#!/bin/bash # bluejay v0.5 (10-10-2010) # (C)opyright 2010 - TAPE # # To do ; # > Create variables for that which is possible (hci-out.tmp) # > Improve logging capabilities # > Remove superfluous code (colour types) # > Get the extra switch for random banners to work without getting multiple banners.. # (banner1 currently hard-coded in) as I want the randomizing to be an option only. # > Flush the cached results per prior scans from /var/lib/bluetooth/ ? # > Read manufacturer detail from OUI.txt and include in log ? # ## FIXED SETTINGS ## ============== CNT=$( hciconfig | grep hci | cut -c -4 | wc -l ) # Count number of devices NOW=$(date +"%d-%m-%Y-%H:%M:%S") # Date and time when NOW is called. banner_nmbr=$[ ( $RANDOM % 6) + 1 ] # Random number from 1 to 6 RED=$(tput setaf 1) # Red fonts REDBOLD=$(tput setaf 1 && tput bold) # Bold red fonts GREEN=$(tput setaf 2) # Green fonts GREENBOLD=$(tput setaf 2 && tput bold) # Bold green fonts BLUE=$(tput setaf 6) # Blue fonts BLUEBOLD=$(tput setaf 6 && tput bold) # Bold blue fonts STAND=$(tput sgr 0) # Back to standard output ## ## ## Start with a clear screen each time bluejay is run. clear ## ## ## BANNERS ## ======= ## 6 different banners which can be called randomly (banner1 hardcoded in for the time being) function banner1() { echo $BLUEBOLD" ::::::::: ::: ::: ::: :::::::::: ::::::::::: ::: ::: ::: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +#++:++#+ +#+ +#+ +:+ +#++:++# +#+ +#++:++#++: +#++: +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# ######### ########## ######## ########## ##### ### ### ### bluejay -- a simple bluetooth scanner by TAPE"$STAND } function banner2() { echo $BLUEBOLD" _ _ _ | | | | (_) | |__ | |_ _ ___ _ __ _ _ _ | ._ \| | | | |/ _ \ |/ _ | | | | | |_) | | |_| | __/ | (_| | |_| | |_.__/|_|\__,_|\___| |\__,_|\__, | _/ | __/ | |__/ |___/ bluejay -- a simple bluetooth scanner by TAPE"$STAND } function banner3() { echo $BLUEBOLD" ______ _ _______________________ ( ___ \( \ |\ /| ____ \__ _/ ___ )\ /| | ( ) ) ( | ) ( | ( \/ ) ( | ( ) | \ / ) | (__/ /| | | | | | (__ | | | (___) |\ (_) / | __ ( | | | | | | __) | | | ___ | \ / | ( \ \| | | | | | ( | | | ( ) | ) ( | )___) ) (____/\ (___) | (____/\\_) ) | ) ( | | | |/ \___/(_______/_______)_______/____/ |/ \| \_/ bluejay -- a simple bluetooth scanner by TAPE"$STAND } function banner4() { echo $BLUEBOLD" ______ __ __ __ _______ __ ___ ____ ____ | _ \ | | | | | | | ____| | | / \ \ \ / / | |_) | | | | | | | | |__ | | / ^ \ \ \/ / | _ < | | | | | | | __| .--. | | / /_\ \ \_ _/ | |_) | | '----.| '--' | | |____ | '--' | / _____ \ | | |______/ |_______| \______/ |_______| \______/ /__/ \__\ |__| bluejay -- a simple bluetooth scanner by TAPE"$STAND } function banner5() { echo $BLUEBOLD" -------------------------------------------------------- ## / / , ## ## /__ / __ __ ## ## / ) / / / /___) / / ) / / ## ## (___/ / (___( (___ / (___( (___/ ## ## ==============================/===============/== ## ## (_ / (_ / ## ## ~~\ ## ## | '> bluejay -- a simple bluetooth scanner ## ## /~,\ by TAPE ## ## /~/ / ## ---//-''------------------------------------------------ /"$STAND } function banner6() { echo $BLUEBOLD" bluejay -- a simple bluetooth scanner by TAPE"$STAND } ## ## ## ## Randomizing banner ## ================== function RNDM_BNR() { banner$banner_nmbr } ## ## ## ## CHECKS PRIOR START ## ================== if [ -d /pentest/bluetooth/bluejay ] then echo else (tput setaf 1 && tput bold) banner6 echo echo $REDBOLD"Directory /pentest/bluetooth/bluejay/ not found" echo "This directory is required as bluejay saves temp files to this location."$STAND echo echo -e "Would you like to create $GREENBOLD/pentest/bluetooth/bluejay/$STAND to continue ? y/n: \c" read dir if [ "$dir" == "y" ] || [ "$dir" == "Y" ] then mkdir /pentest/bluetooth/bluejay/ clear elif [ "$dir" == "n" ] || [ "$dir" == "N" ] || [ "$dir" == "" ] then exit 1 fi fi ## ## ## ## Checking if a bluetooth interface is present ## If not, then error message and quit. if [ $CNT == "0" ] then banner1 echo echo $REDBOLD"NO BLUETOOTH INTERFACE FOUND"$STAND echo "Connect bluetooth interface device, then$GREENBOLD ./bluejay -h$STAND for help" exit 1 fi ## ## ## # UPDATING OUI # wget -O /pentest/bluetooth/bluejay/oui.txt http://standards.ieee.org/regauth/oui/oui.txt ## ## ## ## ## LISTING INTERFACES ## ================== function IFACE_LIST() { #Listing available interfaces banner1 if [ $CNT == "0" ] #If no devices present, then Quit then echo exit 1 fi hciconfig | grep hci | cut -c -4 > /pentest/bluetooth/bluejay/hci-out.tmp # List device names in tmp file hcitool dev > /pentest/bluetooth/bluejay/dev.tmp # List hcitool dev output in tmp file HCIDEV=$( cat /pentest/bluetooth/bluejay/dev.tmp | sed '1d' | wc -l ) DEVNR=$( hcitool dev | sed '1d' | sed 's/^[ \t]*//' | cut -f 1 ) echo $REDBOLD"LISTING BLUETOOTH INTERFACES"$STAND sleep 0.5 echo "$CNT interface(s) found;" echo $BLUEBOLD hciconfig | grep hci | cut -c -4 (tput sgr 0) if [ $HCIDEV == "0" ] then echo echo "0 interface(s) UP" echo "=================" else echo echo "$HCIDEV interface(s) UP" echo "IFACE BDADDR" echo "----- -----------------" (tput setaf 6 && tput bold) hcitool dev | sed '1d' | sed -e 's/^[ \t]*//' echo (tput sgr 0) fi rm /pentest/bluetooth/bluejay/dev.tmp # Cleanup temp file rm /pentest/bluetooth/bluejay/hci-out.tmp # Cleanup temp file echo exit 1 } ## ## ## SINGLE SCAN ## =========== ## ## function SING_SCAN() { banner1 if [ $CNT == "0" ] # Check if any devices present, if no devices Quit then echo exit 1 fi hciconfig | grep hci | cut -c -4 | sed 's/[ \t]*$//' > /pentest/bluetooth/bluejay/hci-out.tmp (tput setaf 1) (tput bold) echo "STARTING SINGLE SCAN" (tput sgr 0) if [ $CNT == "1" ] then # #---Single scan if only one available interface---# # (tput sgr 0) IFACE=$( cat /pentest/bluetooth/bluejay/hci-out.tmp ) hciconfig $IFACE up sleep 2 (tput sgr 0) echo "Scan with $IFACE Started $NOW" echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ --------------------- --------------------------" (tput setaf 6) (tput bold) hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 (tput sgr 0) else # #---Single scan with multiple interfaces available---# # (tput sgr 0) echo "Found $CNT interfaces" echo "------------------" (tput setaf 6) (tput bold) cat /pentest/bluetooth/bluejay/hci-out.tmp echo (tput sgr 0) echo -e "Enter interface to use: \c" read IFACE if [ "$IFACE" == "" ] then ENT=$( hciconfig | grep hci | cut -c -4 | awk NR==1 ) hciconfig $ENT up sleep 2 echo "Scan with $ENT" started $NOW echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ ---------------------- --------------------------" (tput setaf 6) (tput bold) hcitool -i $ENT scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 (tput sgr 0) else hciconfig $IFACE up sleep 2 echo "Scan with $IFACE" started $NOW echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ ---------------------- --------------------------" (tput setaf 6) (tput bold) hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 (tput sgr 0) fi (tput sgr 0) fi COUNT=$( cat /pentest/bluetooth/bluejay/log.tmp | cut -c -17 | sort | uniq | sed '1d' | wc -l ) echo echo "$COUNT bluetooth device(s) found" rm /pentest/bluetooth/bluejay/hci-out.tmp # Cleanup temp file rm /pentest/bluetooth/bluejay/log.tmp (tput sgr 0) exit 1 } ## ## ## CONTINUOUS SCAN ## NOT LOGGING CLOCK OFFSETS ## ========================= ## ## function CONT_SCAN () { banner1 if [ $CNT == "0" ] then echo exit 1 fi (tput setaf 1) (tput bold) echo "STARTING CONTINUOUS SCAN" (tput sgr 0) hciconfig | grep hci | cut -c -4 | sed 's/[ \t]*$//' > /pentest/bluetooth/bluejay/hci-out.tmp if [ $CNT == "1" ] then #---Continuous scan when just one interface available---# (tput sgr 0) echo IFACE=$( cat /pentest/bluetooth/bluejay/hci-out.tmp ) hciconfig $IFACE up sleep 2 echo "Scan with $IFACE started $NOW -- Ctrl+C to quit" echo "-------------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Name Device Class" (tput sgr 0) echo "----------------- -------------------- -------------------------" while true; do (tput setaf 6) (tput bold) hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | sed 's/\[clkoffset 0x....\]//g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 done (tput sgr 0) echo else #---Continuous scan with multiple interfaces available---# echo "Found $CNT interfaces" echo "------------------" (tput setaf 6) (tput bold) cat /pentest/bluetooth/bluejay/hci-out.tmp echo (tput sgr 0) echo -e "Enter interface to use: \c" read IFACE if [ "$IFACE" == "" ] then ENT=$( hciconfig | grep hci | cut -c -4 | awk NR==1 ) hciconfig $ENT up sleep 2 echo "Scan with $ENT started $NOW -- Ctrl+C to quit" echo "-----------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Name Device Class" (tput sgr 0) echo "----------------- -------------------- -------------------------" while true; do (tput setaf 6) (tput bold) hcitool -i $ENT scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | sed 's/\[clkoffset 0x....\]//g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 done (tput sgr 0) else hciconfig $IFACE up sleep 2 echo "Scan with $IFACE started $NOW -- Ctrl+C to quit" echo "------------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Name Device Class" (tput sgr 0) echo "----------------- -------------------- -------------------------" while true; do (tput setaf 6) (tput bold) hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | sed 's/\[clkoffset 0x....\]//g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 done (tput sgr 0) fi (tput sgr 0) echo fi rm /pentest/bluetooth/bluejay/hci-out.tmp # Cleanup temp file exit 1 } ## ## ## FULL CONTINUOUS SCAN ## LOGGING CLOCK OFFSETS ## ===================== ## ## function F_CONT_SCAN () { banner1 if [ $CNT == "0" ] then echo exit 1 fi (tput setaf 1) (tput bold) echo "STARTING FULL CONTINUOUS SCAN" (tput sgr 0) hciconfig | grep hci | cut -c -4 | sed 's/[ \t]*$//' > /pentest/bluetooth/bluejay/hci-out.tmp if [ $CNT == "1" ] then #---Full continuous scan when just one interface available---# (tput sgr 0) echo IFACE=$( cat /pentest/bluetooth/bluejay/hci-out.tmp ) hciconfig $IFACE up sleep 2 echo "Scan with $IFACE started $NOW -- Ctrl+C to quit" echo "--------------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ ---------------------- --------------------------" (tput setaf 6) (tput bold) while true; do hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode ., //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 #including clock offsets done (tput sgr 0) echo else #---Full continuous scan with multiple interfaces available---# echo "Found $CNT interfaces" echo "------------------" (tput setaf 6) (tput bold) cat /pentest/bluetooth/bluejay/hci-out.tmp echo (tput sgr 0) echo -e "Enter interface to use: \c" read IFACE if [ "$IFACE" == "" ] then ENT=$( hciconfig | grep hci | cut -c -4 | awk NR==1 ) hciconfig $ENT up sleep 2 echo "Scan with $ENT started $NOW -- Ctrl+C to quit" echo "------------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ ---------------------- --------------------------" (tput setaf 6) (tput bold) while true; do (tput setaf 6) (tput bold) hcitool -i $ENT scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode 1, //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 done (tput sgr 0) else hciconfig $IFACE up sleep 2 echo "Scan with $IFACE started $NOW -- Ctrl+C to quit" echo "-------------------------------------------------------------" echo (tput setaf 6) (tput bold) echo " BD ADDR Clock Offset Name Device Class" (tput sgr 0) echo "----------------- ------------------ ---------------------- --------------------------" (tput setaf 6) (tput bold) while true; do (tput setaf 6) (tput bold) hcitool -i $IFACE scan --flush --class | perl -ne 'if (/^.*:\s+(.*)$/){printf("%-20s ",$1)} elsif(/^\s*$/) {print} END{print"\n"}' | sed 's/mode 1, //g' | tee -a /pentest/bluetooth/bluejay/log.tmp; sleep 5 done (tput sgr 0) fi (tput sgr 0) echo fi rm /pentest/bluetooth/bluejay/hci-out.tmp # Cleanup temp file exit 1 } ## ## ## HELP INFORMATION ## ================ ## ## function HELP() { banner1 echo "Usage: ./bluejay [option]" echo " Options: -s --- Single scan -c --- Continuous scan (without clock offsets) -f --- Full continuous scan (including clock offsets) -i --- List available bluetooth interfaces -h --- This help information -v --- Version & more information" exit 1 } ## ## ## VERSION ## ======= ## ## function VERS() { #Version && Information banner1 BOLD=$(tput bold) RED=$(tput setaf 1) BLUEBOLD=$(tput setaf 6 && tput bold) STAND=$(tput sgr 0) echo (tput setaf 1) (tput bold) echo "VERSION" (tput setaf 6) (tput bold) echo echo "BlueJay <---> $RED Version 0.5 $BLUE <---> October 2010" echo "----------------------------------------------"$STAND sleep 1 echo echo -ne "View more information ? y/n " read input if [ "$input" == "y" ] || [ "$input" == "Y" ] then (tput setaf 1) (tput bold) echo echo "INFORMATION" sleep 1 (tput sgr 0) echo " This program comes with ABSOLUTELY NO WARRANTY. Use at your own risk only and make sure that the use of bluetooth sniffing software is legal where you test it. Having said that; bluejay has been tested quite thoroughly, but when/if errors or unwanted results turn up, please let me know ! tape.rulez(at)gmail.com GENERAL REQUIREMENTS ==================== Bluez suite; hciconfig / hcitool. Created with use on backtrack 4 in mind. Directory /pentest/bluetooth/bluejay/ must be created as bluejay creates temporary files in this location. LISTING DEVICES ./bluejay -i ================ BlueJay checks bluetooth interfaces using hciconfig and hcitool and compares the output to see which ones are intitialized (UP). (Whether an interface is initialized or not has no consequence when starting a scan, as bluejay will automatically initialize the selected interface prior starting a scan) SINGLE SCAN ./bluejay -s ============= If there is only a single interface available, bluejay will intialize that interface and start the scan without any prompts. If there are multiple interfaces available, you can choose which one to use, or leave blank and press Enter to choose the first interface found (usually hci0). A single 'hcitool scan' is carried out and results printed to screen. There is a slight delay before the scan is actually started, this due to bluejay automatically initializing (UP) the selected interface and giving a 2 second delay to ensure it is UP prior to starting the scan. CONTINUOUS SCAN ./bluejay -c =============== Same as a single scan, but the scan is looped and not logging clock offsets, bluejay will continue to scan until stopped with Ctrl+C, at which time bluejay will prompt as to whether the scan should be saved to log or not. FULL CONTINUOUS SCAN ./bluejay -f ==================== Same as continuous scan, but also logging clock offsets Note that this function will result in the logs having multiple mentions of the same BD ADDR devices... this due to the changing clock offsets. LOGGING ======= The main reason why I started writing this, but haven't got it perfect yet... go figure ;) In any case, logging is possible only when doing a continuous scan as I didnt see the use of logging a single scan only. It has some quirks though as it will list the same BD ADDR more than once if it is cached or if it changes clock offset. Also when a device is found with a mode set to other than mode 1 the logging may be a bit off-centre as extra information will be added for that device. <-- should be fixed with version 0.5 OPERATING SYSTEMS ================= Works fine on BackTrack 4 but untested on any other platform. THANKS TO: ========== > durden_tyler at the unix.com forums, for help with the log formatting. > bofh28 for advice and help looking over bluejay. " | less (tput sgr 0) elif [ "$input" == "n" ] || [ "$input" == "N" ] || [ "$input" == "" ] then exit 1 fi exit 1 } ## ## ## ## WHEN QUITTING SCANS WITH CTRL+C ## Check whether user wants to log results or whether just to quit. ## Delete temporary files. trap 'QUIT' 2 function QUIT () { echo if [ -f /pentest/bluetooth/bluejay/hci-out.tmp ] then rm /pentest/bluetooth/bluejay/hci-out.tmp fi if [ -f /pentest/bluetooth/bluejay/log.tmp ] then COUNT=$( cat /pentest/bluetooth/bluejay/log.tmp | cut -c -17 | sort | uniq | sed '1d' | wc -l ) echo $REDBOLD"Found $COUNT bluetooth device(s)" echo -e $STAND"Save the scan to log? y/n : \c" read LOG echo else exit 1 echo fi if [ "$LOG" == "y" ] || [ "$LOG" == "Y" ] then cat /pentest/bluetooth/bluejay/log.tmp | sort | uniq > "/pentest/bluetooth/bluejay/log$NOW" && rm /pentest/bluetooth/bluejay/log.tmp echo "Log saved to: /pentest/bluetooth/bluejay/log$NOW" echo elif [ "$LOG" == "n" ] || [ "$LOG" == "N" ] || [ "$LOG" == "" ] then rm /pentest/bluetooth/bluejay/log.tmp fi if [ -f /pentest/bluetooth/bluejay/log.tmp ] then rm /pentest/bluetooth/bluejay/log.tmp fi exit 0 } ## ## ## ## OPTION REFERENCES ## ================= ## ## while getopts ":cfhirsv" OPTIONS; do case ${OPTIONS} in c) CONT_SCAN;; i) IFACE_LIST;; f) F_CONT_SCAN;; h) HELP;; r) RNDM_BNR;; s) SING_SCAN;; v) VERS;; *) echo $REDBOLD"input error; unknown option"$STAND esac done shift $(($OPTIND - 1)) ## ## ## Return help menu when bluejay is run without option. ## ==================================================== ## if [ $OPTARG==NULL ] then HELP fi ## ## ## CHANGE LOG ## ========== ## ## v0.5 ## > Fixed the logging problem with mode changing. ## > Fixed small bugs ## ## ## v0.4 ## ---- ## > Added the capability to check whether the directory ## /pentest/bluetooth/bluejay exists. If not bluejay will ## ask whether to create it to continue and either create ## directory or quit. ## > Corrected that when starting bluejay without bluetooth ## interface present, error message returned. <--thanks bofh28 ## > Corrected that when bluejay started without option, help ## menu is returned instead of no information returned. <--thanks bofh28 ## > Changed switch for listing interfaces from 'd' to 'i' seemed more logical. ## > Small bug fixes ## ## ## v0.3 ## ---- ## > Fixed yY / nN so that either lower or upper case works # when choosing to save scan results to log or not ## > Added seconds to the log filename timestamp. ## > Changed continuous scan to not include clock offsets ## > Added -f switch for full logging includiung clock offsets ## ## ## v0.2 -- 19-09-2010 ## ---- ## > Made the scan results line up. <--thanks durden_tyler ## > Added timestamps to the log filename. ## > Tidied up the script. ## > Added alternative pretty titles ;) ## #Last edit 18-10-2010 23:00