BlueSploit

May 17, 2026 · View on GitHub

Version Status Modules Python License

Bluetooth framework for Classic BR/EDR and BLE. 160 modules, persistent store.

Docs: v33ru.github.io/bluesploit · Latest: v1.0.5

Install

git clone https://github.com/V33RU/bluesploit.git
cd bluesploit
./install.sh

Linux (apt/dnf/pacman/zypper/apk/xbps/emerge) or macOS. Use --full for all extras, --dev for test tooling.

Run

sudo python3 bluesploit.py        # interactive REPL
python3 bluesploit.py --list      # list modules

Most live modules need root for raw HCI. Bleak-based recon (ble_scan_full, ble_target_enum, mesh_beacon_scan) and all store-driven scanners run as a regular user.

Modules (160)

CategoryCount
exploits/87
dos/29
auxiliary/14
scanners/12
recon/11
post/7

Full per-module docs at v33ru.github.io/bluesploit.

Engagement state

Persists in ~/.bluesploit/store.db (override with BLUESPLOIT_HOME). Tables: hosts, credentials, loot, fingerprints, meta. Workspaces scope all of them.

Core libraries

  • core/crypto.py: AES-128, ah for RPA resolution, key stats
  • core/mesh.py: Mesh K1/K2/K3/K4, AES-CMAC, AES-CCM (spec-verified)
  • core/cve.py: CVE signature engine
  • core/store.py: SQLite engagement store
  • core/ble_meta.py: SIG UUID tables

License

MIT

Features

FeatureDetail
Modules160 across exploits, DoS, scanners, recon, auxiliary, post
Store-driven scannersConsume adv, gatt_topology, lmp_features, ll_features, smp_pairing, mesh_beacon fingerprints
Engagement state~/.bluesploit/store.db, hosts, creds, loot, fingerprints, workspaces
CVEs40+ PoC exploits (2010-2026); 7 NVD-cited signatures for offline matching
BLE cryptoAES-128, ah for RPA resolution, key stats
Mesh cryptoK1/K2/K3/K4, AES-CMAC, PECB, AES-CCM (spec-verified)
set targetBD_ADDR / host id / name substring; auto-fills creds
WorkspacesIsolated engagements, persisted active workspace
Resource scriptsresource <file> replays console commands
Global optionsPersistent setg / unsetg
InstallLinux (apt/dnf/yum/pacman/zypper/apk/xbps/emerge) + macOS
HardwareUbertooth One, nRF52840, BTLEJack, HackRF One, YARD Stick One, UD100
REPLuse / set / run / check / back
PCAPPer-run capture via btmon / tcpdump
ProtocolsBR/EDR, BLE, Mesh

Disclaimer

Authorized testing only. Use against equipment you own or have written permission to test. Authors disclaim liability for misuse.