{"id":48347631,"url":"https://github.com/indspl0it/blue-tap","last_synced_at":"2026-04-17T10:07:42.991Z","repository":{"id":345904189,"uuid":"1187800464","full_name":"Indspl0it/blue-tap","owner":"Indspl0it","description":"Blue-Tap is a comprehensive Bluetooth and BLE penetration testing toolkit designed specifically for security assessments of automotive In-Vehicle Infotainment (IVI) systems. It provides a complete attack lifecycle — from passive device discovery through active exploitation, data extraction, and automated report generation.","archived":false,"fork":false,"pushed_at":"2026-03-30T21:42:42.000Z","size":940,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-30T22:24:04.591Z","etag":null,"topics":["ble","bluetooth","fuzzing","ivi","pentesting","security","vulnerability-research"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Indspl0it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-21T07:17:36.000Z","updated_at":"2026-03-30T21:42:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Indspl0it/blue-tap","commit_stats":null,"previous_names":["indspl0it/blue-tap"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Indspl0it/blue-tap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Indspl0it%2Fblue-tap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Indspl0it%2Fblue-tap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Indspl0it%2Fblue-tap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Indspl0it%2Fblue-tap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Indspl0it","download_url":"https://codeload.github.com/Indspl0it/blue-tap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Indspl0it%2Fblue-tap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31428645,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T02:22:46.605Z","status":"ssl_error","status_checked_at":"2026-04-05T02:22:33.263Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ble","bluetooth","fuzzing","ivi","pentesting","security","vulnerability-research"],"created_at":"2026-04-05T08:01:30.991Z","updated_at":"2026-04-17T10:07:42.984Z","avatar_url":"https://github.com/Indspl0it.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/banner.svg\" alt=\"Blue-Tap Banner\" width=\"100%\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eBluetooth/BLE Penetration Testing Toolkit for Automotive IVI Systems\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/python-3.10%2B-blue\" alt=\"Python 3.10+\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/license-GPL--3.0-green\" alt=\"License GPL-3.0\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/version-2.6.2-orange\" alt=\"Version 2.6.2\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/modules-101-cyan\" alt=\"101 Modules\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/CVEs-37-red\" alt=\"37 CVEs\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/platform-Linux%20(Kali)-557C94\" alt=\"Linux\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://Indspl0it.github.io/blue-tap/\"\u003eDocumentation\u003c/a\u003e \u0026middot;\n  \u003ca href=\"https://Indspl0it.github.io/blue-tap/guide/cli-reference/\"\u003eCLI Reference\u003c/a\u003e \u0026middot;\n  \u003ca href=\"https://Indspl0it.github.io/blue-tap/cve/detection-matrix/\"\u003eCVE Matrix\u003c/a\u003e \u0026middot;\n  \u003ca href=\"https://Indspl0it.github.io/blue-tap/changelog/\"\u003eChangelog\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\nBlue-Tap is a Bluetooth Classic and BLE security assessment framework designed to find both known and unknown vulnerabilities in Bluetooth stacks. It targets automotive IVI systems, mobile devices, IoT endpoints, and embedded firmware — anything with a Bluetooth radio. 101 modules across 6 families cover the full pentest lifecycle from device discovery through 0-day hunting via protocol-aware fuzzing. A DarkFirmware capability on RTL8761B controllers extends testing below the HCI boundary into the Link Manager and Link Controller layers, reaching the 40-45% of the Bluetooth attack surface that host-only tools cannot see.\n\n## Features\n\n**Discovery \u0026 Reconnaissance** — Classic and BLE device scanning, SDP/GATT enumeration, L2CAP/RFCOMM channel probing, device fingerprinting, HCI capture, BLE/LMP sniffing, capability detection, and cross-probe correlation. [Guide](https://Indspl0it.github.io/blue-tap/guide/discovery/)\n\n**Vulnerability Assessment** — 25 CVE detections (behavioral + compliance) and 11 non-CVE posture checks covering L2CAP, BNEP, SDP, AVRCP, GATT, HID, SMP, and pairing protocols. [CVE Matrix](https://Indspl0it.github.io/blue-tap/cve/detection-matrix/)\n\n**Exploitation** — KNOB (CVE-2019-9506), BIAS (CVE-2020-10135), BLUFFS (CVE-2023-24023), CTKD (CVE-2020-15802), encryption downgrade, SSP downgrade, connection hijack, and PIN brute-force. [Guide](https://Indspl0it.github.io/blue-tap/guide/exploitation/)\n\n**Denial of Service** — 9 CVE-backed crash probes and 21 protocol stress tests across L2CAP, SDP, RFCOMM, BNEP, HFP, OBEX, LMP, and pairing with automatic recovery monitoring. [DoS Matrix](https://Indspl0it.github.io/blue-tap/cve/dos-matrix/)\n\n**Post-Exploitation** — Phonebook extraction (PBAP), message access (MAP), call audio (HFP), audio streaming (A2DP), media control (AVRCP), file push (OPP), Bluesnarfer (OBEX), and AT command probing. [Guide](https://Indspl0it.github.io/blue-tap/guide/post-exploitation/)\n\n**Protocol Fuzzing** — 16-protocol mutation fuzzer with coverage-guided, state-machine, targeted, and random-walk strategies. Crash database, payload minimization, CVE reproduction, and live Rich dashboard. 6,685+ seeds. [Guide](https://Indspl0it.github.io/blue-tap/guide/fuzzing/)\n\n**DarkFirmware (Below-HCI)** — RTL8761B firmware patching for LMP injection, link-layer monitoring, and controller memory R/W. Reaches the 40-45% of Bluetooth CVEs invisible to host-only tools. [Hardware Setup](https://Indspl0it.github.io/blue-tap/getting-started/hardware-setup/)\n\n**Reporting \u0026 Sessions** — Professional HTML and JSON reports with 11 per-module adapters. Persistent sessions for multi-phase assessments. [Guide](https://Indspl0it.github.io/blue-tap/guide/sessions-and-reporting/)\n\n## Installation\n\n### Prerequisites\n\n- Linux (Kali recommended)\n- Python 3.10+\n- BlueZ 5.50+ (`bluetoothctl`, `hcitool`, `btmon`)\n- At least one Bluetooth HCI adapter\n- Root privileges for Bluetooth operations\n\nOptional: RTL8761B USB dongle (e.g., TP-Link UB500) for DarkFirmware / below-HCI attacks.\n\n### Via PyPI\n\n```bash\npip install blue-tap\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/Indspl0it/blue-tap.git\ncd blue-tap\npip install -e .\n```\n\n### Verify Installation\n\n```bash\nblue-tap --version          # Should print 2.6.2\nblue-tap doctor             # Check all prerequisites\nsudo blue-tap adapter list  # List Bluetooth adapters\n```\n\nSee the full [Installation Guide](https://Indspl0it.github.io/blue-tap/getting-started/installation/) for detailed setup, including DarkFirmware flashing and the IVI simulator.\n\n## Usage\n\nBlue-Tap follows a phase-verb workflow that mirrors a real-world Bluetooth pentest:\n\n```\ndiscover  →  recon  →  vulnscan  →  exploit  →  dos  →  extract  →  fuzz  →  report\n```\n\n### Quick Start\n\n```bash\n# 1. Find nearby Bluetooth devices\nsudo blue-tap discover classic -d 20\n\n# 2. Deep recon on a target\nsudo blue-tap recon 4C:4F:EE:17:3A:89 sdp\nsudo blue-tap recon 4C:4F:EE:17:3A:89 fingerprint\n\n# 3. Scan for vulnerabilities (25 CVE + 11 posture checks)\nsudo blue-tap vulnscan 4C:4F:EE:17:3A:89\n\n# 4. Exploit a confirmed vulnerability\nsudo blue-tap exploit 4C:4F:EE:17:3A:89 knob --yes\n\n# 5. Extract data post-exploitation\nsudo blue-tap extract 4C:4F:EE:17:3A:89 contacts --all\n\n# 6. Generate HTML report\nblue-tap report --format html --output report.html\n```\n\n### Automation\n\n```bash\n# Full automated assessment against a single target\nsudo blue-tap auto 4C:4F:EE:17:3A:89 --yes\n\n# Fleet scan — discover and assess all IVI devices in range\nsudo blue-tap fleet --duration 20 --class ivi\n\n# Run a playbook\nsudo blue-tap run-playbook --playbook ivi-full-audit.yaml\n```\n\n### Fuzzing\n\n```bash\n# Multi-protocol fuzzing campaign\nsudo blue-tap fuzz campaign 4C:4F:EE:17:3A:89 -p sdp -p rfcomm --duration 2h\n\n# Crash analysis\nblue-tap fuzz crashes list --protocol sdp --severity HIGH\nblue-tap fuzz minimize CRASH_ID\n```\n\nSee the full [CLI Reference](https://Indspl0it.github.io/blue-tap/guide/cli-reference/) for all commands and options.\n\n## Documentation\n\nFull documentation is hosted at **[Indspl0it.github.io/blue-tap](https://Indspl0it.github.io/blue-tap/)**\n\n| Section | Description |\n|---------|-------------|\n| [Getting Started](https://Indspl0it.github.io/blue-tap/getting-started/installation/) | Installation, hardware setup, quick start, IVI simulator |\n| [CLI Reference](https://Indspl0it.github.io/blue-tap/guide/cli-reference/) | Every command, option, and example |\n| [CVE Detection Matrix](https://Indspl0it.github.io/blue-tap/cve/detection-matrix/) | 37 CVEs across vulnscan, exploitation, and DoS |\n| [DoS Matrix](https://Indspl0it.github.io/blue-tap/cve/dos-matrix/) | 30 DoS checks with severity and recovery monitoring |\n| [Workflows](https://Indspl0it.github.io/blue-tap/workflows/full-pentest/) | End-to-end pentest recipes |\n| [Developer Guide](https://Indspl0it.github.io/blue-tap/developer/architecture/) | Architecture, module system, writing modules, plugins |\n| [Troubleshooting](https://Indspl0it.github.io/blue-tap/reference/troubleshooting/) | Common issues and fixes |\n| [Changelog](https://Indspl0it.github.io/blue-tap/changelog/) | Release history |\n\n## Legal Disclaimer\n\nBlue-Tap is provided for **authorized security testing and research purposes only**. You must have explicit written permission from the owner of any device you test. Unauthorized access to Bluetooth devices is illegal under the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and similar laws worldwide. The authors accept no liability for misuse. Report vulnerabilities responsibly to the affected manufacturer.\n\n## License\n\n[GNU General Public License v3.0](LICENSE) — Copyright (C) 2026 Santhosh Ballikonda\n\n---\n\n**Santhosh Ballikonda** — [@Indspl0it](https://github.com/Indspl0it)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findspl0it%2Fblue-tap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Findspl0it%2Fblue-tap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findspl0it%2Fblue-tap/lists"}