Katana is a portable multi-boot security suite which brings together many of today's best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Abel, and many more.
pwntooth (pown-tooth) is designed to automate Bluetooth Pen-Testing. It scans for devices, then runs the tools specified in the pwntooth.conf; included blueper, bluesnarfer, Bluetooth Stack Smasher (BSS), carwhisperer, psm_scan, rfcomm_scan, and vcardblaster.
Blueper is a tool designed to abuse Bluetooth file transferring. It uses ussp-push to transfer files from one device to another. The design of this tool provides several possible end results. One is an annoyance of continual popups of file transfer requests on the remote device. Another, is to write data to a remote device disk without user interaction. It can even lock up or crash some devices.
vCardBlaster is a tool designed to abuse the sending of vCards over Bluetooth. It allows the user to send a continual stream of vCards to attempt a Bluetooth DoS or abuse other device recourses. A user can send a specific vCard or allow vCardBalster to send a new generated vCard for each iteration. It also allows for an attack on one or all Bluetooth enabled devices in the area.
SpoofTooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).
The Bluetooth Profiling Project (BlueProPro) is a repository of Bluetooth profiles. The Bluetooth profile consists of the the device name, class, and address. This information is broudcast out by Bluetooth devices in Discoverable Mode.
The BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).
The CavitySearch (as in teeth) is a Bash script which utilizes several methods of assessing the capabilities of Bluetooth devices. Most of the information can be gathered without pairing with the target device or alerting the end user. CavitySearch will report running services, Device Name, Device Address, Device Type, open RFCOMM Channels "ports", open L2CAP PSMs "ports", device manufacturer, supported protocols, and more. It is also able to help find "hidden" services running on the device.
HIDIOUS is an Arduino library for Keystroke injection. The library provides functions to run user defined commands, scripts, or binaries against Windows, Linux, and OSX. Configuration of the payloads is offloaded to a Micro SD card. Due to the limited resources on many Arduino compatible board, some payloads are to large to fit in memory. Reading in payloads from an external medium (like an Micro SD card), allows for larger payloads which can be modified easily.