BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

Source: Help Net Security Author: Mirko Zorz URL: https://www.helpnetsecurity.com/2025/04/02/bluetoolkit-open-source-bluetooth-classic-vulnerability-testing-framework/

ONE SENTENCE SUMMARY:

BlueToolkit is a free, open-source Bluetooth Classic vulnerability scanner that uses 43 exploits to detect security flaws in devices.

MAIN POINTS:

  1. BlueToolkit is an open-source tool for identifying Bluetooth Classic device vulnerabilities.
  2. It uses a collection of 43 exploits, both public and custom-built for the toolkit.
  3. The tool enables reuse of proof-of-concepts (PoCs) and integrates with hardware easily.
  4. Operates as a black-box scanner, requiring no internal access to the target device.
  5. Can also function in a gray-box mode to reduce false positives using Bluetooth log access.
  6. Users can create custom checks, templates, and hardware configurations via a templating guide.
  7. BlueToolkit auto-downloads available exploit and hardware templates for ease of use.
  8. Researchers used it to discover 64 vulnerabilities across 22 different car models.
  9. Compatible with various hardware setups and requires minimal configuration.
  10. Freely available on GitHub, promoting community use and contribution.

TAKEAWAYS:

  1. BlueToolkit fills a gap by providing the first Bluetooth Classic vulnerability scanner.
  2. Its dual black-box and gray-box modes offer flexible testing capabilities.
  3. Users can expand functionality through custom templates and hardware support.
  4. The toolkit has already proven effective in real-world automotive security testing.
  5. Open-source availability encourages ongoing development and collaborative security research.