Bluetooth Reconnaissance – Bluetooth hacking

Scanning for Bluetooth devices can be achieved with only your mobile phone, but we won’t get the same results as if we scan for Bluetooth devices using simple tools using Linux.

Tools to use are “bluetoothctl” – “hcitool” – “sdptool” – “btscanner”

Installing these tools is simple as “apt install (name_of_tool)

They already installed by default o Kali Linux, but if you using any other distro of Linux like I’m doing in this case (Ubuntu) just install them one by one.

First, we need to make sure the Bluetooth on our device is running by typing

“systemctl enable bluetooth”

“systemctl start bluetooth”

“systemctl status bluetooth”

Next, we list the Bluetooth device in case we using external USB Bluetooth device by running “hciconfig, similar to “ifconfig” in case of WIFI card.

We start the first tool “bluetoothctl” and we enter the next commands

“power on”

“agent on”

“scan on”

The scan started and we can see some devices along with their MAC Addresses, in case you want to connect to one of them you can enter the following command:


“connect (MAC_ADDRESS)

Got connected to a device, now you can write “help” to see more options and what you can do after connecting to the device.

Next tool is “hcitool” which also can give us some information on Bluetooth devices:

Next on the list we use “sdptool” tool:

“sdptool browse”

We will get a long list of devices with great amount of information:

If you want to make sure the device you trying to connect to is online you can use a ping command:

“l2ping (MAC_ADDRESS)

Now “btscanner” is more GUI in term of looks, and it’s easy to use “btscanner” and then hit “I” for scan to start, then choose the device you want to view the information of and click Enter:

To return to the previous page click “q” and to exit “Q”.

