.youtube.com/watch?v=ej8Rnu5hK5c)\n\n------\n\n## \u003ca name=\"bluetooth_security_tools\"\u003e\u003c/a\u003eBluetooth Security Tools\n\n### Linux Utilities \u0026 Tools\n\n- BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) [Link](http://www.bluez.org/)\n\n### Scanners \u0026 Sniffers\n\n- BTLEmap [Github](https://github.com/seemoo-lab/BTLEmap)\n- Sniffle [Github](https://github.com/nccgroup/sniffle)\n- Bettercap [Github](https://github.com/bettercap/bettercap)\n- sparrow-wifi [Github](https://github.com/ghostop14/sparrow-wifi)\n- bluelog [Github](https://github.com/MS3FGX/Bluelog)\n- btsniffer [Github](https://github.com/bsnet/btsniffer)\n- Blue Hydra [Github](https://github.com/pwnieexpress/blue_hydra)\n- btlesniffer [Github](https://github.com/scipag/btle-sniffer)\n- btscanner [Link](https://manpages.org/btscanner)\n- BT Audit [Link](https://trifinite.org/trifinite_stuff_btaudit.html)\n- redfang [Gitlab](https://gitlab.com/kalilinux/packages/redfang)\n- bleah (deprecated, replaced by Bettercap) [Github](https://github.com/evilsocket/bleah)\n\n### Exploit Tools\n\n- Btlejack [Github](https://github.com/virtualabs/btlejack)\n- crackle [Github](https://github.com/mikeryan/crackle)\n- btcrack [Github](https://github.com/mikeryan/btcrack)\n- BLE-Replay [Github](https://github.com/nccgroup/BLE-Replay)\n- BLESuite-CLI [Github](https://github.com/nccgroup/BLESuite-CLI)\n- BlueMaho [Gitlab](https://gitlab.com/kalilinux/packages/bluemaho)\n- BlueDiving [Sourceforge](http://bluediving.sourceforge.net/)\n- Blooover [Link](https://trifinite.org/trifinite_stuff_blooover.html)\n- l2ping (BlueSmack DoS) [Link](https://trifinite.org/trifinite_stuff_bluesmack.html)\n- hidattacl [Link](https://mulliner.org/bluetooth/hidattack.php)\n\n### OBEX Attack Tools\n\n- obexstress [Download](http://bluetooth-pentest.narod.ru/software/obexstress.py)\n- bluesnarfer [Gitlab](https://gitlab.com/kalilinux/packages/bluesnarfer)\n- nOBEX [Github](https://github.com/nccgroup/nOBEX)\n\n### Fuzzing\n\n- Toothpicker [Github](https://github.com/seemoo-lab/toothpicker)\n- bss (unsupported) [Github](https://github.com/hllhll/BluetoothStackSmasher)\n- Defensics (Commercial) [Link](https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html)\n\n### Firmware Analysis\n\n- InternalBlue [Github](https://github.com/seemoo-lab/internalblue)\n- Frankenstein [Github](https://github.com/seemoo-lab/frankenstein)\n- Nexmon [Github](https://github.com/seemoo-lab/nexmon/tree/bluetooth-wip)\n\n### Man-in-the-middle \u0026 Packet Injection\n\n- BtleJuice [Github](https://github.com/DigitalSecurity/btlejuice)\n- Gattacker [Github](https://github.com/securing/gattacker)\n- BTLE (for SDRs) [Github](https://github.com/JiaoXianjun/BTLE)\n- (Unsupported) Btproxy [Github](https://github.com/conorpp/btproxy)\n\n### Device Spoofing\n\n- Spooftooph [Gitlab](https://gitlab.com/kalilinux/packages/spooftooph)\n- Bluefog [Github](https://github.com/MS3FGX/Bluefog)\n\n### Ping \u0026 Signal Strength Tools\n\n- blue_sonar [Github](https://github.com/ZeroChaos-/blue_sonar)\n- BlueRanger [Gitlab](https://gitlab.com/kalilinux/packages/blueranger)\n\n### Denial of Service\n\n- Blue Deauth [Github](https://github.com/its0x08/blue-deauth)\n\n### Honeypot\n\n- bluepot [Github](https://github.com/andrewmichaelsmith/bluepot/)\n\n### Android Apps\n\n- nRF Connect for Mobile [Google Play](https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp)\n\n### Hardware\n\n- Nordic Semiconductor nRF-51 Development Kit [Link](https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF51-DK)\n- Sena UD-100 (~$39) [Link](http://www.senanetworks.com/ud100-g03.html)\n- Ubertooth One (~$120) [Link](https://greatscottgadgets.com/ubertoothone/)\n- Ellisys Bluetooth Tools [Link](https://www.ellisys.com/products/btcompare.php)\n- Frontline Bluetooth Tools [Link](http://www.fte.com/products/default.aspx)\n\n### Other\n\n- Wireshark: Protocol analyzer and packet capture [Link](https://www.wireshark.org/)\n- Frontline Wireless Protocol Suite (Windows only) [Link](http://www.fte.com/support/wps-download.aspx?demo=802.11\u0026iid=1y)\n- Uberducky (BLE-triggered rubber ducky) [Github](https://github.com/mikeryan/uberducky)\n- CarWhisperer: Bluetooth sniffer for in-vehicle connections [Link](https://trifinite.org/trifinite_stuff_carwhisperer.html)\n- BLEBoy: BLE testing platform [Github](https://github.com/nccgroup/BLEBoy)\n\n------\n\n## \u003ca name=\"primary_references\"\u003e\u003c/a\u003ePrimary Reference Materials\n\nBluetooth Core Specifications [Link](https://www.bluetooth.com/specifications/bluetooth-core-specification/)\n\nNIST Special Publication (SP) 800-121 revision 2 [Link](https://www.nist.gov/publications/guide-bluetooth-security-1)\n\n------\n\n## \u003ca name=\"useful_sites\"\u003e\u003c/a\u003eUseful Sites\n\n- List of Bluetooth bugs [Link](http://bluetooth.lol/)\n- Bluetooth arsenal tool list [Github](https://github.com/0x90/bluetooth-arsenal)\n- trifinite Bluetooth info [Link](https://trifinite.org/trifinite_stuff.html)\n- Mike Ryan's Bluetooth info [Link](https://lacklustre.net/bluetooth/)\n- Colin Mulliner's Bluetooth info [Link](https://mulliner.org/bluetooth/)\n- BlackArch Linux tool list [Link](https://blackarch.org/bluetooth.html)\n- Bluetooth pen test framework [Link](http://bluetooth-pentest.narod.ru/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fengn33r%2Fawesome-bluetooth-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fengn33r%2Fawesome-bluetooth-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fengn33r%2Fawesome-bluetooth-security/lists"}