redfang 介绍

RedFang是概念验证的一个小应用程序,找到不能发现的蓝牙设备。强制设备完成通过暴力破解蓝牙地址的最后六(6)个字节,并做到read_remote_name()。

redfang 首页
redfang 源代码版本库

包含在redfang里的工具

fang - 蓝牙猎手

root@kali:~# fang -h
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author:   Ollie Whitehouse <>
enhanced: threads by Simon Halsall <>
enhanced: device info discovery by Stephen Kapp <>
usage:
   fang [options]

options:
   -r   range      i.e. 00803789EE76-00803789EEff
   -o   filename   Output Scan to Text Logfile
                   An address can also be manf+nnnnnn, where manf
                   is listed with the -l option and nnnnnn is the
                   tail of the address. All addresses must be 12
                   characters long
   -t   timeout    The connect timeout, this is 10000 by default
                   Which is quick and yields results, increase for
                   reliability
   -n   num        The number of dongles
   -d              Show debug information
   -s              Perform Bluetooth Discovery
   -l              Show device manufacturer codes

   -h              Display help

The devices are assumed to be hci0 to hci(n) where (n) is the number
of threads -1, this is currently not configurable but maybe at a
later date

redfang 用法示例

扫描给定的范围(-r 00803789EE76-00803789EEff),并发现蓝牙设备(-s):

root@kali:~# fang -r 00803789EE76-00803789EEff -s
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author:   Ollie Whitehouse < ollie@atstake.com >
enhanced: threads by Simon Halsall < s.halsall@eris.qinetiq.com >
enhanced: device info discovery by Stephen Kapp < skapp@atstake.com >
Scanning 138 address(es)
Address range 00:80:37:89:ee:76 -> 00:80:37:89:ee:ff
Performing Bluetooth Discovery...