redfang Package Description
RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().
redfang Homepage | Kali redfang Repo
- Author: @stake Inc, Ollie Whitehouse, Simon Halsall, Stephen Kapp
- License: GPLv2
tools included in the redfang package
fang – The Bluetooth Hunter
[email protected]:~# fang -h
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author: Ollie Whitehouse <[email protected]>
enhanced: threads by Simon Halsall <[email protected]>
enhanced: device info discovery by Stephen Kapp <[email protected]>
usage:
fang [options]
options:
-r range i.e. 00803789EE76-00803789EEff
-o filename Output Scan to Text Logfile
An address can also be manf+nnnnnn, where manf
is listed with the -l option and nnnnnn is the
tail of the address. All addresses must be 12
characters long
-t timeout The connect timeout, this is 10000 by default
Which is quick and yields results, increase for
reliability
-n num The number of dongles
-d Show debug information
-s Perform Bluetooth Discovery
-l Show device manufacturer codes
-h Display help
The devices are assumed to be hci0 to hci(n) where (n) is the number
of threads -1, this is currently not configurable but maybe at a
later date
redfang Usage Example
Scan the given range (-r 00803789EE76-00803789EEff) and discover Bluetooth devices (-s):
[email protected]:~# fang -r 00803789EE76-00803789EEff -s
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author: Ollie Whitehouse <[email protected]>
enhanced: threads by Simon Halsall <[email protected]>
enhanced: device info discovery by Stephen Kapp <[email protected]>
Scanning 138 address(es)
Address range 00:80:37:89:ee:76 -> 00:80:37:89:ee:ff
Performing Bluetooth Discovery...