https://github.com/engn33r/awesome-bluetooth-security

List of Bluetooth BR/EDR/LE security resources
https://github.com/engn33r/awesome-bluetooth-security

List: awesome-bluetooth-security

awesome awesome-list ble bluetooth bluetooth-hacking bluetooth-low-energy bluetooth-security penetration-testing pentesting security

Last synced: 2 months ago
JSON representation

List of Bluetooth BR/EDR/LE security resources

• Host: GitHub
• URL: https://github.com/engn33r/awesome-bluetooth-security
• Owner: engn33r
• Created: 2020-06-21T18:27:05.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2023-12-13T13:27:37.000Z (almost 1 year ago)
• Last Synced: 2024-05-23T09:40:15.297Z (7 months ago)
• Topics: awesome, awesome-list, ble, bluetooth, bluetooth-hacking, bluetooth-low-energy, bluetooth-security, penetration-testing, pentesting, security
• Homepage:
• Size: 18.6 KB
• Stars: 454
• Watchers: 12
• Forks: 49
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-security-awesome - awesome-bluetooth-security
• awesome-cybersecurity - awesome-bluetooth-security - List of Bluetooth BR/EDR/LE security resources. (Protocol)
• ultimate-awesome - awesome-bluetooth-security - List of Bluetooth BR/EDR/LE security resources. (Other Lists / PowerShell Lists)

README

        
# Awesome Bluetooth Security (BR, EDR, LE, and Mesh)

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

This list links to useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.  

Submit a PR if something is missing!

### To Do

- Add list of useful research papers and whitepapers

- Add list of useful articles

- Add list of useful books

------

## Contents

- [Notable Vulnerabilities](#notable_vulnerabilities)

- [Conference Talks](#conference_talks)

- [Bluetooth Security Tools](#bluetooth_security_tools)

- [Primary Reference Materials](#primary_references)

- [Useful Sites](#useful_sites)

------

## Notable Vulnerabilities

| Vulnerability name | Conference & Year published | Vulnerability website URL | Paper URL | Video URL | SIG Notice | Technology Impacted | Related CVE |

| :---- | :---------- | :------------------------------- | :----------- | :------ | :------ | :------ | :----------- |

| BlueBorne | Black Hat Europe 2017 | [Site](https://www.armis.com/blueborne/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf) | [Video](https://www.youtube.com/watch?v=LLNtZKpL0P8) | No Notice | BR/EDR | CVE-2017-8628, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-14315, CVE-2017-1000410 |

| Bleedingbit | 2018 | [Site](https://www.armis.com/bleedingbit/) | [Paper](https://info.armis.com/rs/645-PDC-047/images/Armis-BLEEDINGBIT-Technical-White-Paper-WP.pdf) | [Video](https://www.youtube.com/watch?v=pZpAUapKvGY) | No Notice | LE | CVE-2018-7080, CVE-2018-16986 |

| Fixed Coordinate Invalid Curve Attack | 2018 | [Site](https://web.archive.org/web/20210226020244/https://www.cs.technion.ac.il/~biham/BT/) | [Paper](https://eprint.iacr.org/2019/1043) | [Video](https://www.youtube.com/watch?v=5x6GaqO24Fg) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bluetooth-sig-security-update/) | BR/EDR/LE | CVE-2018-5383 |

| SweynTooth | 2019 | [Site](https://asset-group.github.io/disclosures/sweyntooth/) | [Paper](https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf) | [Video](https://www.youtube.com/watch?v=Iw8sIBLWE_w) | No Notice | LE | CVE-2019-16336, CVE-2019-17060, CVE-2019-17061, CVE-2019-17517, CVE-2019-17518, CVE-2019-17519, CVE-2019-17520, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194, CVE-2019-19195, CVE-2019-19196, CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595 |

| KNOB | USENIX 2019 | [Site](https://knobattack.com/)   | [Paper](https://www.usenix.org/system/files/sec19-antonioli.pdf) | [Video](https://www.youtube.com/watch?v=v9Xg9XcnNh0) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/statement-key-negotiation-of-bluetooth/) | BR/EDR  |  CVE-2019-9506 |

| BIAS | IEEE S&P 2020 | [Site](https://francozappa.github.io/about-bias/) | [Paper](https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf) | [Video](https://www.youtube.com/watch?v=fASGU7Og5_4) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/) | BR/EDR | CVE-2020-10135 |

| Pairing Method Confusion | 2020 | [Site](https://github.com/maxdos64/BThack) | [Paper](https://www.computer.org/csdl/proceedings-article/sp/2021/893400a213/1mbmHzm2Q6c) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/) | BR/EDR/LE | CVE-2020-10134 |

| BlueFrag | 2020 | [Article](https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/) | No Paper | No Video | No Notice | Android | CVE-2020-0022 |

| Spectra | Black Hat USA 2020 | [Abstract](https://www.blackhat.com/us-20/briefings/schedule/index.html#spectra-breaking-separation-between-wireless-chips-20005) | TBD | [Video](https://www.youtube.com/watch?v=GZd66uVGKn8) | No Notice | WiFi+BT modules | CVE-2019-15063, CVE-2020-10367, CVE-2020-10368, CVE-2020-10369, CVE-2020-10370 |

| BLURtooth | 2020 | [Site](https://hexhive.epfl.ch/BLURtooth/) | [Paper](https://hexhive.epfl.ch/BLURtooth/22asiaccs.pdf) | [Video](https://www.youtube.com/watch?v=FzFQD3XTLlA) | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/) | BR/EDR+LE | CVE-2020-15802, CVE-2022-20361 |

| BLESA | WOOT 2020 | [Site](https://www.usenix.org/conference/woot20/presentation/wu) | [Paper](https://www.usenix.org/system/files/woot20-paper-wu-updated.pdf) | [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8) | No Notice | LE | CVE-2020-9770 |

| BleedingTooth | 2020 | [Site](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html) | [Writeup](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup) | [Video](https://www.youtube.com/watch?v=qPYrLRausSw) | No Notice | Linux | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 |

| BlueMirror | WOOT 2021 | [Site](https://kb.cert.org/vuls/id/799380) | [Paper](https://ieeexplore.ieee.org/abstract/document/9474325) | [Video](https://www.youtube.com/watch?v=Ai5-IrCI3kg) | [Multiple SIG Notices](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/) | BR/EDR/LE/Mesh | CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560 |

| InjectaBLE | IEEE DSN 2021 | [Site](https://github.com/RCayre/injectable-firmware) | [Paper](https://archivesic.ccsd.cnrs.fr/LAAS-TSF/hal-03193297v2) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/) | LE | CVE-2021-31615 |

| BrakTooth | 2021 | [Site](https://asset-group.github.io/disclosures/braktooth/) | [Paper](https://asset-group.github.io/disclosures/braktooth/braktooth.pdf) | [Video](https://www.youtube.com/watch?v=F7VjuOiUsNk) | No Notice | BR/EDR | CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31717, CVE-2021-31609, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31785, CVE-2021-31786, CVE-2021-31610, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150 |

| Pairing Mode Confusion | 2022 | No Site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/) | LE | CVE-2022-25836 |

| Pairing Mode Confusion | 2022 | No Site | No Paper | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-br-edr/) | BR/EDR | CVE-2022-25837 |

| BLUFFS | 2023 | [Site](https://francozappa.github.io/post/2023/bluffs-ccs23/) | [Paper](https://dl.acm.org/doi/pdf/10.1145/3576915.3623066) | No Video | [SIG Notice](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/) | BR/EDR | CVE-2023-24023 |

------

## Conference Talks

### 2003

- DEF CON 11 - Bruce Potter - Bluetooth - The Future of Wardriving [Video](https://www.youtube.com/watch?v=T-8m0jBdLF0)

### 2004

- 21C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking [Video](https://media.ccc.de/v/066_Bluetooth_Hacking)

- Black Hat USA 2004 - Adam Laurie, Martin Herfurt - BlueSnarfing The Risk From Digital Pickpockets [Video](https://www.youtube.com/watch?v=B7GOxh-DLlw)

### 2005

- 22C3 - Marcel Holtmann, Martin Herfurt, Adam Laurie - Bluetooth Hacking - The State of The Art [Video](https://media.ccc.de/v/22C3-536-en-bluetooth_hacking)

### 2006

- 23C3 - Thierry Zoller, Kevin Finistere - Bluetooth Hacking Revisited [Video](https://media.ccc.de/v/23C3-1733-en-bluetooth_hacking_revisited)

- Black Hat USA 2006 - Bruce Potter - Bluetooth Defense Kit Black Hat [Video](https://www.youtube.com/watch?v=fsahDgOjv_I)

### 2007

- DeepSec 2007 - Marcel Holtmann - New Security Model of Bluetooth 2.1 [Video](https://www.youtube.com/watch?v=jXtDhQTqhKg)

### 2009

- DEF CON 17 - Dominic Spill, Michael Ossmann, and Mark Steward - Bluetooth Smells like Chicken [Video](https://www.youtube.com/watch?v=Ru8RshSVkGI)  

- Shmoocon 2009 - Bluetooth-Ossman.m4v [Video](https://www.youtube.com/watch?v=KPp4TjJVJb8)  

### 2010

- Shmoocon 2010 - Michael Ossmann - Bluetooth Keyboards: Who Owns Your Keystrokes? [Video](https://www.youtube.com/watch?v=X0RUN6SB6c8)  

- DEF CON 18: Breaking Bluetooth by Being Bored 1/3 [Video](https://www.youtube.com/watch?v=Ibia1Bn2Er8)  

### 2011

- ShmooCon 2011 - Project Ubertooth: Building a Better Bluetooth Adapter [Video](https://www.youtube.com/watch?v=KSd_1FE6z4Y)  

- DeepSec 2011 - Tommi Makila & Jukka Taimisto: Intelligent Bluetooth Fuzzing - Why bother? [Video](https://www.youtube.com/watch?v=Rvzrr_jfH64)

### 2012

- Ruxcon 2012 - Dominic Spill - Bluetooth Packet Sniffing Using Project Ubertooth [Video](https://www.youtube.com/watch?v=HU5qi7wimAM)

- Toorcon 2012 - Hacking Bluetooth Low Energy: I Am Jack's Heart Monitor [Video](https://www.youtube.com/watch?v=4POOiVrdnX8)

- DEF CON 20 - Passive Bluetooth Monitoring in Scapy [Video](https://www.youtube.com/watch?v=FruyviVhvR8)

### 2013

- USENIX WOOT 2013 - Mike Ryan - Bluetooth: With Low Energy Comes Low Security [Video](https://www.youtube.com/watch?v=Mo-FsEmaqpo)  

- ShmooCon 9 - How Smart Is Bluetooth Smart? [Video](https://www.youtube.com/watch?v=0FfvLxW_cZg)  

- Black Hat USA 2013 - Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix! [Video](https://www.youtube.com/watch?v=SoH11fi-FcA)  

- DeepSec 2013 - Veronica Valeros & Sebastian Garcia: Uncovering your Trails - Privacy Issues of Bluetooth Devices [Video](https://www.youtube.com/watch?v=j3fWjpxZFQE)

### 2014

- CanSecWest 2014 - Outsmarting Bluetooth Smart [Video](https://www.youtube.com/watch?v=dYj6bpDzID0)  

- DEF CON 22 - The NSA Playset Bluetooth Smart Attack Tools [Video](https://www.youtube.com/watch?v=_Z4gYyrKVFM)  

- DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems [Video](https://www.youtube.com/watch?v=85uwy0ACJJw)  

### 2015

- DEF CON 23 - Mike Ryan and Richo Healey - Hacking Electric Skateboards [Video](https://www.youtube.com/watch?v=JZ3EB68v_B0)  

### 2016

- DEF CON 24 - Anthony Rose, Ben Ramsey - Picking Bluetooth Low Energy Locks a Quarter Mile Away [Video](https://www.youtube.com/watch?v=KrOReHwjCKI)  

- DEF CON 24 - Realtime Bluetooth Device Detection with Blue Hydra [Video](https://www.youtube.com/watch?v=p5AnZHY7g1M)  

- DEF CON 24 Internet of Things Village Damien Cauquil Btlejuice The Bluetooth Smart Mitm Framework [Video](https://www.youtube.com/watch?v=lcn07TclnS0)  

- Black Hat USA 2016 - Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool [Video](https://www.youtube.com/watch?v=uKqdb4lF0XU)  

- Hack.lu 2016 - Damiel Cauquil - BtleJuice: the Bluetooth Smart Man In The Middle Framework [Video](https://www.youtube.com/watch?v=G08fh5Sa7TU)  

- EMF16 - Michael Ossmann - My Ubertooth Year [Video](https://www.youtube.com/watch?v=8lGCKO13zuo)  

### 2017

- Black Hat Europe 2017 - Ben Seri, Gregory Vishnepolsky - BlueBorne - A New Class of Airborne Attacks [Video](https://www.youtube.com/watch?v=WWQTlogqF1I)

### 2018

- DEF CON 26 - Damien Cauquil - You had better secure your BLE devices [Video](https://www.youtube.com/watch?v=VHJfd9h6G2s)  

- 35C3 - Dennis Mantz and Jiska Classen - Dissecting Broadcom Bluetooth [Video](https://www.youtube.com/watch?v=4_nI9ok7iQg)  

- MRMCD2018 - Dennis Mantz and Jiska Classen - A Deep Dive into Bluetooth Controller Firmware [Video](https://www.youtube.com/watch?v=iYPPOMQOev0)

- Black Hat Europe 2018 - Ben Seri, Dor Zusman - BLEEDINGBIT Your APs Belong to Us [Video](https://www.youtube.com/watch?v=ZI-E37e6UHA)

### 2019

- DEF CON 27 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming [Video](https://www.youtube.com/watch?v=wkIdpK7mAk4)  

- USENIX Security '19 - Pallavi Sivakumaran - A Study of the Feasibility of Co-located App Attacks against BLE [Video](https://www.youtube.com/watch?v=C1TNuxSCz9Y)  

- RSA 2019 - Mike Ryan - Bluetooth Reverse Engineering: Tools and Techniques [Video](https://www.youtube.com/watch?v=gCQ3iSy6R-U)  

- Hardwear.io USA 2019 - Mike Ryan - Bluetooth Hacking: Tools And Techniques [Video](https://www.youtube.com/watch?v=8kXbu2Htteg)  

- Hardwear.io Netherlands 2019 - Sultan Qasim Khan - Sniffle: A low-cost sniffer for Bluetooth 5 [Video](https://www.youtube.com/watch?v=nClZzdvGlKg)  

- MRMCD2019 - Dennis Mantz and Jiska Classen - Playing with Bluetooth [Video](https://www.youtube.com/watch?v=uwkR8bcni38)

- BruCON 0x0B - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG for fun and jamming [Video](https://www.youtube.com/watch?v=rtaSCqngvqU)  

- Hack.LU 2019 - Damien Cauquil - Defeating Bluetooth Low Energy 5 PRNG For Fun And Jamming [Video](https://www.youtube.com/watch?v=4TaimqlQCew)  

- CyberCamp19 - Pablo González - Audit and hacking to Bluetooth Low-Energy (BLE) devices [Video](https://www.youtube.com/watch?v=v4YxIlNyiSI)

### 2020

- Hardwear.io Virtual Con 2020 - Daniele Antonioli - From Bluetooth Standard to Standard Compliant 0-days [Video](https://www.youtube.com/watch?v=ZVSbF11uxuk)  

- DEF CON 28 - Jiska Classen and Francesco Gringoli - Spectra — New Wireless Escalation Targets  [Video](https://www.youtube.com/watch?v=GZd66uVGKn8)

- DEF CON 28 - Maxine Filcher - The Basics Of Breaking BLE v3 [Video](https://www.youtube.com/watch?v=X2ARyfjzxhY)

- USENIX WOOT 2020 - Jianliang Wu - BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [Video](https://www.youtube.com/watch?v=wIWZaSZsRc8)

- USENIX WOOT 2020 - Dennis Heinze, Jiska Classen, Matthias Hollick - ToothPicker: Apple Picking in the iOS Bluetooth Stack [Video](https://www.youtube.com/watch?v=hwJX1F11peU)

- USENIX 2020 - Yue Zhang - Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks [Video](https://www.youtube.com/watch?v=vcv6agrH4J8)

- Black Hat Europe 2020 - Wang Yu - Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands [Video](https://www.youtube.com/watch?v=KIcsci60So4)

- Ekoparty 2020 - Cecilia Pastorino and Dan Borgogno - Bluetooth Low Energy Hacking 101 [Video](https://www.youtube.com/watch?v=2sirVrJpI30)

- rC3 2020 - Jiska Classen - Exposure Notification Security [Video](https://www.youtube.com/watch?v=w9yuTZzsP_w)

### 2021

- CCC #DiVOC2020 - Jiska Classen - Finding Eastereggs in Broadcom's Bluetooth Random Number Generator [Video](https://www.youtube.com/watch?v=cxlxc4Yc3tQ)

- CCC #DiVOC2020 - Jan Ruge - No PoC? No Fix! - A sad Story about Bluetooth Security [Video](https://www.youtube.com/watch?v=7tIQjPjjJQc)

- WOOT2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Reflections on Bluetooth Pairing and Provisioning Protocols [Video](https://www.youtube.com/watch?v=Ai5-IrCI3kg)

- Hardwear.io NL 2021 - Tristan Claverie, José Lopes Esteves - BlueMirror: Defeating Authentication In Bluetooth Protocols [Video](https://www.youtube.com/watch?v=ej8Rnu5hK5c)

------

## Bluetooth Security Tools

### Linux Utilities & Tools

- BlueZ (l2ping, gatttool, hciconfig, hcidump, hcitool, sdptool, bccmd, bluetoothctl, etc.) [Link](http://www.bluez.org/)

### Scanners & Sniffers

- BTLEmap [Github](https://github.com/seemoo-lab/BTLEmap)

- Sniffle [Github](https://github.com/nccgroup/sniffle)

- Bettercap [Github](https://github.com/bettercap/bettercap)

- sparrow-wifi [Github](https://github.com/ghostop14/sparrow-wifi)

- bluelog [Github](https://github.com/MS3FGX/Bluelog)

- btsniffer [Github](https://github.com/bsnet/btsniffer)

- Blue Hydra [Github](https://github.com/pwnieexpress/blue_hydra)

- btlesniffer [Github](https://github.com/scipag/btle-sniffer)

- btscanner [Link](https://manpages.org/btscanner)

- BT Audit [Link](https://trifinite.org/trifinite_stuff_btaudit.html)

- redfang [Gitlab](https://gitlab.com/kalilinux/packages/redfang)

- bleah (deprecated, replaced by Bettercap) [Github](https://github.com/evilsocket/bleah)

### Exploit Tools

- Btlejack [Github](https://github.com/virtualabs/btlejack)

- crackle [Github](https://github.com/mikeryan/crackle)

- btcrack [Github](https://github.com/mikeryan/btcrack)

- BLE-Replay [Github](https://github.com/nccgroup/BLE-Replay)

- BLESuite-CLI [Github](https://github.com/nccgroup/BLESuite-CLI)

- BlueMaho [Gitlab](https://gitlab.com/kalilinux/packages/bluemaho)

- BlueDiving [Sourceforge](http://bluediving.sourceforge.net/)

- Blooover [Link](https://trifinite.org/trifinite_stuff_blooover.html)

- l2ping (BlueSmack DoS) [Link](https://trifinite.org/trifinite_stuff_bluesmack.html)

- hidattacl [Link](https://mulliner.org/bluetooth/hidattack.php)

### OBEX Attack Tools

- obexstress [Download](http://bluetooth-pentest.narod.ru/software/obexstress.py)

- bluesnarfer [Gitlab](https://gitlab.com/kalilinux/packages/bluesnarfer)

- nOBEX [Github](https://github.com/nccgroup/nOBEX)

### Fuzzing

- Toothpicker [Github](https://github.com/seemoo-lab/toothpicker)

- bss (unsupported) [Github](https://github.com/hllhll/BluetoothStackSmasher)

- Defensics (Commercial) [Link](https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html)

### Firmware Analysis

- InternalBlue [Github](https://github.com/seemoo-lab/internalblue)

- Frankenstein [Github](https://github.com/seemoo-lab/frankenstein)

- Nexmon [Github](https://github.com/seemoo-lab/nexmon/tree/bluetooth-wip)

### Man-in-the-middle & Packet Injection

- BtleJuice [Github](https://github.com/DigitalSecurity/btlejuice)

- Gattacker [Github](https://github.com/securing/gattacker)

- BTLE (for SDRs) [Github](https://github.com/JiaoXianjun/BTLE)

- (Unsupported) Btproxy [Github](https://github.com/conorpp/btproxy)

### Device Spoofing

- Spooftooph [Gitlab](https://gitlab.com/kalilinux/packages/spooftooph)

- Bluefog [Github](https://github.com/MS3FGX/Bluefog)

### Ping & Signal Strength Tools

- blue_sonar [Github](https://github.com/ZeroChaos-/blue_sonar)

- BlueRanger [Gitlab](https://gitlab.com/kalilinux/packages/blueranger)

### Denial of Service

- Blue Deauth [Github](https://github.com/its0x08/blue-deauth)

### Honeypot

- bluepot [Github](https://github.com/andrewmichaelsmith/bluepot/)

### Android Apps

- nRF Connect for Mobile [Google Play](https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp)

### Hardware

- Nordic Semiconductor nRF-51 Development Kit [Link](https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF51-DK)

- Sena UD-100 (~$39) [Link](http://www.senanetworks.com/ud100-g03.html)

- Ubertooth One (~$120) [Link](https://greatscottgadgets.com/ubertoothone/)

- Ellisys Bluetooth Tools [Link](https://www.ellisys.com/products/btcompare.php)

- Frontline Bluetooth Tools [Link](http://www.fte.com/products/default.aspx)

### Other

- Wireshark: Protocol analyzer and packet capture [Link](https://www.wireshark.org/)

- Frontline Wireless Protocol Suite (Windows only) [Link](http://www.fte.com/support/wps-download.aspx?demo=802.11&iid=1y)

- Uberducky (BLE-triggered rubber ducky) [Github](https://github.com/mikeryan/uberducky)

- CarWhisperer: Bluetooth sniffer for in-vehicle connections [Link](https://trifinite.org/trifinite_stuff_carwhisperer.html)

- BLEBoy: BLE testing platform [Github](https://github.com/nccgroup/BLEBoy)

------

## Primary Reference Materials

Bluetooth Core Specifications [Link](https://www.bluetooth.com/specifications/bluetooth-core-specification/)

NIST Special Publication (SP) 800-121 revision 2 [Link](https://www.nist.gov/publications/guide-bluetooth-security-1)

------

## Useful Sites

- List of Bluetooth bugs [Link](http://bluetooth.lol/)

- Bluetooth arsenal tool list [Github](https://github.com/0x90/bluetooth-arsenal)

- trifinite Bluetooth info [Link](https://trifinite.org/trifinite_stuff.html)

- Mike Ryan's Bluetooth info [Link](https://lacklustre.net/bluetooth/)

- Colin Mulliner's Bluetooth info [Link](https://mulliner.org/bluetooth/)

- BlackArch Linux tool list [Link](https://blackarch.org/bluetooth.html)

- Bluetooth pen test framework [Link](http://bluetooth-pentest.narod.ru/)